USN-5293-2: c3p0 vulnerability

USN-5293-1 fixed a vulnerability in c3p0. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Aaron Massey discovered that c3p0 could be made to crash when parsing certain input. An attacker able to modify the application's XML configuration file could...

USN-5293-2 c3p0 vulnerability

USN-5293-1 fixed a vulnerability in c3p0. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Aaron Massey discovered that c3p0 could be made to crash when parsing certain input. An attacker able to modify the application's XML configuration file could...

USN-5293-1: c3p0 vulnerability

Aaron Massey discovered that c3p0 could be made to crash when parsing certain input. An attacker able to modify the application's XML configuration file could cause a denial of service...

Dbltek GoIP - Local File Inclusion Vulnerability

Exploit Title: Dbltek GoIP - Local File Inclusion Exploit Author: Valtteri Lehtinen & Lassi Korhonen Vendor Homepage: http://en.dbltek.com/index.html Software Link: - Version: GHSFVT-1.1-67-5 firmware version Tested on: Target is an IoT device Exploit summary Dbltek GoIP-1 is a VoIP-GSM gateway...

Dbltek GoIP GHSFVT-1.1-67-5 Local File Inclusion

Exploit Title: Dbltek GoIP - Local File Inclusion Date: 20.02.2022 Exploit Author: Valtteri Lehtinen & Lassi Korhonen Vendor Homepage: http://en.dbltek.com/index.html Software Link: - Version: GHSFVT-1.1-67-5 firmware version Tested on: Target is an IoT device Exploit summary Dbltek GoIP-1 is a...

Dbltek GoIP - Local File Inclusion

Exploit Title: Dbltek GoIP - Local File Inclusion Date: 20.02.2022 Exploit Author: Valtteri Lehtinen & Lassi Korhonen Vendor Homepage: http://en.dbltek.com/index.html Software Link: - Version: GHSFVT-1.1-67-5 firmware version Tested on: Target is an IoT device Exploit summary Dbltek GoIP-1 is a...

SUSE-SU-2022:0507-1 Security update for cobbler

This update for cobbler fixes the following issues: - CVE-2021-45083: Fixed unsafe permissions on sensitive files bsc1193671. The following non-security bugs were fixed: - Move configuration files ownership to apache bsc1195906...

(Pwn2Own) Lexmark MC3224i Web Configuration File Code Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP server. The issue results from the lack of proper validation...

HYBBS 默认配置问题漏洞

HYBBS is a lightweight community forum program. A default configuration issue vulnerability exists in HYBBS, which stems from the product writing plugin-related configuration information to conf.php. An attacker can use this vulnerability to execute code on the Admin.php page. The following...

CVE-2022-0484

Lack of validation of URLs causes Mirantis Container Cloud Lens Extension before v3.1.1 to open external programs other than the default browser to perform sign on to a new cluster. An attacker could host a webserver which serves a malicious Mirantis Container Cloud configuration file and induce...

Security update for containerd, docker (moderate)

openSUSE Security Update: Security update for containerd, docker Announcement ID: openSUSE-SU-2022:0334-1 Rating: moderate References: 1191015 1191121 1191334 1191434 1193273 Cross-References: CVE-2021-41089 CVE-2021-41091 CVE-2021-41092 CVE-2021-41103 CVE-2021-41190 CVSS scores: CVE-2021-41089 N...

CVE-2021-31567

Authenticated admin+ Arbitrary File Download vulnerability discovered in Download Monitor WordPress plugin versions = 4.4.6. The plugin allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the &downloadablefileurls0 parameter data. It's also...

Design/Logic Flaw

A CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution when a malicious .gd1 configuration file is loaded into the GUIcon tool. Affected Product: Eurotherm by Schneider Electric GUIcon Version 2.0 Build 683.003 and prior...

Out-of-bounds

A CWE-787: Out-of-bounds Write vulnerability exists that could cause arbitrary code execution when a malicious .gd1 configuration file is loaded into the GUIcon tool. Affected Product: Eurotherm by Schneider Electric GUIcon Version 2.0 Build 683.003 and prior...

The vulnerability of the McAfee Agent antivirus software, related to privilege management errors, allows a hacker to elevate their privileges.

The vulnerability of the McAfee Agent antivirus software is related to privilege management errors. Exploiting this vulnerability can allow an attacker to enhance their privileges using a specially created openssl.cnf file...

CVE-2022-20621

Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

CVE-2022-23130

Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A to 4.04E, Mitsubishi Electric GENESIS64 versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 and prior, Mitsubishi Electric ICONICS Suite versions 10.97 and prior, Mitsubish...

F5 BIG-IP profile vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A configuration file vulnerability exists in F5 BIG-IP, which can be exploited by attackers to cause a denial of service on t...

[SECURITY] Fedora 34 Update: btrbk-0.31.3-1.fc34

Backup tool for btrfs sub-volumes, using a configuration file, allows creation of backups from multiple sources to multiple destinations, with ssh and flexible retention policy support hourly, daily, weekly, monthly...

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A configuration file vulnerability exists in F5 BIG-IP, which can be exploited by attackers to cause a denial of service on t...