PT-2022-7097 · Pcvue · Pcvue

Name of the Vulnerable Software and Affected Versions: PcVue versions 8.10 through 15.2.3 Description: A cleartext storage of sensitive information issue exists, allowing an unauthorized user with access to the email and short messaging service SMS accounts configuration files to discover the...

CVE-2022-23497 Insecure file access in FreshRSS

FreshRSS is a free, self-hostable RSS aggregator. User configuration files can be accessed by a remote user. In addition to user preferences, such configurations contain hashed passwords brypt with cost 9, salted of FreshRSS Web interface. If the API is used, the configuration might contain a...

CVE-2022-23497 Insecure file access in FreshRSS

FreshRSS is a free, self-hostable RSS aggregator. User configuration files can be accessed by a remote user. In addition to user preferences, such configurations contain hashed passwords brypt with cost 9, salted of FreshRSS Web interface. If the API is used, the configuration might contain a...

Vulnerability fixed in Exim

A vulnerability has been fixed in Exim. A malicious person at remote user could potentially exploit the vulnerability to cause a Denial-of-Service DoS attack. The way regular expressions are processed in configuration files processed can lead to a crash under certain circumstances. To do so, the...

CVE-2022-45132

In Linaro Automated Validation Architecture LAVA before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger...

Remote code execution

In Linaro Automated Validation Architecture LAVA before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger...

CVE-2022-45132

In Linaro Automated Validation Architecture LAVA before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger...

Zenario CMS 跨站脚本漏洞

Zenario CMS is a Zenario open source application . Provides a Web-based content management system. A cross-site scripting vulnerability exists in Zenario CMS version 9.3.57186, which can be exploited by an attacker to conduct cross-site scripting XSS attacks via configuration files...

containers-common bug fix and enhancement update

An update is available for containers-common. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The containers-common package contains common configuration files a...

CVE-2022-3793

An improper authorization issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to read variables set directly in a GitLab CI/CD configuration file they don't have access to...

Phoenix Contact FL MGUARD DM 安全漏洞

Phoenix Contact FL MGUARD DM is centralized device management software for MGUARD devices from Phoenix Contact, Germany, for any number of devices in the field. A security vulnerability exists in Phoenix Contact FL MGUARD DM versions 1.12.0 and 1.13.0 that stems from the fact that login credentia...

Linux Gather ManageEngine Password Manager Pro Password Extractor

This module gathers the encrypted passwords stored by Password Manager Pro and decrypt them using key materials stored in multiple configuration files. Module Options msf use post/linux/gather/manageenginepasswordmanagercreds msf postmanageenginepasswordmanagercreds show actions ...actions... msf...

Design/Logic Flaw

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to trigger the WriteConfiguration method, which could allow an attacker to provide new values for user configuration files such as UserListInfo.xml. This could lead to the changing of administrativ...

Design/Logic Flaw

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to access the aprunning endpoint, which could allow an attacker to retrieve any file from the “RunningConfigs” directory. The attacker could then view and modify configuration files such as...

CVE-2022-41629

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to access the aprunning endpoint, which could allow an attacker to retrieve any file from the “RunningConfigs” directory. The attacker could then view and modify configuration files such as...

CVE-2022-42176

In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in configuration files leads to admin panel access...

CVE-2022-42176

In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in configuration files leads to admin panel access...

Hardcoded credentials

In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in configuration files leads to admin panel access...

PCTechSoft PCSecure 信任管理问题漏洞

PCTechSoft PCSecure is a personal computer security software from PCTechSoft. A security vulnerability exists in PCTechSoft PCSecure version V5.0.8.xw that stems from the use of hard-coded credentials in configuration files...

CVE-2021-20030

SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application's binaries and configuration files...