Cougar-LG Insecure Configuration File Path Vulnerability

Cougar-LG is a set of web applications written in Perl for connecting to a router or console. A security vulnerability exists in Cougar-LG. A remote attacker could exploit this vulnerability to obtain credentials...

Scientific Linux Security Update : 389-ds-base on SL7.x x86_64 (20170905)

Security Fixes : - A flaw was found in the way 389-ds-base handled authentication attempts against locked accounts. A remote attacker could potentially use this flaw to continue password brute-forcing attacks against LDAP accounts, thereby bypassing the protection offered by the directory server'...

Directory Traversal Vulnerability in Hiroshima Carsharing App Android Version

Hiroshima Car Sharing App is a car rental software. There is a directory traversal vulnerability in the Android version of Hongyang Shared Car APP, which can be exploited by an attacker to directly view and download sensitive information such as ID card, driver's license, db file, code...

The Intel processor is now a security vulnerability: it can be used by hackers as a backdoor-a vulnerability warning-the black bar safety net

Recently, in Moscow security research Positive Technologies report notes that the Intel Management Engine 11 There is the death of button, can be used by hackers to steal. Management Engine Management Engine is Intel a Firmware Interface for processors and peripheral chip for communication, therm...

CVE-2015-3156

The writeconfig function in trove/guestagent/datastore/experimental/mongodb/service.py, resetconfiguration function in trove/guestagent/datastore/experimental/postgresql/service/config.py, writeconfig function in trove/guestagent/datastore/experimental/redis/service.py, writemycnf function in...

EncFS Information Disclosure Vulnerability

EncFS is an open source free file encryption system running in Linux. The system runs in the user space of Linux and is able to encrypt all files written to the system. A security vulnerability exists in the '.encfs6.xml' configuration file in versions of EncFS prior to 1.7.5. A remote attacker...

pydictor - A Powerful and Useful Hacker Dictionary Builder for a Brute-Force Attack

pydictor is a powerful and useful hacker dictionary builder for a brute-force attack. Why I need to use pydictor ? 1. it always can help you You can use pydictor to generate a general blast wordlist, a custom wordlist based on Web content, a social engineering wordlist, and so on. You can use the...

CVE-2014-3462

The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes"...

CVE-2014-3462

The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes"...

CVE-2014-3462

The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes"...

CVE-2014-3462

The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes"...

CVE-2017-12439

SocuSoft Flash Slideshow Maker Professional through v5.20, when the advanced configuration is used, has an xmlpath HTTP parameter that trusts user-supplied input, in conjunction with an unsafe XML configuration file. This has resultant content forgery, cross site scripting, and unvalidated...

CVE-2015-7703

The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration...

CVE-2015-3639

phpMyBackupPro 2.5 and earlier does not properly sanitize input strings, which allows remote authenticated users to execute arbitrary PHP code by storing a crafted string in a user configuration file...

CVE-2015-3639

phpMyBackupPro 2.5 and earlier does not properly sanitize input strings, which allows remote authenticated users to execute arbitrary PHP code by storing a crafted string in a user configuration file...

Path Information Disclosure

phpMyAdmin is vulnerable to path information disclosure. When a configuration file is missing, showconfigerrors.php does not prevent disclosing the installation path through an error message about the missing file upon the direct request of the attackers...

Directory traversal

Geneko GWR routers allow directory traversal sequences starting with a /../ substring, as demonstrated by unauthenticated read access to the configuration file...

CVE-2017-11456

Geneko GWR routers allow directory traversal sequences starting with a /../ substring, as demonstrated by unauthenticated read access to the configuration file...

CVE-2017-11456

Geneko GWR routers allow directory traversal sequences starting with a /../ substring, as demonstrated by unauthenticated read access to the configuration file...

Denial of Service Vulnerability in JeeCMS v8.1 Data Restore Function

JEECMS is Jiangxi Jinlei Technology Development Co., Ltd. developed a support for WeChat small program , WeChat public number / service number , column model , content model cross-customization , as well as with payment and financial settlement of the content of the e-commerce as one of the conte...