CVE-2021-44833

The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the configuration file...

Apache Log4j < 2.15.0 Remote Code Execution (Windows)

The version of Apache Log4j on the remote host is 2.x 2.15.0. It is, therefore, affected by a remote code execution vulnerability in the JNDI parser due to improper log validation. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands. Log4j...

Design/Logic Flaw

Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN network which exposes the LAN interfaces of other users' devices connected to the same service. An attacker could leverage this to make configuration changes to, o...

CVE-2021-20145

Gryphon Tower routers are affected by CVE-2021-20145 due to an unprotected OpenVPN configuration file. The root cause is configuration data left accessible, which can grant an attacker access to the Gryphon homebound VPN network and expose LAN interfaces of other users’ devices sharing the same s...

FortiNAC - improper permissions set for tomcat users configuration file

An incorrect permission assignment for a critical resource vulnerability CWE-732 in FortiNAC may allow an authenticated attacker to access sensitive system data and, as a consequence, raise the authenticated user's privilege to admin...

Crafter CMS 安全漏洞

Crafter CMS is an open source content management system CMS for digital experience applications.A security vulnerability exists in Crafter CMS, which stems from the possibility that an authenticated administrator could override the system configuration file. An attacker could exploit this...

CVE-2021-3981

A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in...

SuiteCRM 7.11.18 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SuiteCRM Log File Remote Code Execution', 'Description' = %q This module exploits an input validation error on the log file extension parameter. ...

ChopChop - ChopChop Is A CLI To Help Developers Scanning Endpoints And Identifying Exposition Of Sensitive Services/Files/Folders

ChopChop is a command-line tool for dynamic application security testing on web applications, initially written by the Michelin CERT. Its goal is to scan several endpoints and identify exposition of services/files/folders through the webroot. Checks/Signatures are declared in a config file by...

Siemens SIMATIC RTLS Locating Manager Sensitive Information Explicit Storage Vulnerability

SIMATIC RTLS Locating Manager is used to configure, operate, and maintain SIMATIC RTLS units, a real-time wireless positioning system that provides positioning solutions.A security vulnerability exists in Siemens SIMATIC RTLS Locating Manager, which stems from the fact that the application writes...

Error Log Viewer Plugin <= 1.1.1 - Admin+ Arbitrary File Clearing

The plugin does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder Click the "Log Monitor" available under Error Log Viewer menu item. Choose a log file to clear. Intercept the reques...

Schneider Electric Eurotherm by Schneider Electric GUIcon 缓冲区错误漏洞

Schneider Electric Eurotherm by Schneider Electric GUIcon is a graphical user interface programming software from Schneider Electric France. Schneider Electric GUIcon suffers from a buffer overflow vulnerability that originates when a malicious .gd1 configuration file is loaded into the GUIcon...

Schneider Electric Eurotherm by Schneider Electric GUIcon 缓冲区错误漏洞

Schneider Electric Eurotherm by Schneider Electric GUIcon is a suite of graphical user interface programming software from Schneider Electric France. Schneider Electric Eurotherm by Schneider Electric GUIcon suffers from a buffer error vulnerability that originates when a malicious .gd1...

[SECURITY] Fedora 35 Update: watchdog-5.16-2.fc35

The watchdog program can be used as a powerful software watchdog daemon or may be alternately used with a hardware watchdog device such as the IPMI hardware watchdog driver interface to a resident Baseboard Management Controller BMC. watchdog periodically writes to /dev/watchdog; the interval...

[SECURITY] Fedora 34 Update: watchdog-5.16-2.fc34

The watchdog program can be used as a powerful software watchdog daemon or may be alternately used with a hardware watchdog device such as the IPMI hardware watchdog driver interface to a resident Baseboard Management Controller BMC. watchdog periodically writes to /dev/watchdog; the interval...

[SECURITY] Fedora 33 Update: watchdog-5.16-2.fc33

The watchdog program can be used as a powerful software watchdog daemon or may be alternately used with a hardware watchdog device such as the IPMI hardware watchdog driver interface to a resident Baseboard Management Controller BMC. watchdog periodically writes to /dev/watchdog; the interval...

CVE-2021-21744

ZTE MF971R product has a configuration file control vulnerability. An attacker could use this vulnerability to modify the configuration parameters of the device, causing some security functions of the device to be disabled...

CVE-2021-21744

ZTE MF971R product has a configuration file control vulnerability. An attacker could use this vulnerability to modify the configuration parameters of the device, causing some security functions of the device to be disabled...

Design/Logic Flaw

ZTE MF971R product has a configuration file control vulnerability. An attacker could use this vulnerability to modify the configuration parameters of the device, causing some security functions of the device to be disabled...

CVE-2021-21744

ZTE MF971R product has a configuration file control vulnerability. An attacker could use this vulnerability to modify the configuration parameters of the device, causing some security functions of the device to be disabled...