CVE-2020-11560

NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the configuration file...

Design/Logic Flaw

NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the configuration file...

PT-2020-12693 · Nch · Express Invoice

Name of the Vulnerable Software and Affected Versions: NCH Express Invoice version 7.25 Description: The issue allows local users to discover the cleartext password by reading the configuration file. Recommendations: For version 7.25, consider restricting access to the configuration file to...

CVE-2020-11560

CVE-2020-11560 affects NCH Express Invoice 7.25. Local users can read the application’s configuration file to obtain cleartext passwords, enabling potential account takeover. Root cause: credentials stored in plaintext in the configuration/files under the Express Invoice data path. Exploitation d...

CVE-2020-11560

NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the configuration file...

CVE-2020-11107

An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , and 7.4.x before 7.4.4 on Windows. An unprivileged user can change a .exe configuration in xampp-contol.ini for all users including admins to enable arbitrary command execution...

CVE-2020-2164

Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system...

CVE-2020-2164

Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system...

Design/Logic Flaw

Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system...

CVE-2020-2164

Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system...

PT-2020-2658 · Jenkins · Jenkins Artifactory Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Artifactory Plugin versions 3.5.0 and earlier Description: The issue is related to the storage of the Artifactory server password in plain text in the global configuration file. This allows users with access to the Jenkins master file...

CVE-2020-6581

A flaw was found in nrpe. A command injection is possible due to insufficient filtering. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation Disable nastymetachars and dontblamenrpe option inside the NRPE configuration fil...

NetHack Elevation of Privilege Vulnerability

NetHack is a role-playing single-player game. A security vulnerability exists in NetHack versions prior to 3.6.0. An attacker can exploit this vulnerability to maliciously escape characters in a configuration file and thus elevate privileges...

CloudBees Jenkins Zephyr for JIRA Test Management Plugin Information Disclosure Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . Zephyr for JIRA Test Management Plugin is used...

Cross site request forgery (csrf)

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 allows CSRF against all /goform/ URIs. An attacker can modify all settings including WEP/WPA/WPA2 keys, restore the router to factory settings, or even upload an entire malicious configuration file...

EulerOS Virtualization for ARM 64 3.0.2.0 : openssl (EulerOS-SA-2020-1221)

According to the versions of the openssl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In situations where an attacker receives automated notification of the success or failure of a decryption attempt an...

SAP NetWeaver Application Server Java Code Issue Vulnerability (CNVD-2020-19952)

SAP NetWeaver Application Server Java is a German SAP SAP company provides a Java runtime environment of the application server. The product is mainly used to develop and run Java EE applications. A code issue vulnerability exists in SAP NetWeaver Application Server Java where the program does no...

CVE-2019-9104

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. The application's configuration file contains parameters that represent passwords in cleartext...

Design/Logic Flaw

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. The application's configuration file contains parameters that represent passwords in cleartext...

CVE-2020-5253

NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file usually .nethackrc which could be exploited. This bug is patched in NetHack 3.6.0...