CVE-2015-2748

Websense TRITON AP-WEB before 8.0.0 does not properly restrict access to files in explorerwse/, which allows remote attackers to obtain sensitive information via a direct request to a 1 Web Security incident report or the 2 Explorer configuration websense.ini file...

Scientific Linux Security Update : virt-who on SL7.x (noarch) (20150305)

It was discovered that the /etc/sysconfig/virt-who configuration file, which may contain hypervisor authentication credentials, was world- readable. A local user could use this flaw to obtain authentication credentials from this file. CVE-2014-0189 The virt-who package has been upgraded to upstre...

virt-who: plaintext hypervisor passwords in world-readable /etc/sysconfig/virt-who configuration file

It was discovered that the /etc/sysconfig/virt-who configuration file, which may contain hypervisor authentication credentials, was world-readable. A local user could use this flaw to obtain authentication credentials from this file...

stunnel – an SSL encryption wrapper

The stunnel program is designed to work as an SSL encryption wrapper between remote client and local inetd-startable or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs’ code. Stunnel uses t...

Design/Logic Flaw

VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allow host OS users to gain host OS privileges or cause a denial of service arbitrary write to a file by modifying a configuration file...

JVN#88252465: Arbitrary files may be overwritten in multiple VMware products

Multiple products provided by VMware Inc. contain a vulnerability where arbitrary files on the host OS may be overwritten. Impact A user that can modify the configuration file for the virtual machine may overwrite arbitrary files on the host OS. As a result, privileges may be escalated in the hos...

Hard-Coded FTP Credentials Found in Schneider Electric SCADA Gateway

The parade of easily exploitable, critical vulnerabilities in ICS software shows no signs of ending anytime soon, with the latest entrant being two flaws in Schneider Electric’s ETG3000 FactoryCast HMI Gateway that allow unauthenticated remote access to the device’s FTP server and configuration...

WordPress Bretheon Theme Arbitrary File Download

Exploit Title: Wordpress Theme Bretheon Arbitrary File Download Vulnerability Date: 17/01/2014 Exploit Author: MindCracker - Team MaDLeeTs Contact : [email protected] - [email protected]| https://twitter.com/MindCrackerKhan Tested on: Linux / Window Google Dork: inurl:wp-content/themes/bretheon/ Po...

CVE-2014-9510

Cross-site request forgery CSRF vulnerability in the administration console in TP-Link TL-WR840N V1 router with firmware before 3.13.27 build 141120 allows remote attackers to hijack the authentication of administrators for requests that change router settings via a configuration file import...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the administration console in TP-Link TL-WR840N V1 router with firmware before 3.13.27 build 141120 allows remote attackers to hijack the authentication of administrators for requests that change router settings via a configuration file import...

CVE-2014-9510

Cross-site request forgery CSRF vulnerability in the administration console in TP-Link TL-WR840N V1 router with firmware before 3.13.27 build 141120 allows remote attackers to hijack the authentication of administrators for requests that change router settings via a configuration file import...

Hospira MedNet Vulnerabilitie

OVERVIEW Independent researcher Billy Rios has identified four vulnerabilities in Hospira’s MedNet server software. Hospira has released a new version of the MedNet software and provided mitigation recommendations that mitigate the reported vulnerabilities. Three of the four vulnerabilities could...

MGASA-2014-0546 Updated git packages fix security vulnerability

It was reported that git, when used as a client on a case-insensitive filesystem, could allow the overwrite of the .git/config file when the client performed a "git pull". Because git permitted committing .Git/config or any case variation, on the pull this would replace the user's .git/config. If...

Design/Logic Flaw

lib/parseini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701...

CVE-2014-4703

lib/parseini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701...

CVE-2014-4703

lib/parseini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701...

ECStore开源网店系统任意文件修改漏洞可拿shell

简要描述： 模板编辑中的文件编辑功能，对可编辑的文件限制不严，导致可以修改系统中存在的任意文件 详细说明： 文件编辑功能中选择要修改的文件，这里选图片（模板文件也可以），然后上传图片时将filename参数设置为网站的任意php文件，如/index.php或/config/config.php，将图片内容设置为shell内容。。。。 post数据如下： POST /index.php/shopadmin/index.php?app=site&ctl=adminexplorertheme&act=saveimage HTTP/1.1 Host: shop.xxx.com...

sniffit buffer overflow

Buffer overflow in configuration file...

Schneider Electric OFS Buffer Overflow Vulnerability

OVERVIEW Schneider Electric has reported to NCCIC/ICS-CERT a Stack Buffer Overflow vulnerability supplied with the Schneider Electric OPC Factory Server OSF. Independent researcher known as 0x7A240E67 submitted the vulnerability to ZDI, who provided coordination with the vendor and ICS-CERT...

Sniffit Root Shell

CVE-2014-5439 - Root shell on Sniffit Authors: Ismael Ripoll & Hector Marco CVE: CVE-2014-5439 Dates: July 2014 - Discovered the vulnerability Description Sniffit is a packet sniffer and monitoring tool. A bug in sniffit prior to 0.3.7 has been found. The bug is caused by an incorrect...