2867 matches found
Fortinet FortiWeb has an unspecified vulnerability (CNVD-2023-18296)
Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. A security vulnerability exists that could b...
Fortinet FortiWeb 安全漏洞
Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. A security vulnerability exists that could b...
K42027747: BIG-IP SNMP vulnerability CVE-2018-15328
Security Advisory Description The passphrases for SNMPv3 users and trap destinations that are used for authentication and privacy are not handled by the BIG-IP system Secure Vault feature; they are written in the clear to the various configuration files. CVE-2018-15328 Note : The BIG-IP system...
K54336216: SCP vulnerability CVE-2019-6679
Security Advisory Description The system does not properly enforce the access controls for the scp.whitelist and scp.blacklist files when paths are symbolic links symlinks. This allows authenticated users with Secure Copy SCP protocol access to overwrite certain configuration files that would...
K97521840: logback vulnerability CVE-2021-42550
Security Advisory Description In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers. CVE-2021-42550 Impact There is no impact; F5 products...
PT-2023-1498 · Fortinet · Fortiweb
Name of the Vulnerable Software and Affected Versions: FortiWeb versions 6.3.6 through 6.3.21 FortiWeb versions 6.4.0 through 6.4.2 FortiWeb versions 7.0.0 through 7.0.4 Description: The issue is related to an unauthorized configuration download vulnerability. It may allow a local attacker to...
FortiWeb - Unauthorized Configuration Download Vulnerability
An unauthorized configuration download vulnerability CWE-285 in FortiWeb may allow a local attacker to access confidential configuration files via a crafted http request...
SUSE CVE-2005-0070
Synaesthesia 2.1 and earlier, and possibly other versions, when installed setuid root, does not drop privileges before processing configuration and mixer files, which allows local users to read arbitrary files...
SUSE CVE-2010-3912
The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not "disguise passwords" in configuration files, which has unknown impact and attack vectors...
SUSE CVE-2011-2709
libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPIMECHCONF environment variable, as demonstrated using mount.nfs...
SUSE CVE-2013-2178
The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block arbitrary IP addresses via certain messages in a request...
SUSE CVE-2014-4701
The checkdhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702...
SUSE CVE-2015-3156
The writeconfig function in trove/guestagent/datastore/experimental/mongodb/service.py, resetconfiguration function in trove/guestagent/datastore/experimental/postgresql/service/config.py, writeconfig function in trove/guestagent/datastore/experimental/redis/service.py, writemycnf function in...
SUSE CVE-2020-2250
Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system...
Docker authorization issue vulnerability
Docker is an open source application container engine from the U.S. company Docker. The product supports creating a container lightweight virtual machine and deploying and running applications on Linux systems, as well as automating the installation, deployment, and upgrade of applications via...
PT-2023-18481 · Snap One · Snap One Wattbox Wb-300-Ip-3
Name of the Vulnerable Software and Affected Versions: Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior Description: The issue concerns the storage of passwords in a plaintext file when the device configuration is exported via Save/Restore–Backup Settings. This could allow any user...
Path Traversal In Eclipse GlassFish
In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed...
GHSA-3G5W-6PW7-6HRP Path Traversal In Eclipse GlassFish
In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed...
CVE-2022-2712
In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed...
CVE-2022-2712
In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed...