UBUNTU-CVE-2020-5253

NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file usually .nethackrc which could be exploited. This bug is patched in NetHack 3.6.0...

CVE-2020-5253

NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file usually .nethackrc which could be exploited. This bug is patched in NetHack 3.6.0...

CVE-2020-2154

Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier stores its credentials in plain text in a global configuration file on the Jenkins master file system...

CVE-2020-1753

A security flaw was found in the Ansible Engine when managing Kubernetes using the k8s connection plugin. Sensitive parameters such as passwords and tokens are passed to the kubectl command line instead of using environment variables or an input configuration file, which is safer. This flaw...

Wing FTP Server Local Elevation of Privilege Vulnerability

Wing FTP Server is an easy-to-use, secure and reliable FTP server software for Windows, Linux, Mac OS and Solaris. A local elevation of privilege vulnerability exists in Wing FTP Server 6.2.3. The vulnerability stems from Wing FTP Server setting insecure permissions on the installation directory...

[SECURITY] Fedora 31 Update: sudo-1.9.0-0.1.b1.fc31

Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...

Moxa EDS-G516E and EDS-510E Series Ethernet Switches

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Moxa Equipment: EDS-G516E series, and EDS-510E series Vulnerabilities: Stack-based Buffer Overflow, Use of a Broken or Risky Cryptographic Algorithm, Use of Hard-coded Cryptographic Key, Use of...

"Unable to access the Virtual machines configuration: Unable to access file"

Unable to create machines using XenDesktop Setup wizard and observe error: '0 device created, 1 failed '. Detailed error: "Unable to access the Virtual machines configuration: Unable to access file "...

D-Link DGS-1250 Header Injection

D-Link DGS-1250 header injection vulnerability ============================================== The latest version of this advisory is available at: https://sintonen.fi/advisories/d-link-dgs-1250-header-injection.txt Overview -------- D-Link DGS-1250 switch is susceptible to a header injection...

CVE-2019-11215

In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writable, then execution of arbitrary code can be accomplished by calling ajax.dataloader with a maliciously crafted payload. Many conditions can place the configuration file into a writable state: during installation; during...

CVE-2019-11215

In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writable, then execution of arbitrary code can be accomplished by calling ajax.dataloader with a maliciously crafted payload. Many conditions can place the configuration file into a writable state: during installation; during...

Race condition

In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writable, then execution of arbitrary code can be accomplished by calling ajax.dataloader with a maliciously crafted payload. Many conditions can place the configuration file into a writable state: during installation; during...

CVE-2019-11215

In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writable, then execution of arbitrary code can be accomplished by calling ajax.dataloader with a maliciously crafted payload. Many conditions can place the configuration file into a writable state: during installation; during...

CVE-2019-11215

CVE-2019-11215 affects Combodo iTop versions 2.2.0–2.6.0. If the configuration file is writable, an attacker can achieve arbitrary code execution by sending a crafted payload to the ajax.dataloader API. The condition for writability can arise during installation, upgrade, a web-interface write er...

CVE-2020-2129

Jenkins Eagle Tester Plugin 1.0.9 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system...

CVE-2020-2130

Jenkins Harvest SCM Plugin 0.5.1 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system...

CVE-2020-2130

Jenkins Harvest SCM Plugin 0.5.1 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system...

CVE-2020-2125

Jenkins Debian Package Builder Plugin 1.6.11 and earlier stores a GPG passphrase unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system...

Design/Logic Flaw

Jenkins Harvest SCM Plugin 0.5.1 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system...

CVE-2020-2130

Jenkins Harvest SCM Plugin 0.5.1 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system...