CVE-2018-20936

cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf SEC-308...

CVE-2019-1552

OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir configuration options. For OpenSSL versio...

Cisco NX-OS Software Unauthorized Filesystem Access Vulnerability

According to its self-reported version, Cisco NX-OS Software is affected by a vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to gain read and write access to a critical configuration file. The vulnerability is due to a failure to...

Vulnerability in OpenSSL - Windows builds with insecure path defaults

OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the –prefix / –openssldir configuration options. For OpenSSL versions...

CloudBees Jenkins Unauthorized Information Disclosure Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Dependency Graph Viewer Plugin is used in...

Arbitrary File Download Vulnerability in StarNet Ruijie Multimedia Conference System BMS

Fujian StarNet Ruijie Communication Co., Ltd. is an ICT application solution provider. An arbitrary file download vulnerability exists in the StarNet Ruijie Multimedia Conference System BMS. An attacker can exploit the vulnerability to download other files, such as a configuration file containing...

Unspecified Vulnerability in JetBrains IntelliJ IDEA Ultimate (CNVD-2019-24237)

JetBrains IntelliJ IDEA Ultimate is a Czech JetBrains integrated development environment for the Java language. An unspecified security vulnerability exists in JetBrains IntelliJ IDEA Ultimate that originates from the program logging server credentials in plaintext to the IDE configuration file. ...

CVE-2019-4263

IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access a configuration file in the ICN server. IBM X-Force ID: 160015...

Design/Logic Flaw

IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access a configuration file in the ICN server. IBM X-Force ID: 160015...

CVE-2019-4263

IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access a configuration file in the ICN server. IBM X-Force ID: 160015...

PT-2019-11747 · Jenkins · Jenkins Gogs Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Gogs Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted form in job config.xml files on the Jenkins master or controller. These credentials can be accessed by users with...

CVE-2019-1893 Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system OS of an affected device as root. The vulnerability is due to insufficient input validation of a configuration file...

Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system OS of an affected device as root. The vulnerability is due to insufficient input validation of a configuration file...

Security Bulletin:IBM Content Navigator is affected by a local file inclusion vulnerability

Summary IBM Content Navigator has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-4263 DESCRIPTION: IBM Content Navigator is vulnerable to local file inclusion vulnerablity, allowing an attacker to access a configuration file in the ICN server. CVSS Base Score: 4.3 CV...

ABB HMI Hardcoded Credentials File Read Vulnerability

ABB PB610 is a software from ABB Switzerland for designing graphical user interfaces for the CP600 control panel platform. A file read vulnerability exists in ABB HMI Hardcoded Credentials, which can be exploited by an attacker to read or write to the HMI configuration file and reset the device...

Ann Day honey network capture“use of the ElasticSearch Groovy vulnerability Monroe coin(Dog)mining”event analysis-vulnerability warning-the black bar safety net

1, Overview 2019 6 May 13, Ann Day honey network capture to use CVE-2015-1427ElasticSearch Groovyremote command execution vulnerability attacks. The vulnerability principle is Elaticsearch groovy as a scripting language, and based on the use of black and white lists of the sandbox mechanism to...

Default configuration

A vulnerability in the London Trust Media Private Internet Access PIA VPN Client 1.0.2 build 02363 for Windows could allow an authenticated, local attacker to run arbitrary code with elevated privileges. On startup, the PIA Windows service pia-service.exe loads the OpenSSL library from...

CVE-2019-12572

A vulnerability in the London Trust Media Private Internet Access PIA VPN Client 1.0.2 build 02363 for Windows could allow an authenticated, local attacker to run arbitrary code with elevated privileges. On startup, the PIA Windows service pia-service.exe loads the OpenSSL library from...

URLextractor - Information Gathering and Website Reconnaissance

Informationgathering & website reconnaissance Usage: ./extractor http://www.hackthissite.org/ Tips: Colorex: put colors to the ouput pip install colorex and use it like ./extractor http://www.hackthissite.org/ | colorex -g "INFO" -r "ALERT" Tldextract: is used by dnsenumeration function pip insta...

CVE-2019-1627

A vulnerability in the Server Utilities of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to gain unauthorized access to sensitive user information from the configuration data that is stored on the affected system. The vulnerability is due to insufficient...