4651 matches found
Design/Logic Flaw
A vulnerability in the Server Utilities of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to gain unauthorized access to sensitive user information from the configuration data that is stored on the affected system. The vulnerability is due to insufficient...
CVE-2019-1627
CVE-2019-1627 : Cisco Integrated Management Controller (IMC) Server Utilities contain an information-disclosure vulnerability where an authenticated, remote attacker could download the configuration file due to insufficient protection of data in the configuration data. This could expose sensitive...
CVE-2018-19146
Concrete5 8.4.3 has XSS because config/concrete.php allows uploads by administrators of SVG files that may contain HTML data with a SCRIPT element...
Design/Logic Flaw
Concrete5 8.4.3 has XSS because config/concrete.php allows uploads by administrators of SVG files that may contain HTML data with a SCRIPT element...
CVE-2019-2257
Wrong permissions in configuration file can lead to unauthorized permission in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W,...
Design/Logic Flaw
Wrong permissions in configuration file can lead to unauthorized permission in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W,...
CVE-2019-2257
CVE-2019-2257 involves wrong permissions in a configuration file, enabling unauthorized permissions on numerous Qualcomm Snapdragon platforms. Affected families include Snapdragon Auto, Connectivity, Consumer IoT, Industrial IoT, IoT, Mobile, Voice & Music, Wearables, and related configurations a...
CVE-2019-10329
Jenkins InfluxDB Plugin 1.21 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
Schneider Electric Altivar ATV61HC80Y387 Variable Speed Drive
Binary data 763992.prm...
Unauthorised Access
Mozilla Thunderbird is vulnerable to unauthorised access. Proxy Auto-Configuration file can define localhost access to be proxied...
Rockwell Automation Ultra 100 0.5kW 1398-DDM-005-DN
Binary data 753777.prm...
Mozilla: Proxy Auto-Configuration file can define localhost access to be proxied
When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration PAC file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is...
Fedora Update for mingw-libconfuse FEDORA-2019-9ccbbfeae1
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
NSClient++ 0.5.2.35 Privilege Escalation
Exploit Author: bzyo Twitter: @bzyo Exploit Title: NSClient++ 0.5.2.35 - Privilege Escalation Date: 05-05-19 Vulnerable Software: NSClient++ 0.5.2.35 Vendor Homepage: http://nsclient.org/ Version: 0.5.2.35 Software Link: http://nsclient.org/download/ Tested on: Windows 10 x64 Details: When...
NSClient++ 0.5.2.35 - Privilege Escalation
Exploit Author: bzyo Twitter: @bzyo Exploit Title: NSClient++ 0.5.2.35 - Privilege Escalation Date: 05-05-19 Vulnerable Software: NSClient++ 0.5.2.35 Vendor Homepage: http://nsclient.org/ Version: 0.5.2.35 Software Link: http://nsclient.org/download/ Tested on: Windows 10 x64 Details: When...
Information Disclosure
EAP is vulnerable to information disclosure attacks. An attacker could manipulate the component, Configuration File Handler with an unknown input which leads to partially modify data and disclosure of information...
Elevation Of Privileges By An Untrusted Search Path Vulnerability
Luci is a web-based high availability administration application. A flaw was found in the way the luci service was initialized. If a system administrator started the luci service from a directory that was writable to by a local user, that user could use this flaw to execute arbitrary code as the...
Privilege Escalation
OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances, managing networks, an...
CVE-2019-10318
Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret unencrypted in the global config.xml configuration file on the Jenkins master where it could be viewed by users with access to the master file system...
CVE-2019-10316
Jenkins Aqua MicroScanner Plugin 1.0.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system...