4651 matches found
Configobj -- Regular Expression Denial of Service attack
[email protected] reports: All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using .+?..Note: This is only exploitable in the case of a developer putting the offending value in a server side configuration file...
CVE-2023-1773
A vulnerability was found in Rockoa 2.3.2. It has been declared as critical. This vulnerability affects unknown code of the file webmainConfig.php of the component Configuration File Handler. The manipulation leads to code injection. The attack can be initiated remotely. The exploit has been...
CVE-2023-1773
A vulnerability was found in Rockoa 2.3.2. It has been declared as critical. This vulnerability affects unknown code of the file webmainConfig.php of the component Configuration File Handler. The manipulation leads to code injection. The attack can be initiated remotely. The exploit has been...
Code injection
A vulnerability was found in Rockoa 2.3.2. It has been declared as critical. This vulnerability affects unknown code of the file webmainConfig.php of the component Configuration File Handler. The manipulation leads to code injection. The attack can be initiated remotely. The exploit has been...
CVE-2023-1773
RockOA Rockoa 2.3.2 is affected by a code injection vulnerability in the Configuration File Handler, specifically the webmainConfig.php file. The underlying issue is unauthorized code execution triggered via the webmainConfig.php component, with remote exploitation possible and public disclosure ...
RockOA 代码注入漏洞
RockOA Xinhuo is an open source office OA system. RockOA 2.3.2 version of a security vulnerability , the vulnerability stems from the component Configuration File Handler file webmainConfig.php there is unknown code , resulting in code injection...
PT-2023-17233 · Rockoa · Rockoa
Name of the Vulnerable Software and Affected Versions: Rockoa version 2.3.2 Description: A critical issue has been found in the Configuration File Handler component, specifically affecting the webmainConfig.php file. This issue leads to code injection and can be initiated remotely. The exploit fo...
Security Bulletin: IBM UrbanCode Deploy (UCD) could disclose sensitive password information if a manual edit of the agentrelay.properties file. (CVE-2022-43877)
Summary After a local edit of an agentrelay.properties configuration file using a plain text value, the value may not automatically be encrypted as expected after restarting the service. Vulnerability Details CVEID:CVE-2022-43877 DESCRIPTION: IBM UrbanCode Deploy UCD could disclose sensitive...
HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File
HashiCorp Vault and Vault Enterprise versions 0.8.0 until 1.13.1 are vulnerable to an SQL injection attack when using the Microsoft SQL MSSQL Database Storage Backend. When configuring the MSSQL plugin, certain parameters are required to establish a connection schema, database, and table are not...
DSL-124 Wireless N300 ADSL2+ Backup Disclosure
Exploit Title: DSL-124 Wireless N300 ADSL2+ - Backup File Disclosure Date: 2022-11-10 Exploit Author: Aryan Chehreghani Vendor Homepage: https://www.dlink.com Software Link: https://dlinkmea.com/index.php/product/details?det=dU1iNFc4cWRsdUpjWEpETFlSeFlZdz09 Firmware Version: ME1.00 Tested on:...
CVE-2022-43619
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
Delta Electronics InfraSuite Device Master Access Control Error Vulnerability
Delta Electronics InfraSuite Device Master is Delta Electronics' device for simplifying and automating critical equipment monitoring. An Access Control Error vulnerability exists in Delta Electronics InfraSuite Device Master prior to version 1.0.5, which can be exploited by an attacker to retriev...
SuperMailer v11.20 - Buffer overflow DoS Vulnerability
Exploit Title: SuperMailer v11.20 - Buffer overflow DoS Exploit Author: Rafael Pedrero Vendor Homepage: https://int.supermailer.de/downloadnewslettersoftware.htm Software Link : https://int.supermailer.de/smintsw.zip / https://int.supermailer.de/smintswx64.zip Tested Version: v11.20 32bit/64bit...
Delta Electronics InfraSuite Device Master 安全漏洞
Delta Electronics InfraSuite Device Master is Delta Electronics' device for simplifying and automating critical equipment monitoring. An Access Control Error vulnerability exists in Delta Electronics InfraSuite Device Master prior to version 1.0.5, which can be exploited by an attacker to retriev...
CVE-2023-28442 Geoserver for GeoNode sensitive information leak
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. Prior to versions 2.20.6, 2.19.6, and 2.18.7, anonymous users can obtain sensitive information about GeoNode configurations from the response of the /geoserver/rest/about/status...
CVE-2023-27224
An issue found in NginxProxyManager v.2.9.19 allows an attacker to execute arbitrary code via a lua script to the configuration file...
CVE-2023-27224
An issue found in NginxProxyManager v.2.9.19 allows an attacker to execute arbitrary code via a lua script to the configuration file...
Design/Logic Flaw
An issue found in NginxProxyManager v.2.9.19 allows an attacker to execute arbitrary code via a lua script to the configuration file...
CVE-2023-27224
An issue found in NginxProxyManager v.2.9.19 allows an attacker to execute arbitrary code via a lua script to the configuration file...
Amazon Linux 2023 : grub2-common, grub2-efi-aa64, grub2-efi-aa64-cdboot (ALAS2023-2023-020)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-020 advisory. A flaw was found in grub 2, where a crafted 16-bit grayscale PNG image may lead to an out-of-bounds write. This flaw allows an attacker to corrupt the data on the heap portion of the grub2's...