Design/Logic Flaw

EMC RSA Web Threat Detection before 5.1 SP1 stores a cleartext AnnoDB password in a configuration file, which allows remote authenticated users to obtain sensitive information by reading this file...

CVE-2015-4547

EMC RSA Web Threat Detection before 5.1 SP1 stores a cleartext AnnoDB password in a configuration file, which allows remote authenticated users to obtain sensitive information by reading this file...

CVE-2015-4548

EMC RSA Web Threat Detection before 5.1 SP1 allows local users to obtain root privileges by leveraging access to a service account and writing commands to a service configuration file...

Privilege escalation

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks...

CVE-2015-5234

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks...

RSA Web Threat Detection Elevation of Privilege Vulnerability

RSA Web Threat Detection is a big data and security analytics solution. A security vulnerability exists in RSA Web Threat Detection that could be exploited by a local attacker to inject special commands into a configuration file to execute arbitrary system commands with ROOT privileges...

WordPress mTheme-Unus Local File Inclusion

Exploit Title: Wordpress themes mTheme-Unus LFI Vulnerability Date: 2015-09-27 Exploit Author: FullSecurity.org Google Dork: ilnurl:/wp-content/themes/mTheme-Unus/ Vendor Homepage: https://wordpress.org/ Tested on : Kali Linux Description : Wordpress Themes mTheme-Unus not filtering data so we ca...

Cisco TelePresence Video Communication Server Expressway 信息泄露漏洞

Cisco TelePresence Video Communication Server（VCS）Expressway是美国思科（Cisco）公司的一款网真视频通信服务器，它能够与统一通信和语音通信环境集成，从而为使用各种通信工具的最终用户提供最佳体验。Cisco TelePresence VCS Expressway X8.5.2版本中存在安全漏洞。远程攻击者可借助Mobile and Remote AccessMRA角色并创建TFTP会话，利用该漏洞绕过既定的访问限制，读取配置文件。...

Aruba Mobility Controller 6.4.2.8 - CSRF And XSS Vulnerabilities

Exploit for hardware platform in category web applications Title: Aruba Mobility Controller CSRF And XSS Vulnerabilities Date: 08/016/2015 Author: Itzik Chen itzik1 at gmail.com Product web page: http://www.arubanetworks.com Affected Version: 6.4.2.8 Tested on: Aruba7240, Ver 6.2.4.8 Summary...

Aruba Mobility Controller 6.4.2.8 - Multiple Vulnerabilities

Title: Aruba Mobility Controller CSRF And XSS Vulnerabilities Date: 08/016/2015 Author: Itzik Chen Product web page: http://www.arubanetworks.com Affected Version: 6.4.2.8 Tested on: Aruba7240, Ver 6.2.4.8 Summary ================ Aruba Networks is an HP company, one of the leaders in enterprise...

Joomla Docman Path Disclosure / Local File Inclusion Vulnerabilities

Joomla Docman suffers from full path disclosure and local file inclusion vulnerabilities. Joomla docman Component 'comdocman' Full Path DisclosureFPD & Local File Disclosure/IncludeLFD/LFI CWE: CWE-200FPD CWE-98LFI/LFD Risk: High Author: Hugo Santiago dos Santos Contact: email protected Date:...

USN-2629-1 cups vulnerabilities

It was discovered that CUPS incorrectly handled reference counting when handling localized strings. A remote attacker could use this issue to escalate permissions, upload a replacement CUPS configuration file, and execute arbitrary code. CVE-2015-1158 It was discovered that the CUPS templating...

CVE-2015-1158

The addjob function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted 1 IPPCREATEJOB or 2 IPPPRINTJOB...

CVE-2015-3201

Thermostat before 2.0.0 uses world-readable permissions for the web.xml configuration file, which allows local users to obtain user credentials by reading the file...

CVE-2015-3201

Thermostat web application stores database credentials in a world-readable configuration file (web.xml), enabling a local user to read credentials and potentially access/modify monitored JVM data or control connected JVMs. Red Hat RHSA-2015:1052 and Fedora advisories/ Nessus entries document the ...

PT-2015-6092 · Unknown · Thermostat

Name of the Vulnerable Software and Affected Versions: Thermostat versions prior to 2.0.0 Description: The issue allows local users to obtain user credentials by reading the web.xml configuration file due to world-readable permissions. Recommendations: For versions prior to 2.0.0, update to versi...

Fedora 20 : ca-certificates-2015.2.4-1.0.fc20 (2015-7714)

This is an update to the set of CA certificates released with NSS version 3.18.1 However, the package modifies the CA list to keep several legacy CAs still trusted for compatibility reasons. Please refer to the project URL for details. If you prefer to use the unchanged list provided by Mozilla,...

CVE-2015-3902

Multiple cross-site request forgery CSRF vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configurati...

DEBIAN-CVE-2015-3902

Multiple cross-site request forgery CSRF vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configurati...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configurati...