CVE-2024-45405 gix-path improperly resolves configuration path reported by Git

gix-path is a crate of the gitoxide project an implementation of git written in Rust dealing paths and their conversions. Prior to version 0.10.11, gix-path runs git to find the path of a configuration file associated with the git installation, but improperly resolves paths containing unusual or...

RUSTSEC-2024-0371 gix-path improperly resolves configuration path reported by Git

Summary gix-path runs git to find the path of a configuration file associated with the git installation, but improperly resolves paths containing unusual or non-ASCII characters, in rare cases enabling a local attacker to inject configuration leading to code execution. Details In gixpath::env, th...

CVE-2024-44408

D-Link DIR-823G v1.0.2B0520181207 is vulnerable to Information Disclosure. The device allows unauthorized configuration file downloads, and the downloaded configuration files contain plaintext user passwords...

D-Link DIR-823G 安全漏洞

D-Link DIR-823G is a wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-823G v1.0.2B0520181207 version, which stems from an information disclosure vulnerability that allows unauthorized configuration file downloads, where the downloaded configuration fi...

CVE-2024-44408

D-Link DIR-823G v1.0.2B0520181207 is vulnerable to Information Disclosure. The device allows unauthorized configuration file downloads, and the downloaded configuration files contain plaintext user passwords...

VulnCheck KEV: CVE-2021-30461

A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61. When the recheck option is used, the user-supplied SPOOLDIR value which might contain PHP code is injected into config/configuration.php...

CVE-2024-45305

gix-path is a crate of the gitoxide project dealing with git paths and their conversions. gix-path executes git to find the path of a configuration file that belongs to the git installation itself, but mistakenly treats the local repository's configuration as system-wide if no higher scoped...

CVE-2024-45305

The CVE-2024-45305 issue affects the gitoxide project’s gix-path component, where installation_config and installation_config_prefix parse Git’s config using git config -l --show-origin and then take the first line to determine the installation-scoped file. This can cause a local repository’s con...

CVE-2024-45305 gix-path uses local config across repos when it is the highest scope

gix-path is a crate of the gitoxide project dealing with git paths and their conversions. gix-path executes git to find the path of a configuration file that belongs to the git installation itself, but mistakenly treats the local repository's configuration as system-wide if no higher scoped...

ThinVNC Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ThinVNC Directory Traversal', 'Description' = %q This module exploits a directory traversal vulnerability in ThinVNC versions 1.0b1 and prior whi...

Barracuda Multiple Product Locale Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Barracuda Multiple Product "locale" Directory Traversal', 'Description' = %q This module exploits a directory traversal vulnerability present in...

Nuuo Central Management Server Authenticated Arbitrary File Download

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nuuo Central Management Server Authenticated Arbitrary File Download', 'Description' = %q The Nuuo Central Management Server allows an...

ManageEngine ADAudit Plus Xnode Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine ADAudit Plus Xnode Enumeration', 'Description' = %q This module exploits default admin credentials for the DataEngine Xnode server i...

General Electric D20 Password Recovery

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module grabs the device configuration from a GE D20M RTU and parses the usernames and passwords from it. class MetasploitModule 'General Electric D20 Password...

GO-2023-1685 HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault...

BIT-NGINX-2024-7347 NGINX MP4 module vulnerability

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngxhttpmp4module and the mp4 directi...

CVE-2024-42966

Incorrect access control in TOTOLINK N350RT V9.3.5u.6139B20201216 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh...

CVE-2024-42966

The CVE-2024-42966 issue affects TOTOLINK N350RT (V9.3.5u.6139_B20201216). The root cause is incorrect access control on /cgi-bin/ExportSettings.sh, enabling retrieval of the apmib configuration file that stores credentials (username/password). The vulnerability impact is described as high confid...

CVE-2024-42967

Incorrect access control in TOTOLINK LR350 V9.3.5u.6369B20220309 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh...

CVE-2024-42967

Incorrect access control in TOTOLINK LR350 V9.3.5u.6369B20220309 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh...