4651 matches found
The vulnerability of the D-Link DSL-2875AL router’s microprogramming software lies in the insufficient protection of registration data, allowing attackers to gain unauthorized access to protected information.
The vulnerability of the D-Link DSL-2875AL router’s microprogramming software is related to insufficient protection for registration data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information using a specially created reques...
Design/Logic Flaw
Jenkins couchdb-statistics Plugin 0.3 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
Design/Logic Flaw
Jenkins SMS Notification Plugin 1.2 and earlier stores an access token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
CVE-2020-2297
The CVE-2020-2297 entry concerns Jenkins SMS Notification Plugin versions 1.2 and earlier, where an access token is stored unencrypted in the global configuration file on the Jenkins controller. The file com.hoiio.jenkins.plugin.SMSNotification.xml can be viewed by users with filesystem access, e...
CVE-2020-2297
Jenkins SMS Notification Plugin 1.2 and earlier stores an access token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
CVE-2020-2291
Jenkins couchdb-statistics Plugin 0.3 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
CVE-2020-26880
Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file which is owned by sympa and parsing it through the setuid sympanewaliases-wrapper executable...
CVE-2020-26880
Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file which is owned by sympa and parsing it through the setuid sympanewaliases-wrapper executable...
Design/Logic Flaw
Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file which is owned by sympa and parsing it through the setuid sympanewaliases-wrapper executable...
CVE-2020-26880
Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file which is owned by sympa and parsing it through the setuid sympanewaliases-wrapper executable...
CVE-2020-26880
Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file which is owned by sympa and parsing it through the setuid sympanewaliases-wrapper executable...
The vulnerability of the ev.ops configuration file of the JunOS Evolved operating system, which allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the ev.ops configuration file in the JunOS Evolved operating system is related to insufficient protection for registration data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
Path traversal
An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can send crafted unauthenticated HTTP requests to exploit path traversal and pattern-matching programming flaws, and retrieve any file from the device's file system, including the configuration file with t...
CVE-2020-24219
CVE-2020-24219 affects URayTech IPTV/H.264/H.265 video encoders (up to v1.97). The vulnerability is a path traversal/pattern-matching flaw in unauthenticated HTTP handling that allows an attacker to read files from the device, including the configuration file containing the cleartext admin passwo...
CVE-2020-18185
class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment...
CVE-2020-18185
class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment...
CVE-2020-18185
class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment...
UBUNTU-CVE-2020-18185
class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment...
Code injection
class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment...
CVE-2020-18185
Removed by vendor...