Hikvision IP Camera - Backdoor Vulnerability

Exploit Title: Hikvision IP Camera - Backdoor Exploit Author: Sobhan Mahmoodi Reference: https://ipvm.com/reports/hik-exploit GitHub: https://github.com/bp2008/HikPasswordHelper/ Hikvision included a magic string that allowed instant access to any camera, regardless of what the admin password was...

CVE-2022-27216

Jenkins dbCharts Plugin 0.5.2 and earlier stores JDBC connection passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

Jenkins dbCharts 插件安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. Jenkins dbCharts Plugin is vulnerable to an information disclosure...

Aternity SteelCentral AppInternals has an unspecified vulnerability

Aternity SteelCentral AppInternals is a monitoring modern automation solution from Aternity USA, Inc. Providing Application Performance Monitoring APM and diagnostics, a security vulnerability exists in Aternity SteelCentral AppInternals, which stems from a configuration file that can map the...

CVE-2021-44750

An arbitrary code execution vulnerability was found in the F-Secure Support Tool. A standard user can craft a special configuration file, which when run by administrator can execute any commands...

Command injection

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent DSA uses the ".debugcommand.config" file to store a json string that contains a list of IDs and pre-configured commands. The config file is subsequently used by the "/api/appInternals/1.0/agent/configuration" API to map t...

CVE-2021-3981

A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in...

CVE-2021-3981

A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in...

Design/Logic Flaw

A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in...

CVE-2021-3981

A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in...

Aternity SteelCentral AppInternals 安全漏洞

Aternity SteelCentral AppInternals is a monitoring modern automation solution from Aternity USA, Inc. Providing Application Performance Monitoring APM and diagnostics, a security vulnerability exists in Aternity SteelCentral AppInternals, which stems from a configuration file that can map the...

CVE-2021-42855

CVE-2021-42855 affects the SteelCentral AppInternals Dynamic Sampling Agent (DSA). The issue stems from a configuration file named .debug_command.config that stores a JSON string listing IDs and pre-configured commands. This file is read by the API endpoint /api/appInternals/1.0/agent/configurati...

CVE-2021-44750 Arbitrary Code Execution

An arbitrary code execution vulnerability was found in the F-Secure Support Tool. A standard user can craft a special configuration file, which when run by administrator can execute any commands...

CVE-2021-3981

CVE-2021-3981 — GRUB2 grub.cfg permission issue . Affected: grub2 (2.06 and earlier). Root cause: configuration file grub.cfg created with insecure permissions, enabling non-privileged users to read contents (confidentiality impact). Impact: low severity per description; reads of encrypted passwo...

CVE-2021-3981

A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in...

CVE-2022-24340

In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible...

Code injection

In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible...

CVE-2022-24340

In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible...

CVE-2022-24340

CVE-2022-24340 (TeamCity) represents an XML External Entity (XXE) vulnerability in JetBrains TeamCity prior to 2021.2.1, triggered during parsing of configuration files. The issue could impact confidentiality, integrity, and availability to a high degree, as indicated by the CVSS data (high/criti...

GHSA-8WR4-2WM6-W3PR B2 Command Line Tool TOCTOU application key disclosure

Impact Linux and Mac releases of the B2 command-line tool version 3.2.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use TOCTOU race condition. The command line tool saves API keys and bucket...