CVE-2022-41247

Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

CVE-2022-41231

Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system by providing a crafted file name to an API endpoint...

[SECURITY] Fedora 36 Update: libconfuse-3.3-7.fc36

libConfuse is a configuration file parser library, licensed under the terms of the ISC license, and written in C. It supports sections and lists of values strings, integers, floats, booleans or other sections, as well as some other features such as single/double-quoted strings, environment variab...

Fedora: Security Advisory for libconfuse (FEDORA-2022-645dc53ee2)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2022-1778 A vulnerability exists during the start of the affected SYS600, where an input validation flaw causes a buffer-overflow while reading a specific configuration file. Subsequently SYS600 will fail to start. The configuration file can only be accessed by ...

Improper Input Validation vulnerability in Hitachi Energy MicroSCADA X SYS600 while reading a specific configuration file causes a buffer-overflow that causes a failure to start the SYS600. The configuration file can only be accessed by an administrator access. This issue affects: Hitachi Energy...

EulerOS 2.0 SP9 : docker-engine (EulerOS-SA-2022-2311)

According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where attempti...

The vulnerability of the GetValue function in the microprogramming software for LinkHub Mesh Wi-Fi AC1200 allows a hacker to execute arbitrary code.

The vulnerability of the GetValue function in the microprogramming software for LinkHub Mesh Wi-Fi AC1200 lies in the copying of buffers without checking the size of the input data during the processing of the confcli file. Exploiting this vulnerability allows a remote attacker to execute arbitra...

ManageEngine DataSecurity Plus Xnode Enumeration

This module exploits default admin credentials for the DataEngine Xnode server in DataSecurity Plus versions prior to 6.0.1 6011 in order to dump the contents of Xnode data repositories tables, which may contain a limited amount of Active Directory information including domain names, host names,...

ManageEngine ADAudit Plus Xnode Enumeration

This module exploits default admin credentials for the DataEngine Xnode server in ADAudit Plus versions prior to 6.0.3 6032 in order to dump the contents of Xnode data repositories tables, which may contain a limited amount of Active Directory information including domain names, host names,...

novel-plus 信任管理问题漏洞

novel-plus 小说精品屋-plus is a multiterminal PC, WAP reading, full-featured original literature CMS system. A security vulnerability exists in novel-plus version v3.6.2, which stems from the inclusion of a hard-coded JWT key located in the project configuration file, which allows an attacker to creat...

Cisco PVC2300 POE Video Camera configuration download

This module exploits an information disclosure vulnerability in Cisco PVC2300 cameras in order to download the configuration file containing the admin credentials for the web interface. The module first performs a basic check to see if the target is likely Cisco PVC2300. If so, the module attempt...

Seiko Solutions SkyBridge MB-A100/A110 信任管理问题漏洞

The Seiko Solutions SkyBridge MB-A100/A110 is an LTE-compatible IoT router from Seiko Solutions, Japan. A security vulnerability exists in the Seiko Solutions SkyBridge MB-A100/A110 v4.2.0 and earlier, which originates from a hard-coded password implemented for the root account and can be exploit...

RabbitMQ password stored in plain text by Jenkins CollabNet Plugins Plugin

Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

CVE-2022-38665

Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

CVE-2022-38665

CVE-2022-38665 applies to Jenkins CollabNet Plugins Plugin 2.0.8 and earlier, where the RabbitMQ password is stored unencrypted in the plugin’s global configuration file on the Jenkins controller. This allows users with filesystem access to view the password. Red Hat, OSV, and Nessus records corr...

CVE-2020-35992

Fiserv Prologue through 2020-12-16 does not properly protect the database password. If an attacker were to gain access to the configuration file specifically, the LogPassword attribute within appconfig.ini, they would be able to decrypt the password stored within the configuration file. This woul...

Design/Logic Flaw

Fiserv Prologue through 2020-12-16 does not properly protect the database password. If an attacker were to gain access to the configuration file specifically, the LogPassword attribute within appconfig.ini, they would be able to decrypt the password stored within the configuration file. This woul...

CVE-2022-37025

An improper privilege management vulnerability in McAfee Security Scan Plus MSS+ before 4.1.262.1 could allow a local user to modify a configuration file and perform a LOLBin Living off the land attack. This could result in the user gaining elevated permissions and being able to execute arbitrary...

CVE-2022-37025

An improper privilege management vulnerability in McAfee Security Scan Plus MSS+ before 4.1.262.1 could allow a local user to modify a configuration file and perform a LOLBin Living off the land attack. This could result in the user gaining elevated permissions and being able to execute arbitrary...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2022-2218)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...