Protection Against Port Scanners: Portspoof

The portspoof program is designed to enhance OS security through emulation of legitimate service signatures on otherwise closed ports. It is meant to be a lightweight, fast, portable and secure addition to the any firewall system or security infrastructure. The general goal of the program is to...

luci: short exposure of authentication secrets while generating configuration file

A flaw was found in the way luci generated its configuration file. The file was created as world readable for a short period of time, allowing a local user to gain access to the authentication secrets stored in the configuration file...

CVE-2013-1057

Untrusted search path vulnerability in maas-import-pxe-files in MAAS before 13.10 allows local users to execute arbitrary code via a Trojan horse importpxefiles configuration file in the current working directory...

ImpressPages CMS 3.6 Remote Code Execution

!/usr/bin/python ImpressPages CMS v3.6 manage Function Remote Code Execution Exploit Vendor: ImpressPages UAB Product web page: http://www.impresspages.org Affected version: 3.6, 3.5 and 3.1 Summary: ImpressPages CMS is an open source web content management system with revolutionary drag & drop...

ImpressPages CMS 3.6 - manage() Remote Code Execution

ImpressPages CMS 3.6 - manage Remote Code Execution !/usr/bin/python ImpressPages CMS v3.6 manage Function Remote Code Execution Exploit Vendor: ImpressPages UAB Product web page: http://www.impresspages.org Affected version: 3.6, 3.5 and 3.1 Summary: ImpressPages CMS is an open source web conten...

CVE-2013-4394

The SetX11Keyboard function in systemd, when PolicyKit Local Authority PKLA is used to change the group permissions on the X Keyboard Extension XKB layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors...

CVE-2013-4394

The SetX11Keyboard function in systemd, when PolicyKit Local Authority PKLA is used to change the group permissions on the X Keyboard Extension XKB layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors...

Design/Logic Flaw

The SetX11Keyboard function in systemd, when PolicyKit Local Authority PKLA is used to change the group permissions on the X Keyboard Extension XKB layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors...

CVE-2013-4394

CVE-2013-4394 concerns systemd’s SetX11Keyboard function. When PKLA is used to change group permissions on XKB layouts, local users in that group may modify the Xorg X11 Server configuration file and potentially gain privileges through vectors involving special and control characters. The vulnera...

CVE-2013-4394

The SetX11Keyboard function in systemd, when PolicyKit Local Authority PKLA is used to change the group permissions on the X Keyboard Extension XKB layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors...

TVT TD-2308SS-B DVR contains a directory traversal vulnerability

Overview TVT TD-2308SS-B DVR and possibly other models contain a directory traversal vulnerability CWE-22. Description CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' TVT TD-2308SS-B DVR and possibly other models running firmware version 3.2.0.P-3520A-00 conta...

Shopex V4. 8. 4|V4. 8. 5 download an arbitrary file vulnerability-vulnerability warning-the black bar safety net

The use of the premise is to program the application to the database server and if possible even outside, this is critical. Your engage in Station time to meet with the station, online can't find the version of the vulnerability, their own get back to the source to read a bit. Find a loophole, or...

Multiple Products DVR Configuration Disclosure (CVE-2013-1391)

A configuration disclosure vulnerability has been reported in the DVR web server of multiple vendors which allows authentication bypass. A remote attacker could get the unencrypted configuration file by requesting the "/DVR.cfg" without entering credentials. Successful exploitation of this...

CVE-2012-4090

The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089...

Design/Logic Flaw

The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089...

CVE-2012-4090

CVE-2012-4090 affects Cisco NX-OS Software on Nexus 7000 devices. The vulnerability arises from improper sanitization of configuration files that are viewable by users with the network-operator role via the management interface. As a result, remote authenticated users could obtain sensitive confi...

CVE-2012-4090

The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089...

PT-2013-90: Unauthorized Access in Emerson DeltaV

The specialists of the Positive Research center have detected an Unauthorized Access vulnerability in Emerson DeltaV. A Local attacker with user privileges can read configuration file to obtain sensitive information. User name and password for the DeltaVAdmin account are stored in plaintext. How ...

CVE-2013-3278

EMC VPLEX before VPLEX GeoSynchrony 5.2 SP1 uses cleartext for storage of the LDAP/AD bind password, which allows local users to obtain sensitive information by reading the management-server configuration file...

Design/Logic Flaw

EMC VPLEX before VPLEX GeoSynchrony 5.2 SP1 uses cleartext for storage of the LDAP/AD bind password, which allows local users to obtain sensitive information by reading the management-server configuration file...