CVE-2024-57762

MSFM before v2025.01.01 was discovered to contain a deserialization vulnerability via the pom.xml configuration file...

CVE-2024-52783

Insecure permissions in the XNetSocketClient component of XINJE XDPPro.exe v3.2.2 to v3.7.17c allows attackers to execute arbitrary code via modification of the configuration file...

CVE-2024-52783

This CVE affects XINJE XDPPro.exe, where versions 3.2.2 through 3.7.17c have insecure permissions in the XNetSocketClient component. The underlying issue is improper access controls on the configuration file, enabling an attacker to modify it and achieve arbitrary code execution. Evidence from mu...

CVE-2024-52783

Insecure permissions in the XNetSocketClient component of XINJE XDPPro.exe v3.2.2 to v3.7.17c allows attackers to execute arbitrary code via modification of the configuration file...

Atlassian Confluence < 7.19.18 / 8.5.x < 8.5.5 / 8.7.x < 8.7.2 / 8.8.0 (CONFSERVER-98413)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-98413 advisory: - Affected versions of Atlassian Confluence Data Center in Windows installations contain a security misconfiguration in which the confluence.cfg.xml...

CVE-2024-12398

An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00ACLE.3 and WBE660S firmware versions through 6.70ACGG.2 could allow an authenticated user with limited privileges to escalate their privileges to that of an...

CVE-2024-57762

MSFM before v2025.01.01 was discovered to contain a deserialization vulnerability via the pom.xml configuration file...

CVE-2024-57762

MSFM prior to 2025.01.01 is affected by a deserialization vulnerability via the pom.xml configuration file (CVE-2024-57762). The issue is documented across multiple sources, with the recommended fix to upgrade to version 2025.01.01 or later; a temporary mitigation is to restrict access to the pom...

CVE-2024-57762

MSFM before v2025.01.01 was discovered to contain a deserialization vulnerability via the pom.xml configuration file...

SUSE CVE-2024-51442

Command Injection in Minidlna version v1.3.3 and before allows an attacker to execute arbitrary OS commands via a specially crafted minidlna.conf configuration file...

CVE-2024-51442

Command Injection in Minidlna version v1.3.3 and before allows an attacker to execute arbitrary OS commands via a specially crafted minidlna.conf configuration file...

UBUNTU-CVE-2024-51442

Command Injection in Minidlna version v1.3.3 and before allows an attacker to execute arbitrary OS commands via a specially crafted minidlna.conf configuration file...

SUSE CVE-2024-12426

Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remo...

CVE-2024-51442

Command Injection in Minidlna version v1.3.3 and before allows an attacker to execute arbitrary OS commands via a specially crafted minidlna.conf configuration file...

PT-2025-2047 · Unknown · Zerowdd Myblog

Name of the Vulnerable Software and Affected Versions: ZeroWdd myblog version 1.0 Description: A critical vulnerability has been found in ZeroWdd myblog, affecting an unknown part of the file src/main/java/com/wdd/myblog/config/MyBlogMvcConfig.java. This issue leads to permission problems and can...

UBUNTU-CVE-2024-12426

Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remo...

PT-2024-34636 · Minidlna +1 · Minidlna +1

Name of the Vulnerable Software and Affected Versions: Minidlna versions v1.3.3 and earlier Description: The issue allows an attacker to execute arbitrary OS commands via a specially crafted minidlna.conf configuration file. This is due to command injection in Minidlna, where an attacker can...

CVE-2024-12900

A vulnerability classified as critical has been found in FoxCMS up to 1.2. Affected is an unknown function of the file /install/installdb.php of the component Configuration File Handler. The manipulation of the argument database password leads to code injection. It is possible to launch the attac...

CVE-2024-12900 FoxCMS Configuration File installdb.php code injection

A vulnerability classified as critical has been found in FoxCMS up to 1.2. Affected is an unknown function of the file /install/installdb.php of the component Configuration File Handler. The manipulation of the argument database password leads to code injection. It is possible to launch the attac...

PT-2024-17788 · Foxcms · Foxcms

Name of the Vulnerable Software and Affected Versions: FoxCMS versions up to 1.2 Description: A critical issue has been found in the Configuration File Handler component, specifically in the file /install/installdb.php. The manipulation of the database password argument leads to code injection...