The vulnerability of the microprogramming software of the D-Link DIR-809 A1 and D-Link DIR-809 A2 lies in the lack of authentication procedures. This allows attackers to circumvent existing security restrictions and download the configuration file.

The vulnerability of the microprogramming software of the D-Link DIR-809 A1 and D-Link DIR-809 A2 is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and download the configuration file remotely...

git: arbitrary configuration injection when renaming or deleting a section from a configuration file

A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection...

git: arbitrary configuration injection when renaming or deleting a section from a configuration file

A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection...

Piwigo SQL注入漏洞

Piwigo is a Web-based open source photo gallery software. The software includes features such as image management, image categorization and permission management. A security vulnerability exists in Piwigo version 13.6.0, which stems from a problem with the configuration file functionality and can...

git: arbitrary configuration injection when renaming or deleting a section from a configuration file

A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection...

git: arbitrary configuration injection when renaming or deleting a section from a configuration file

A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection...

git: arbitrary configuration injection when renaming or deleting a section from a configuration file

A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection...

CVE-2023-2790

A vulnerability classified as problematic has been found in TOTOLINK N200RE 9.3.5u.6255B20211224. Affected is an unknown function of the file /squashfs-root/etcro/custom.conf of the component Telnet Service. The manipulation leads to password in configuration file. It is possible to launch the...

Hardcoded credentials

A vulnerability classified as problematic has been found in TOTOLINK N200RE 9.3.5u.6255B20211224. Affected is an unknown function of the file /squashfs-root/etcro/custom.conf of the component Telnet Service. The manipulation leads to password in configuration file. It is possible to launch the...

CVE-2023-2790 TOTOLINK N200RE Telnet Service custom.conf password in configuration file

A vulnerability classified as problematic has been found in TOTOLINK N200RE 9.3.5u.6255B20211224. Affected is an unknown function of the file /squashfs-root/etcro/custom.conf of the component Telnet Service. The manipulation leads to password in configuration file. It is possible to launch the...

[SECURITY] Fedora 37 Update: rust-sequoia-policy-config-0.6.0-3.fc37

Configure Sequoia using a configuration file...

CVE-2023-2632

Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2023-2161

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized read access to the file system when a malicious configuration file is loaded on to the software by a local user...

CVE-2023-2161

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized read access to the file system when a malicious configuration file is loaded on to the software by a local user...

Xxe

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized read access to the file system when a malicious configuration file is loaded on to the software by a local user...

CVE-2023-2161

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized read access to the file system when a malicious configuration file is loaded on to the software by a local user...

Teltonika RUT router 安全漏洞

Teltonika RUT router is a series of industrial routers. A security vulnerability exists in Teltonika RUT router versions 00.07.00 through 00.07.03.4, which stems from variables used for authentication checks being stored in an external configuration file. An attacker could exploit the vulnerabili...

CVE-2023-31473

An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied. Through the software installation feature, it is possible to injec...

CVE-2023-31473

An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied. Through the software installation feature, it is possible to injec...

CVE-2023-31162

An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller SEL RTAC Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file. See SEL Service Bulletin dated 2022-11-15 for more...