CVE-2019-16543

Jenkins Spira Importer Plugin 3.2.2 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

CVE-2019-16543

Jenkins Spira Importer Plugin 3.2.2 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

Stack overflow

Multiple Stack-based Buffer Overflow vulnerabilities exists in Sniffit prior to 0.3.7 via a crafted configuration file that will bypass Non-eXecutable bit NX, stack smashing protector SSP, and address space layout randomization ASLR protection mechanisms, which could let a malicious user execute...

CVE-2014-5439

Multiple Stack-based Buffer Overflow vulnerabilities exists in Sniffit prior to 0.3.7 via a crafted configuration file that will bypass Non-eXecutable bit NX, stack smashing protector SSP, and address space layout randomization ASLR protection mechanisms, which could let a malicious user execute...

CVE-2014-5439

SniffIt before 0.3.7 contains multiple stack-based buffer overflow vulnerabilities triggered by crafted configuration files, allowing arbitrary code execution (as reported across NVD/OSV/Ubuntu/Debian advisories). The issue bypasses NX/SSP/ASLR protections and is documented in multiple feeds (NVD...

CVE-2014-5439

Multiple Stack-based Buffer Overflow vulnerabilities exists in Sniffit prior to 0.3.7 via a crafted configuration file that will bypass Non-eXecutable bit NX, stack smashing protector SSP, and address space layout randomization ASLR protection mechanisms, which could let a malicious user execute...

CVE-2014-5439

Multiple Stack-based Buffer Overflow vulnerabilities exists in Sniffit prior to 0.3.7 via a crafted configuration file that will bypass Non-eXecutable bit NX, stack smashing protector SSP, and address space layout randomization ASLR protection mechanisms, which could let a malicious user execute...

CVE-2011-2916

qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. If a user has a world-readable or world-executable home directory, another local system user could obtain the private key used to connect to remote NX sessions...

Design/Logic Flaw

qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. If a user has a world-readable or world-executable home directory, another local system user could obtain the private key used to connect to remote NX sessions...

CVE-2011-2916

qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. If a user has a world-readable or world-executable home directory, another local system user could obtain the private key used to connect to remote NX sessions...

CVE-2011-2916

CVE-2011-2916 affects qtnx 0.9, where non-custom SSH keys are stored in a world-readable configuration file. The underlying issue is that if a user has a world-readable or world-executable home directory, another local user could obtain the private key used to connect to remote NX sessions. Docum...

CVE-2011-2916

qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. If a user has a world-readable or world-executable home directory, another local system user could obtain the private key used to connect to remote NX sessions...

FileOptimizer 14.00.2524 - Denial of Service (PoC)

FileOptimizer 14.00.2524 - Denial of Service PoC Exploit Title: FileOptimizer 14.00.2524 - Denial of Service PoC Date: 2019-11-04 Exploit Author: Chase Hatch SYANiDE Vendor Homepage: https://sourceforge.net/projects/nikkhokkho/ Software Link:...

WECON PIStudio basedll TextContent Stack-based Buffer Overflow

A stack-based overflow exists in Wecon PIStudio. This vulnerability is due to input validation error when processing TextContent attributed in a HSC configuration file. A remote attacker could exploit these vulnerabilities by enticing a user to visit a malicious web page or open a crafted documen...

Mitsubishi Electric smartRTU and Inea ME-RTU Information Disclosure Vulnerability

Mitsubishi Electric smartRTU is an intelligent Remote Terminal Unit RTU from Mitsubishi Electric, Japan.Inea ME-RTU is an intelligent communication gateway product from Inea, Slovenia. A security vulnerability exists in Mitsubishi Electric smartRTU version 2.02 and earlier and INEA ME-RTU version...

File Read Vulnerability in HadSky Light Forums

adSky Light Forum is a newborn original PHP MySQL open source system , the main goal is to achieve light , fast , simple , full , 100% original open source system , which now covers PC, mobile, IOS and Android APP and WeChat applet . HadSky Light Forum file reading vulnerability , attackers can u...

Sandbox Restrictions Bypass

samba is vulnerable to sandbox restrictions bypass. A combination of parameters and permissions set in the samba configuration file can allow the user to escape from the share path definition...

CVE-2019-14927

An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote configuration download vulnerability allows an attacker to download the smartRTU's configuration file which contains data such as usernames,...

Design/Logic Flaw

An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an attacker to read sensitive configuration settings such as usernames, passwords, and othe...

Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2019-10197)

Summary A Samba vulnerability affects IBM Spectrum Scale SMB protocol access method that could allow a remote attacker to bypass security restrictions and gain access to the contents of directories outside of the share. Vulnerability Details In IBM Spectrum Scale by default wide links are forced ...