4649 matches found
CVE-2017-7652
In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lots of clients connected so that there are no more file descriptors/sockets available default limit...
CVE-2017-7652
In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lots of clients connected so that there are no more file descriptors/sockets available default limit...
CVE-2017-7652
In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lots of clients connected so that there are no more file descriptors/sockets available default limit...
CVE-2017-7652
In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lots of clients connected so that there are no more file descriptors/sockets available default limit...
DEBIAN-CVE-2018-10245
A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining the full path of the server, a similar issue to CVE-2006-3682. The attack can, for example, use the awstats.pl framename and update parameters...
MiniCMS Cross-Site Scripting Vulnerability
MiniCMS is a mini content management system CMS designed for personal websites. A cross-site scripting vulnerability exists in MiniCMS version 1.10. A remote attacker can exploit this vulnerability by sending the 'sitelink' parameter to the mc-admin/conf.php file to execute commands...
Mautic cross-site scripting vulnerability (CNVD-2018-08601)
Mautic is an open source marketing automation software. The software monitors and manages websites, sends emails and manages customer resources. A cross-site scripting vulnerability exists in versions of Mautic prior to 2.13.0. A remote attacker can exploit this vulnerability to inject arbitrary...
Privilege escalation
PureVPN 6.0.1 for Windows suffers from a SYSTEM privilege escalation vulnerability in its "sevpnclient" service. When configured to use the OpenVPN protocol, the "sevpnclient" service executes "openvpn.exe" using the OpenVPN config file located at %PROGRAMDATA%\purevpn\config\config.ovpn. This fi...
Sophos Endpoint Protection Plaintext Password Disclosure Vulnerability
Sophos Endpoint Protection helps protect your workstation by adding prevention, detection and response technologies to your operating system. A plaintext password disclosure vulnerability exists in Sophos Endpoint Protection 10.7. The vulnerability arises because Sophos Endpoint Protection uses...
PMS 0.42 - Local Stack-Based Overflow (ROP)
Exploit Author: Juan Sacco - http://exploitpack.com Tested on: Kali i686 GNU/Linux Description: PMS 0.42 is prone to a local unauthenticated stack-based overflow The vulnerability is due to an unproper filter of user supplied input while reading the configuration file and parsing the malicious...
PMS 0.42 - Local Stack-Based Overflow (ROP) Exploit
Exploit for linux platform in category local exploits Exploit Author: Juan Sacco - http://exploitpack.com Tested on: Kali i686 GNU/Linux Description: PMS 0.42 is prone to a local unauthenticated stack-based overflow The vulnerability is due to an unproper filter of user supplied input while readi...
osCommerce Installer Unauthenticated Code Execution
If the /install/ directory was not removed, it is possible for an unauthenticated attacker to run the "install4.php" script, which will create the configuration file for the installation. This allows the attacker to inject PHP code into the configuration file and execute it. This module requires...
PMS 0.42 Stack-Based Buffer Overflow Exploit
Exploit for linux platform in category dos / poc Exploit Author: Juan Sacco - http://exploitpack.com Vulnerability found using Exploit Pack v10 - Fuzzer local module Tested on: Kali i686 GNU/Linux Description: PMS 0.42 is prone to a local unauthenticated stack-based overflow The vulnerability is...
osCommerce 2.3.4.1 - Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: osCommerce 2.3.4.1 Remote Code Execution Date: 29.0.3.2018 Exploit Author: Simon Scannell - https://scannell-infosec.net Version: 2.3.4.1, 2.3.4 - Other versions have not been tested but are likely to be vulnerable Tested on:...
osCommerce 2.3.4.1 Remote Code Execution
Exploit Title: osCommerce 2.3.4.1 Remote Code Execution Date: 29.0.3.2018 Exploit Author: Simon Scannell - https://scannell-infosec.net Version: 2.3.4.1, 2.3.4 - Other versions have not been tested but are likely to be vulnerable Tested on: Linux, Windows If an Admin has not removed the /install/...
CVE-2018-5708
An issue was discovered on D-Link DIR-601 B1 2.02NA devices. Being on the same local network as, but being unauthenticated to, the administrator's panel, a user can obtain the admin username and cleartext password in the response specifically, the configuration file restoredefault, which is...
MiniCMS Cross-Site Request Forgery Vulnerability
MiniCMS is a mini content management system CMS designed for personal websites. A cross-site request forgery vulnerability exists in the mc-admin/conf.php file in MiniCMS version 1.10. A remote attacker can exploit this vulnerability to change the password of the administrator account...
CVE-2018-1231
Cloud Foundry BOSH CLI, versions prior to v3.0.1, contains an improper access control vulnerability. A user with access to an instance using the BOSH CLI can access the BOSH CLI configuration file and use its contents to perform authenticated requests to BOSH...
mysql: unrestricted mysqld_safe's ledir (CPU Jan 2017)
It was discovered that the mysqldsafe script honored the ledir option value set in a MySQL configuration file. A user able to modify one of the MySQL configuration files could use this flaw to escalate their privileges to root...
Configuration file write vulnerability in ZZCMS version 8.2
zzcms is a free website builder developed in asp language. There is a configuration file writing vulnerability in the index.php file of zzcms version 8.2, which can be exploited by an attacker to write some configuration information into the configuration file to gain server privileges...