4649 matches found
freeimage 安全漏洞
FreeImage is FreeImage open source a cross-platform for supporting popular graphic image formats open source library . freeimage has a buffer overflow vulnerability , the vulnerability stems from the size of the configuration file is not cleaned up , an attacker can use this vulnerability to caus...
CVE-2024-39341
Entrust Instant Financial Issuance On Premise Software formerly known as Cardwizard 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier leaves behind a configuration file i.e. WebAPI.cfg.xml after the installation process. This file can be accessed without authentication on HTTP port 80 by guessin...
CVE-2024-39341
Entrust Instant Financial Issuance On Premise Software formerly known as Cardwizard 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier leaves behind a configuration file i.e. WebAPI.cfg.xml after the installation process. This file can be accessed without authentication on HTTP port 80 by guessin...
PT-2024-28459 · Entrust · Entrust Instant Financial Issuance
Name of the Vulnerable Software and Affected Versions: Entrust Instant Financial Issuance On Premise Software versions 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier Description: The issue concerns a configuration file, specifically WebAPI.cfg.xml, which is left behind after the installation...
Entrust Instant Financial Issuance 安全漏洞
Entrust Instant Financial Issuance Entrust Cardwizard is an instant financial card issuance solution from Entrust Corporation, USA. A security vulnerability exists in Entrust Instant Financial Issuance that stems from the configuration file WebAPI.cfg.xml left behind after installation without...
CVE-2024-39341
Entrust Instant Financial Issuance On Premise Software formerly known as Cardwizard 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier leaves behind a configuration file i.e. WebAPI.cfg.xml after the installation process. This file can be accessed without authentication on HTTP port 80 by guessin...
CVE-2024-39341
CVE-2024-39341 affects Entrust Instant Financial Issuance (On Premise) software (6.10.0, 6.9.x, 6.8.x and earlier). A configuration file WebAPI.cfg.xml is left behind after installation and can be accessed without authentication via HTTP port 80, exposing system configuration parameter names and ...
CVE-2024-6785
The configuration file stores credentials in cleartext. An attacker with local access rights can read or modify the configuration file, potentially resulting in the service being abused due to sensitive information exposure...
CVE-2024-6785
CVE-2024-6785 affects MOXA MXview One Series (versions before 1.4.1) and MXview One Central Manager Series (before 1.0.3). The issue is cleartext storage of credentials in the configuration file, exploitable by an attacker with local access who can read/modify the file, potentially abusing the se...
123Solar 安全漏洞
123Solar is a set of lightweight PHP/JS files from the individual developer Jean-Marc Louviaux. A security vulnerability exists in 123Solar version 1.8.4.5, which stems from the parameter PASSOx in the file config/configinvt1.php that can lead to code injection...
Sequelize Configuration File Detected
Sequelize is a promise-based Node.js ORM tool for databases engines. Sequelize CLI uses by default a configuration file in 'config' directory to store the environment and database information. By accessing it, an attacker could leverage the vulnerability to gain unauthorized and privileged access...
CVE-2024-20489
CVE-2024-20489 affects Cisco IOS XR Software running PON Controller, where the storage of unencrypted database credentials in the configuration files allows an authenticated, local attacker with low privileges to view MongoDB credentials. The root cause is improper storage of credentials on the d...
CVE-2024-20489 Cisco Routed Passive Optical Network Cleartext Password Vulnerability
A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials. This vulnerability is due to improper storage of the unencrypted database credentials on the device that is running...
CVE-2024-20489 Cisco Routed Passive Optical Network Cleartext Password Vulnerability
A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials. This vulnerability is due to improper storage of the unencrypted database credentials on the device that is running...
NewStart CGSL MAIN 6.02 : grub2 Multiple Vulnerabilities (NS-SA-2024-0068)
The remote NewStart CGSL host, running version MAIN 6.02, has grub2 packages installed that are affected by multiple vulnerabilities: - A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read i...
gix-path improperly resolves configuration path reported by Git
Summary gix-path runs git to find the path of a configuration file associated with the git installation, but improperly resolves paths containing unusual or non-ASCII characters, in rare cases enabling a local attacker to inject configuration leading to code execution. Details In gixpath::env, th...
CVE-2024-44408
D-Link DIR-823G v1.0.2B0520181207 is vulnerable to Information Disclosure. The device allows unauthorized configuration file downloads, and the downloaded configuration files contain plaintext user passwords...
CVE-2024-45405 gix-path improperly resolves configuration path reported by Git
gix-path is a crate of the gitoxide project an implementation of git written in Rust dealing paths and their conversions. Prior to version 0.10.11, gix-path runs git to find the path of a configuration file associated with the git installation, but improperly resolves paths containing unusual or...
CVE-2024-45405
gix-path is a crate of the gitoxide project an implementation of git written in Rust dealing paths and their conversions. Prior to version 0.10.11, gix-path runs git to find the path of a configuration file associated with the git installation, but improperly resolves paths containing unusual or...
CVE-2024-45405 gix-path improperly resolves configuration path reported by Git
gix-path is a crate of the gitoxide project an implementation of git written in Rust dealing paths and their conversions. Prior to version 0.10.11, gix-path runs git to find the path of a configuration file associated with the git installation, but improperly resolves paths containing unusual or...