4651 matches found
CVE-2022-27313
An arbitrary file deletion vulnerability in Gitea v1.16.3 allows attackers to cause a Denial of Service DoS via deleting the configuration file...
Gitea 安全漏洞
Gitea is a lightweight Go-based git service developed by the Gitea community. A security vulnerability exists in Gitea version 1.16.3 that originates from a denial of service DoS via deletion of a configuration file. An attacker can exploit the vulnerability to delete arbitrary files...
Telesquare TLR-2005Ksh file download vulnerability
Telesquare Tlr-2005Ksh is a Sk Telecom Lte router from Telesquare Korea. Telesquare TLR-2005Ksh version 1.0.0 is vulnerable to a file download vulnerability that stems from a lack of authentication strength. A remote attacker can exploit this vulnerability to be able to download the complete...
CVE-2022-28719
Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauthenticated attacker with some knowledge on the system configuration to upload a crafted configuration file to the managing server, which may result in the managed clients to execute arbitrary code...
Authentication flaw
Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauthenticated attacker with some knowledge on the system configuration to upload a crafted configuration file to the managing server, which may result in the managed clients to execute arbitrary code...
CVE-2022-28719
Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauthenticated attacker with some knowledge on the system configuration to upload a crafted configuration file to the managing server, which may result in the managed clients to execute arbitrary code...
Cross site scripting
ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the antisamy-esapi.xml configurati...
CVE-2021-46423
The CVE-2021-46423 entry concerns Telesquare TLR-2005KSH 1.0.0, affected by an unauthenticated file download vulnerability that lets a remote attacker download the full device configuration. Public sources in the connected documents confirm the issue stems from insufficient authentication, enabli...
Low: grub2
Issue Overview: A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted...
CVE-2022-24891 Cross-site Scripting in org.owasp.esapi:esapi -- antisamy-esapi.xml configuration file
ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the antisamy-esapi.xml configurati...
Amazon Linux 2 : grub2 (ALAS-2022-1787)
The version of grub2 installed on the remote host is prior to 2.06-9. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2022-1787 advisory. A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non...
CVE-2022-24891
ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the antisamy-esapi.xml configurati...
CVE-2022-28218
An issue was discovered in CipherMail Webmail Messenger 1.1.1 through 4.1.4. A local attacker could access secret keys found in a Roundcube configuration file that are used to protect Webmail user passwords and two-factor authentication 2FA...
Design/Logic Flaw
An issue was discovered in CipherMail Webmail Messenger 1.1.1 through 4.1.4. A local attacker could access secret keys found in a Roundcube configuration file that are used to protect Webmail user passwords and two-factor authentication 2FA...
CVE-2022-28218
CipherMail Webmail Messenger versions 1.1.1–4.1.4 are affected by a local-attack vulnerability where secret keys stored in the Roundcube configuration file, used to protect Webmail user passwords and 2FA, can be accessed by an attacker with local access. This exposes confidentiality of credential...
HTML5 CWA configuration.js file is overwritten post the Storefront upgrade
The customized configuration.js file is overwritten under the path C:\Program Files\Citrix\Receiver Storefront\HTML5Client post Storefront upgrade...
CVE-2022-20732 Cisco Virtualized Infrastructure Manager Privilege Escalation Vulnerability
A vulnerability in the configuration file protections of Cisco Virtualized Infrastructure Manager VIM could allow an authenticated, local attacker to access confidential information and elevate privileges on an affected device. This vulnerability is due to improper access permissions for certain...
CVE-2022-27179
A malicious actor having access to the exported configuration file may obtain the stored credentials and thereby gain access to the protected resource. If the same passwords were used for other resources, further such assets may be compromised...
Cross site scripting
A malicious actor having access to the exported configuration file may obtain the stored credentials and thereby gain access to the protected resource. If the same passwords were used for other resources, further such assets may be compromised...
CVE-2022-20732
A vulnerability in the configuration file protections of Cisco Virtualized Infrastructure Manager VIM could allow an authenticated, local attacker to access confidential information and elevate privileges on an affected device. This vulnerability is due to improper access permissions for certain...