Security Bulletin: GSKit certificate chain vulnerability in Rational DOORS (CVE-2013-6747)

Summary A vulnerability has been identified in the GSKit component that is utilized by IBM Rational DOORS. A malformed certificate chain can cause the Rational DOORS client application or server process that uses GSKit to hang or crash. Remediation for the issue consists of upgrading Rational DOO...

CVE-2020-1807

HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.188C00E74R3P8 have an improper authorization vulnerability. The software does not properly restrict certain user's modification of certain configuration file, successful exploit could allow the attacker to bypass app lock after a series...

CVE-2020-1807

HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.188C00E74R3P8 have an improper authorization vulnerability. The software does not properly restrict certain user's modification of certain configuration file, successful exploit could allow the attacker to bypass app lock after a series...

Authorization

HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.188C00E74R3P8 have an improper authorization vulnerability. The software does not properly restrict certain user's modification of certain configuration file, successful exploit could allow the attacker to bypass app lock after a series...

CVE-2020-1807

HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.188C00E74R3P8 have an improper authorization vulnerability. The software does not properly restrict certain user's modification of certain configuration file, successful exploit could allow the attacker to bypass app lock after a series...

Command Execution Vulnerability in Hisiphp V2.0.10

HisiPHP based on ThinkPHP5 + Layui development of a free WEB open source framework. Hisiphp V2.0.10 there is a command execution vulnerability , an attacker can exploit the vulnerability to write a configuration file , and the configuration file contains , execute commands...

Neowise CarbonFTP 1.4 - Insecure Proprietary Password Encryption Exploit

Title: Neowise CarbonFTP 1.4 - Insecure Proprietary Password Encryption Author: hyp3rlinx Vendor: CVE: CVE-2020-6857 import time, string, sys, argparse, os, codecs Fixed: updated for Python 3, the hex decode function was not working in Python 3 version. This should be compatible for Python 2 and ...

MikroTik WinBox Information Disclosure Vulnerability

MikroTik WinBox is a utility program for managing MikroTik RouterOS systems from MikroTik Latvia. A security vulnerability exists in MikroTik WinBox version 3.22 and earlier, which stems from the program storing user plaintext passwords in the settings.cfg.viw configuration file. An attacker can...

CVE-2020-5721

MikroTik WinBox 3.22 and below stores the user's cleartext password in the settings.cfg.viw configuration file when the Keep Password field is set and no Master Password is set. Keep Password is set by default and, by default Master Password is not set. An attacker with access to the configuratio...

Default credentials

MikroTik WinBox 3.22 and below stores the user's cleartext password in the settings.cfg.viw configuration file when the Keep Password field is set and no Master Password is set. Keep Password is set by default and, by default Master Password is not set. An attacker with access to the configuratio...

CVE-2020-5721

MikroTik WinBox 3.22 and below stores the user's cleartext password in the settings.cfg.viw configuration file when the Keep Password field is set and no Master Password is set. Keep Password is set by default and, by default Master Password is not set. An attacker with access to the configuratio...

CVE-2020-5721

MikroTik WinBox 3.22 and earlier stores the user’s cleartext password in settings.cfg.viw when Keep Password is enabled and no Master Password is set. By default Keep Password is on and Master Password is not set, so an attacker with access to the configuration file can extract usernames and pass...

Privilege Escalation

kernel is vulnerable to privilege escalation. The vulnerability exists as it was found that the perf tool, a part of the Linux kernel's Performance Events implementation, could load its configuration file from the current working directory. If a local user with access to the perf tool were tricke...

Arbitrary Code Execution

sudo is vulnerable to arbitrary code execution. The RHBA-2010:0212 sudo update released as part of Red Hat Enterprise Linux 5.5 added the ability to change the value of the ignoredot option in the "/etc/sudoers" configuration file. This ability introduced a regression in the upstream fix for...

Privilege Escalation

sudo is vulnerable to privilege escalation. The vulnerability exists as a flaw was discovered in a way sudo handled group specifications in "run as" lists in the sudoers configuration file. If sudo configuration allowed a user to run commands as any user of some group and the user was also a memb...

Design/Logic Flaw

A local, authenticated user with shell can view sensitive configuration information via the ev.ops configuration file. This issue affects all versions of Junos OS Evolved prior to 19.2R1...

Unspecified Vulnerability in NCH Software Express Invoice

NCH Software Express Invoice is an inventory system from NCH Software Australia. The system is mainly used for invoice management, etc. A security vulnerability exists in NCH Software Express Invoice version 7.25, which stems from the program storing passwords in plaintext form. This vulnerabilit...

ZSQL: Default Listening Port

Change the listening port from the default 1611 to another value, protecting the database from malicious clients. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

ZSQL: Maximum Number of Connections

If the maximum number of online connections is set to a large value, the required process socket handles and session pool memory may exceed the OS limit on the server. - Value: The minimum value to be compliant. - Maximum: The maximum value to be compliant. SPDX-FileCopyrightText: 2020 Greenbone ...

CVE-2020-11560

NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the configuration file...