4649 matches found
Cache Poisoning
ezsystems/ezplatform is vulnerable to cache poisoning. The vulnerability is due to the inability to prevent front-controller script inclusion in URLs when using eZ Platform Cloud or within the .platform.app.yaml configuration file. It allows an attacker to manipulate the cache and potentially ser...
CVE-2024-5181
A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability arises from the application's handling of the backend parameter in the configuration file, which is used in the name of the initialized process. An attacker can exploit this vulnerability by...
CVE-2024-5181
A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability arises from the application's handling of the backend parameter in the configuration file, which is used in the name of the initialized process. An attacker can exploit this vulnerability by...
CVE-2024-5181
CVE-2024-5181 – mudler/localai (v2.14.0) : A command injection flaw arises from how the backend parameter in the configuration file is used to name the initialized process, enabling an attacker to manipulate the path of the vulnerable binary and execute arbitrary code. The issue stems from improp...
CVE-2024-5181 Command Injection in mudler/localai
A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability arises from the application's handling of the backend parameter in the configuration file, which is used in the name of the initialized process. An attacker can exploit this vulnerability by...
CVE-2024-5181 Command Injection in mudler/localai
A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability arises from the application's handling of the backend parameter in the configuration file, which is used in the name of the initialized process. An attacker can exploit this vulnerability by...
PT-2024-34936 · Unknown · Mudler/Localai
Name of the Vulnerable Software and Affected Versions: mudler/localai version 2.14.0 Description: A command injection issue exists due to the application's handling of the backend parameter in the configuration file. This parameter is used in the name of the initialized process, allowing an...
CVE-2024-5460 Brocade Fabric OS versions prior to v9.0 have default community strings
A vulnerability in the default configuration of the Simple Network Management Protocol SNMP feature of Brocade Fabric OS versions before v9.0.0 could allow an authenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to hard-coded, default community...
CVE-2024-36495
The application Faronics WINSelect Standard + Enterprise saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file: C:\ProgramData\WINSelect\WINSelect.wsd The path for the affected WINSelect Enterprise configuration file is:...
CVE-2024-36497
The decrypted configuration file contains the password in cleartext which is used to configure WINSelect. It can be used to remove the existing restrictions and disable WINSelect entirely...
CVE-2024-36496 Hardcoded Credentials
The configuration file is encrypted with a static key derived from a static five-character password which allows an attacker to decrypt this file. The application hashes this five-character password with the outdated and broken MD5 algorithm no salt and uses the first five bytes as the key for RC...
CVE-2024-36495 Read/Write Permissions for Everyone on Configuration File
The application Faronics WINSelect Standard + Enterprise saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file: C:\ProgramData\WINSelect\WINSelect.wsd The path for the affected WINSelect Enterprise configuration file is:...
CVE-2024-36495 Read/Write Permissions for Everyone on Configuration File
The application Faronics WINSelect Standard + Enterprise saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file: C:\ProgramData\WINSelect\WINSelect.wsd The path for the affected WINSelect Enterprise configuration file is:...
PT-2024-27029 · Faronics · Winselect
Name of the Vulnerable Software and Affected Versions: Faronics WINSelect Standard + Enterprise affected versions not specified Description: The application saves its configuration in an encrypted file on the file system, which "Everyone" has read and write access to. The paths to the configurati...
CVE-2024-6055
Improper removal of sensitive information in data source export feature in Devolutions Remote Desktop Manager 2024.1.32.0 and earlier on Windows allows an attacker that obtains the exported settings to recover powershell credentials configured on the data source via stealing the configuration fil...
CVE-2024-6055
Improper removal of sensitive information in data source export feature in Devolutions Remote Desktop Manager 2024.1.32.0 and earlier on Windows allows an attacker that obtains the exported settings to recover powershell credentials configured on the data source via stealing the configuration fil...
CVE-2024-6055
Improper removal of sensitive information in data source export feature in Devolutions Remote Desktop Manager 2024.1.32.0 and earlier on Windows allows an attacker that obtains the exported settings to recover powershell credentials configured on the data source via stealing the configuration fil...
CVE-2024-27167
CVE-2024-27167 affects Toshiba printers that use Sendmail to send emails. The issue arises because Sendmail is used with several insecure directories, allowing a local attacker to inject a malicious Sendmail configuration file. Affected products/models/versions are referenced in the linked source...
Zyxel NAS Multiple Vulnerabilities
The Zyxel NAS is potentially affected by multiple vulnerabilities. - This command injection vulnerability in the 'setCookie' parameter in Zyxel NAS326 and NAS542 devices could allow an unauthenticated attacker to execute some OS commands by sending a crafted HTTP POST request. CVE-2024-29973 - Th...
CVE-2024-36471 Apache Allura: sensitive information exposure via DNS rebinding
Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL. Project administrators can run these imports, which could cause Allura to read from internal services and expose them. This issue affects Apache Allura from 1.0.1 through 1.16.0. Users are...