CVE-2018-8851

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration file to log into the SmartServer web user interface...

CVE-2018-8851

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration file to log into the SmartServer web user interface...

PHP Cloud Talent System (phpyun) has a code execution vulnerability

PHP cloud talent system phpyun is a PHP and MySQL database to build an efficient open source talent and enterprise job search recruitment, hiring solutions. A code execution vulnerability exists in PHP Cloud Talent System phpyun. The vulnerability is due to the configuration file writing process...

Code injection

A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code...

DEBIAN-CVE-2018-10875

A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code...

ALPINE-CVE-2018-10875

A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code...

ansible: ansible.cfg is being read from current working directory allowing possible code execution

It was found that ansible.cfg is being read from the current working directory, which can be made to point to plugin or module paths that are under control of the attacker. This could allow an attacker to execute arbitrary code...

NuCom NC-WR644GACV File Download Vulnerability

NuCom WR644GACV devices before STA006 allow an attacker to download the configuration file without credentials. By downloading this file, an attacker can access the admin password, WPA key, and any config information of the device. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions...

NuCom NC-WR644GACV Unauthenticated Configuration File Download Vulnerability

NuCom NC-WR644GACV with software versions STA 005 and below suffer from a configuration file download vulnerability that allows for extraction of the administrative credentials. Overview ======== Researchers of NVEL4 Cybersecurity company have discovered that it is possible to access to the confi...

NuCom NC-WR644GACV Unauthenticated Configuration File Download

Overview ======== Researchers of NVEL4 Cybersecurity company have discovered that it is possible to access to the config file bypassing admin authentication and authorization. The vulnerability has been reported to the vendor. The vendor has confirmed the vulnerability but not issued to security...

DEBIAN-CVE-2018-12895

WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can delete the wp-config.php file. This is related to missing filename validation in the...

CVE-2018-8755

NuCom WR644GACV devices before STA006 allow an attacker to download the configuration file without credentials. By downloading this file, an attacker can access the admin password, WPA key, and any config information of the device...

Design/Logic Flaw

NuCom WR644GACV devices before STA006 allow an attacker to download the configuration file without credentials. By downloading this file, an attacker can access the admin password, WPA key, and any config information of the device...

CVE-2018-8755

NuCom WR644GACV devices before STA006 allow an attacker to download the configuration file without credentials. By downloading this file, an attacker can access the admin password, WPA key, and any config information of the device...

CVE-2018-8755

The CVE-2018-8755 issue affects NuCom NC-WR644GACV routers with firmware STA 005 and earlier, where an unauthenticated attacker can download the device configuration file, exposing admin credentials, WPA keys, and other config data. Root cause is an authentication/authorization bypass that allows...

sssd and ding-libs security and bug fix update

ding-libs 0.4.0-13 - Resolves: rhbz1538061 - sssd/libiniconfig cannot parse configuration file with line longer than 5102 0.4.0-12 - Related: rhbz1377213 - ding-libs dont parse lines without an equal sign sssd 1.13.3-60.0.1 - Orabug 26746822 - revert patch 0118 to fix LDAP netgroup lookup problem...

Magento Hackers Using Simple Evasion Trick to Reinfect Sites With Malware

Security researchers have been warning of a new trick that cybercriminals are leveraging to hide their malicious code designed to re-introduce the infection to steal confidential information from Magento based online e-commerce websites. So, if you have already cleaned up your hacked Magento...

CVE-2018-9022

An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file...

Authentication flaw

An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file...

CVE-2018-9022

CVE-2018-9022 affects Broadcom CA Privileged Access Manager up to version 2.8.2 and earlier. The vulnerability is an authentication bypass that allows a remote attacker to execute arbitrary code or commands by poisoning a configuration file. Public references document this as a remote command exe...