4648 matches found
CVE-2017-8139
HedEx Earlier than V200R006C00 versions have the stored cross-site scripting XSS vulnerability. Attackers can exploit the vulnerability to plant malicious scripts into the configuration file to interrupt the services of legitimate users...
CVE-2017-8139
CVE-2017-8139 affects Huawei HedEx/HedEx Lite prior to V200R006C00. The vulnerability is a stored cross-site scripting (XSS) flaw in the configuration file, enabling an attacker to embed malicious scripts and disrupt legitimate users’ services. Descriptions consistently indicate the issue resides...
Livebox File Upload Vulnerability
Livebox is a multifunctional ADSL modem. This product provides telephony, Internet access and TV playback. A file upload vulnerability exists in Livebox version 1.1. A remote attacker can exploit this vulnerability with specially crafted JavaScript code to upload or download arbitrary configurati...
DblTek - Multiple Vulnerabilities
DblTek - Multiple Vulnerabilities Vulnerabilities summary The following advisory describes 2 two vulnerabilities found in DblTek webserver. DBL is “specialized in VoIP products, especially GoIPs. We design, develop, manufacture, and sell our products directly and via distributors to customers. Ou...
DblTek - Multiple Vulnerabilities
Vulnerabilities summary The following advisory describes 2 two vulnerabilities found in DblTek webserver. DBL is “specialized in VoIP products, especially GoIPs. We design, develop, manufacture, and sell our products directly and via distributors to customers. Our GoIP models now cover 1, 4, 8, 1...
CVE-2017-1000125
Codiadfull version is vulnerable to write anything to configure file in the installation resulting upload a webshell...
Design/Logic Flaw
The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file...
CVE-2017-16780
The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file...
CVE-2017-16780
The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file...
CVE-2017-16780
The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file...
PYSEC-2017-78
An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An...
mybb -- multiple vulnerabilities
myBB Team reports: High risk: Installer RCE on configuration file write High risk: Language file headers RCE Medium risk: Installer XSS Medium risk: Mod CP Edit Profile XSS Low risk: Insufficient moderator permission check in delayed moderation tools Low risk: Announcements HTML filter bypass Low...
CloudBees Jenkins SSH Plugin Information Disclosure Vulnerability
CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and a number of timed tasks . SSH Plugin is one of t...
CVE-2017-1000245
The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file...
Design/Logic Flaw
The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file...
CVE-2017-1000245
The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file...
CometChat Local File Inclusion
Exploit Title: CometChat Vendor Homepage: https://cometchat.com/ Version: 6.2.0 BETA 1 Tested on: Ubuntu Linux 14.04 -------------------------------------------------------------------------------------- In versions of CometChat before version v6.2.0 BETA 1 a bug existed which allowed any...
Geneko Routers Information Disclosure
Vulnerability Summary The following advisory describes an information disclosure vulnerability found in Geneko Routers version 3.18.21 Geneko GWG is “compact and cost effective communications solution that provides cellular capabilities for fixed and mobile applications such as data acquisition,...
CometChat < 6.2.0 BETA 1 - Local File Inclusion Vulnerability
Exploit for php platform in category web applications Exploit Title: CometChat Vendor Homepage: https://cometchat.com/ Version: 6.2.0 BETA 1 Tested on: Ubuntu Linux 14.04 -------------------------------------------------------------------------------------- In versions of CometChat before version...
CometChat < 6.2.0 BETA 1 - Local File Inclusion
Exploit Title: CometChat Vendor Homepage: https://cometchat.com/ Version: 6.2.0 BETA 1 Tested on: Ubuntu Linux 14.04 -------------------------------------------------------------------------------------- In versions of CometChat before version v6.2.0 BETA 1 a bug existed which allowed any...