4649 matches found
Privilege escalation
An exploitable code execution vulnerability exists in the connect functionality of ProtonVPN VPN client 1.5.1. A specially crafted configuration file can cause a privilege escalation, resulting in the ability to execute arbitrary commands with the system's privileges...
Privilege escalation
An exploitable code execution vulnerability exists in the connect functionality of NordVPN 6.14.28.0. A specially crafted configuration file can cause a privilege escalation, resulting in the execution of arbitrary commands with system privileges...
CVE-2018-4010
CVE-2018-4010 affects ProtonVPN VPN Client 1.5.1. A vulnerability in the connect flow allows a specially crafted OpenVPN configuration to trigger a privilege escalation, enabling code execution with system privileges. The root cause involves how OpenVPN configuration lines (e.g., plugin, script-s...
NordVPN VPN client connect privilege escalation vulnerability
Summary An exploitable code execution vulnerability exists in the connect functionality of NordVPN 6.14.28.0. A specially crafted configuration file can cause a privilege escalation, resulting in the execution of arbitrary commands with system privileges. Tested Versions NordVPN 6.14.28.0 Product...
ProtonVPN VPN client connect privilege escalation vulnerability
Summary An exploitable code execution vulnerability exists in the connect functionality of ProtonVPN VPN client 1.5.1. A specially crafted configuration file can cause a privilege escalation, resulting in the ability to execute arbitrary commands with the system’s privileges. Tested Versions...
PT-2018-1554 · Nordvpn · Nordvpn
Name of the Vulnerable Software and Affected Versions: NordVPN version 6.14.28.0 Description: The issue is caused by the failure to neutralize special elements used in an operating system command. Exploitation of this issue can allow an attacker to execute arbitrary commands or code with SYSTEM...
The vulnerability of the SettingContent-MS mechanism in Windows operating systems allows a perpetrator to execute arbitrary code.
The vulnerability of the SettingContent-MS mechanism in Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted configuration file...
Updated quazip packages fix security vulnerability
Updated quazip packages fix security vulnerability: A vulnerability has been found in the way developers have implemented the archive extraction of files. An arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar,x...
SIPP 3.3 - Stack-Based Buffer Overflow
SIPP 3.3 - Stack-Based Buffer Overflow Exploit Author: Juan Sacco - http://exploitpack.com Tested on: Kali i686 GNU/Linux Description: SIPP 3.3 is prone to a local unauthenticated stack-based overflow The vulnerability is due to an unproper filter of user suppliedinput while reading the...
SIPP 3.3 - Stack-Based Buffer Overflow
Exploit Author: Juan Sacco - http://exploitpack.com Tested on: Kali i686 GNU/Linux Description: SIPP 3.3 is prone to a local unauthenticated stack-based overflow The vulnerability is due to an unproper filter of user suppliedinput while reading the configuration file and parsing the malicious...
SIPP 3.3 Stack-Based Overflow
Exploit Author: Juan Sacco - http://exploitpack.com Tested on: Kali i686 GNU/Linux Description: SIPP 3.3 is prone to a local unauthenticated stack-based overflow The vulnerability is due to an unproper filter of user supplied input while reading the configuration file and parsing the malicious...
CVE-2018-15699
ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. A man in the middle can take advantage of this by inserting Javascript into the configuration files Version field...
Design/Logic Flaw
ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. A man in the middle can take advantage of this by inserting Javascript into the configuration files Version field...
CVE-2017-18345
The Joomanager component through 2.0.0 for Joomla! has an arbitrary file download issue, resulting in exposing the credentials of the database via an index.php?option=comjoomanager&controller=details&task=download&path=configuration.php request...
Debian: Security Advisory (DLA-1470-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GLSA-201808-03 : NetworkManager VPNC plugin: Privilege escalation
The remote host is affected by the vulnerability described in GLSA-201808-03 NetworkManager VPNC plugin: Privilege escalation When initiating a VPNC connection, NetworkManager spawns a new vpnc process and passes the configuration via STDIN. By injecting a special character into a configuration...
Debian DLA-1470-1 : confuse security update
An out of bound read was discoverd in libConfuse, a configuration file parser library. CVE-2018-14447 An out of bound read in trimwhitespace, fixed thanks to Sebastian Roland . For Debian 8 'Jessie', this problem has been fixed in version 2.7-5+deb8u1. We recommend that you upgrade your confuse...
Uber: [experience.uber.com] Node.js source code disclosure & anonymous access to internal Uber documents, templates and tools
A configuration file on experience.uber.com exposed details for the server configuration as well as information about the content hosted on the site. The site itself did require authentication to log in, but this config file was publicly accessible. Other accessible URLs included slide deck...
Jenkins 配置文件路径改动导致管理员权限开放漏洞(CVE-2018-1999001)
CVE-2018-1999001 为配置文件路径改动漏洞。远程且未经授权的攻击者可以通过构造恶意登录凭证,从 Jenkins 主目录下移除 config.xml 配置文件到其他目录,从而导致 Jenkins 服务下次重启时退回 legacy 模式,对匿名用户也会开放管理员权限,如下图所示: CVE-2018-1999001 漏洞利用的条件是需要等待 Jenkins 服务的重启。...
CVE-2018-8851
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration file to log into the SmartServer web user interface...