Design/Logic Flaw

Jenkins GitLab Logo Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

CVE-2019-10424

Jenkins elOyente Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

CVE-2019-10426

Jenkins Gem Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

CVE-2019-10415

CVE-2019-10415 affects Jenkins Violation Comments to GitLab Plugin, version 2.28 and earlier. The root issue is that API tokens/credentials were stored unencrypted in the plugin’s global configuration file on the Jenkins master, enabling viewing by users with access to the master filesystem. Impa...

CVE-2019-10420

Jenkins Assembla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

CVE-2019-16867

HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. If the attacker deletes config.php and visits install/index.php, they can reinstall the product...

The vulnerability of the microprogramming software for Moxa ioLogik 2542-HSPA remote input/output modules and the Moxa Ioxpress Configuration Utility, which is related to the use of a unstable cryptographic algorithm, allows a intruder to gain unauthorized access to protected data.

The vulnerability of the microprogrammed input/output module Moxa ioLogik 2542-HSPA and the Moxa Ioxpress Configuration Utility lies in the use of a unstable cryptographic algorithm for storing and transmitting passwords. Exploiting this vulnerability allows an attacker operating remotely to gain...

The vulnerability of microprogrammed software in Moxa MGate MB3170, MB3180, MB3270, MB3280, MB3480, and MB3660 protocols arises from the unencrypted storage of confidential information, allowing attackers to gain unauthorized access to protected data.

The vulnerability of the microprogrammed software of Moxa MGate MB3170, MB3180, MB3270, MB3280, MB3480, and MB3660 lies in the unencrypted storage of confidential information. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the protected...

The vulnerability of the microprogramming software for Moxa EDS-G516E and Moxa EDS-510E switches lies in the use of a rigidly encrypted cryptographic key in the configuration file. This allows an intruder to gain unauthorized access to the protected information.

The vulnerability of the microprogramming software for Moxa EDS-G516E and Moxa EDS-510E switches lies in the use of a rigidly encrypted cryptographic key in the configuration file. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected...

SysAnalyzer - Automated Malcode Analysis System

SysAnalyzer is an open-source application that was designed to give malcode analysts an automated tool to quickly collect, compare, and report on the actions a binary took while running on the system. A full installer for the application is available and can be downloaded here. The application...

CVE-2019-10398

The CVE-2019-10398 entry concerns Jenkins Beaker Builder Plugin (versions ≤ 1.9). The vulnerability arises from credentials being stored unencrypted in the plugin’s global configuration file on the Jenkins master, enabling users with file-system access to view them. Impact is credential disclosur...

CVE-2019-1267

An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where a configuration file, with local privileges, is vulnerable to symbolic link and hard link attacks, aka 'Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability'...

Privilege escalation

An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where a configuration file, with local privileges, is vulnerable to symbolic link and hard link attacks, aka 'Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability'...

CVE-2019-16124

In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to edit the configuration file, and insert malicious PHP code...

CVE-2019-16124

In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to edit the configuration file, and insert malicious PHP code...

Code injection

In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to edit the configuration file, and insert malicious PHP code...

CVE-2019-16124

CVE-2019-16124 affects YouPHPTube 7.4, where install/checkConfiguration.php lacks access control, allowing unauthorized edits to the configuration and potential insertion of malicious PHP code. This is the root cause described across multiple sources, with CVSSv3.1 and CVSSv2 metrics indicating c...

CVE-2019-16124

In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to edit the configuration file, and insert malicious PHP code...

PT-2019-14526 · Youphptube · Youphptube

Name of the Vulnerable Software and Affected Versions: YouPHPTube version 7.4 Description: The issue arises from the lack of access control in the file install/checkConfiguration.php, allowing anyone to edit the configuration file and potentially insert malicious PHP code. Recommendations: For...

U.S. Dept Of Defense: Local File Disclosure on the █████ (https://████████.edu/) leads to the full source code disclosure and credentials leak

A local file disclosure vulnerability was discovered on the █████ website https://████████.edu/. The vulnerability allowed an attacker to download the website's configuration file, which exposed the database credentials. Additionally, the source code for certain server-side resources was also...