CVE-2023-4553 Unauthenticated Access to AppBuilder Configuration Files

Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. AppBuilder configuration files are viewable by unauthenticated users. This issue affects AppBuilder: from 21.2 before 23.2...

CVE-2024-21619

A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to access sensitive system...

Cleartext Storage Of Sensitive Information

apache-airflow & apache-airflow-providers-cncf-kubernetes are vulnerable to Cleartext Storage Of Sensitive Information. The vulnerability is due to the storage of configuration files without encryption, and plaintext logging of configuration details, allowing an attacker to access the kubernetes...

VulnCheck KEV: CVE-2022-24716

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including icingaweb2 configuration files with database credentials. This issue has been...

CVE-2018-25095

The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server...

Code injection

The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server...

The vulnerability of the FortiADC application delivery controller, related to incorrect authentication procedures, allows a perpetrator to gain unauthorized access to configuration files.

The vulnerability of the FortiADC application delivery controller is related to an incorrect authentication process. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to configuration files by sending specially crafted HTTP/HTTPS requests...

CVE-2023-28870

Insecure File Permissions in Support Assistant in NCP Secure Enterprise Client before 12.22 allow attackers to write to configuration files from low-privileged user accounts...

CVE-2023-28870

Insecure File Permissions in Support Assistant in NCP Secure Enterprise Client before 12.22 allow attackers to write to configuration files from low-privileged user accounts...

Design/Logic Flaw

Insecure File Permissions in Support Assistant in NCP Secure Enterprise Client before 12.22 allow attackers to write to configuration files from low-privileged user accounts...

CVE-2023-28870

Insecure File Permissions in Support Assistant in NCP Secure Enterprise Client before 12.22 allow attackers to write to configuration files from low-privileged user accounts...

PT-2023-22020 · Ncp · Ncp Secure Enterprise Client

Name of the Vulnerable Software and Affected Versions: NCP Secure Enterprise Client versions prior to 12.22 Description: The issue is related to insecure file permissions in the Support Assistant component of the NCP Secure Enterprise Client. This allows attackers to write to configuration files...

SUSE-SU-2023:4649-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service bsc1216922. Bug fixes: - The default /etc/ssl/openssl3.cnf file will include any configuration files that other...

CVE-2023-44306

Dell DM5500 contains a path traversal vulnerability in the appliance. A remote attacker with high privileges could potentially exploit this vulnerability to overwrite configuration files stored on the server filesystem...

CVE-2023-44306

Dell DM5500 contains a path traversal vulnerability in the appliance. A remote attacker with high privileges could potentially exploit this vulnerability to overwrite configuration files stored on the server filesystem...

Path traversal

Dell DM5500 contains a path traversal vulnerability in the appliance. A remote attacker with high privileges could potentially exploit this vulnerability to overwrite configuration files stored on the server filesystem...

CVE-2023-44306

Dell DM5500 contains a path traversal vulnerability in the appliance. A remote attacker with high privileges could potentially exploit this vulnerability to overwrite configuration files stored on the server filesystem...

CVE-2023-44306

Dell DM5500 contains a path traversal vulnerability in the appliance. A remote attacker with high privileges could potentially exploit this vulnerability to overwrite configuration files stored on the server filesystem...

PT-2023-29202 · Dell · Dell Dm5500

Name of the Vulnerable Software and Affected Versions: Dell DM5500 affected versions not specified Description: The issue is a path traversal vulnerability in the PPOE Component of the appliance. A remote attacker with high privileges could potentially exploit this vulnerability to overwrite...

SUSE-SU-2023:4635-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service bsc1216922. Bug fixes: - The default /etc/ssl/openssl3.cnf file will include any configuration files that other...