Path traversal

In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed...

UBUNTU-CVE-2022-2712

In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed...

PT-2023-12896 · Eclipse · Eclipse Glassfish

Name of the Vulnerable Software and Affected Versions: Eclipse GlassFish versions 5.1.0 through 6.2.5 Description: The issue is related to relative path traversal, where the software does not filter request paths starting with './'. This could allow a remote unauthenticated attacker to access...

CVE-2023-0321

Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 may allow an attacker to download configuration files, which may contain sensitive information about the internal network. From factory defaults, the mentioned datalogges have HTTP and PakBus enabled. The devices, with the defau...

Default configuration

Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 may allow an attacker to download configuration files, which may contain sensitive information about the internal network. From factory defaults, the mentioned datalogges have HTTP and PakBus enabled. The devices, with the defau...

Campbell Scientific dataloggers 信息泄露漏洞

Campbell Scientific dataloggers CR Series is a line of scientific data loggers from Campbell Scientific. A security vulnerability exists in the Campbell Scientific dataloggers that stems from the fact that they allow an attacker to download configuration files that may contain sensitive informati...

Econolite EOS traffic control software 访问控制错误漏洞

Econolite EOS traffic control software is Econolite's traffic control software that controls all Econolite traffic hardware. An access control error vulnerability exists in Econolite EOS traffic control software prior to version 3.2.23, which stems from improper access control and a lack of a...

CVE-2023-0321 Disclosure of Sensitive Information on Campbell Scientific Products

Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 may allow an attacker to download configuration files, which may contain sensitive information about the internal network. From factory defaults, the mentioned datalogges have HTTP and PakBus enabled. The devices, with the defau...

PT-2023-16175 · Campbell Scientific · Cr300 +4

Name of the Vulnerable Software and Affected Versions: Campbell Scientific dataloggers versions CR6, CR300, CR800, CR1000, CR3000 Description: The issue allows an attacker to download configuration files, potentially containing sensitive internal network information. By default, the devices have...

CVE-2023-0321

CVE-2023-0321 affects Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000. With factory defaults the devices have HTTP and PakBus enabled, and the PakBus port allows downloading, modifying, and uploading configuration files that may contain sensitive internal-network information....

CVE-2023-0321 Disclosure of Sensitive Information on Campbell Scientific Products

Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 may allow an attacker to download configuration files, which may contain sensitive information about the internal network. From factory defaults, the mentioned datalogges have HTTP and PakBus enabled. The devices, with the defau...

USN-5820-1: exuberant-ctags vulnerability

Lorenz Hipp discovered a flaw in exuberant-ctags handling of the tag filename command-line argument. A crafted tag filename specified in the command line or in the configuration file could result in arbitrary command execution...

UBUNTU-CVE-2023-24056

In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconftupleparse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes...

Velociraptor vulnerable to Missing Authorization

Rapid7 Velociraptor allows users to be created with different privileges on the server. Administrators are generally allowed to run any command on the server including writing arbitrary files. However, lower privilege users are generally forbidden from writing or modifying files on the server. Th...

CVE-2023-0242

Rapid7 Velociraptor allows users to be created with different privileges on the server. Administrators are generally allowed to run any command on the server including writing arbitrary files. However, lower privilege users are generally forbidden from writing or modifying files on the server. Th...

VulnCheck KEV: CVE-2018-5430

TIBCO JasperReports Server contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration files...

TIBCO JasperReports Server Information Disclosure Vulnerability

TIBCO JasperReports Server contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration files...

K48127735: Apache log4net Vulnerability CVE-2018-1285

Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files. CVE-2018-1285 Impact There is no impact; F5 products are not affected...

PT-2022-6508 · Aveva · Aveva Intouch Access Anywhere

Name of the Vulnerable Software and Affected Versions: AVEVA InTouch Access Anywhere versions 2020 R2 and older Description: The issue is related to errors in processing relative path to directory, which could allow an unauthenticated user with network access to read files on the system outside o...

Code injection

A cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15.2.3. This could allow an unauthorized user with access the email and short messaging service SMS accounts configuration files to discover the associated simple mail transfer protocol SMTP account...