Planka 路径遍历漏洞

Planka is Planka open source a Trello-like Kanban built using React and Redux. Planka v1.5.2 before the version of the path traversal vulnerability , the vulnerability stems from if the user of the web server is root , an attacker will be able to read any file in the system . Using this...

The vulnerability of the microprogramming software in General Electric’s renewable energy iNET and iNET II industrial software-hardware equipment, related to the storage of passwords in an unencrypted form, allows a hacker to view the contents of the configuration file and gain access to the passwords.

The vulnerability of the microprogramming software in General Electric’s renewable energy iNET and iNET II industrial software-hardware equipment lies in the storage of passwords in an unencrypted form. Exploiting this vulnerability could allow a hacker to view the contents of configuration files...

VMware Spring Cloud Config 2.1 < 2.1.9 / 2.2 < 2.2.3 Directory Traversal

The version of Spring Cloud Config running on the remote host is affected by a directory traversal vulnerability. Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the...

CVE-2022-2553

A flaw was found in booth in the way it handles the authfile directive in configuration files, which causes authentication to be skipped between nodes. As a result, an attacker-controlled node that does not have the correct authentication key does not prevent communication with other nodes in the...

Internet Bug Bounty: Off-by-slash vulnerability in nodejs.org and iojs.org

Original Report: https://hackerone.com/reports/1631350 The reason for submitting this report is written in the comment of the original report. ---- Summary: Configuration files for Nginx in nodejs/build repository have multiple off-by-slash misconfigurations. Because nodejs.org and iojs.org are...

DataEase 代码问题漏洞

DataEase is an open source data visualization and analysis tool. Used to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . DataEase v1.11.1 There is a code issue vulnerability , the vulnerability stems from the existence of...

CVE-2022-34045

Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key for its configuration files at /etcro/lighttpd/www/cgi-bin/ExportAllSettings.sh...

CVE-2022-34045

Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key for its configuration files at /etcro/lighttpd/www/cgi-bin/ExportAllSettings.sh...

CVE-2022-34045

Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key for its configuration files at /etcro/lighttpd/www/cgi-bin/ExportAllSettings.sh...

Hardcoded credentials

Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key for its configuration files at /etcro/lighttpd/www/cgi-bin/ExportAllSettings.sh...

CVE-2022-34045

Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key for its configuration files at /etcro/lighttpd/www/cgi-bin/ExportAllSettings.sh...

Fedora: Security Advisory for golang-github-instrumenta-kubeval (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2021-40150

The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. In this way an attacker can download the entire NGINX/FastCGI configurations by querying the /conf/nginx.conf or /conf/fastcgi.conf URI...

Temporary Directory Hijacking to Local Privilege Escalation Vulnerability in org.springframework.boot:spring-boot

spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. The vulnerable method is used to create a work directory for embedd...

GHSA-7R65-PJGV-H2H9 Jenkins OpsGenie Plugin vulnerable to Cleartext Transmission of Sensitive Information

Jenkins OpsGenie Plugin 1.9 and earlier stores API keys unencrypted in its global configuration file com.opsgenie.integration.jenkins.OpsGenieNotifier.xml and in job config.xml files on the Jenkins controller as part of its configuration. Additionally, they are transmitted in plain text as part o...

Jenkins OpsGenie Plugin vulnerable to Cleartext Transmission of Sensitive Information

Jenkins OpsGenie Plugin 1.9 and earlier stores API keys unencrypted in its global configuration file com.opsgenie.integration.jenkins.OpsGenieNotifier.xml and in job config.xml files on the Jenkins controller as part of its configuration. Additionally, they are transmitted in plain text as part o...

GHSA-V3R8-6VFJ-PPPF Plaintext Storage of a Password in Jenkins Build Notifications Plugin

Build Notifications Plugin 1.5.0 and earlier stores multiple tokens unencrypted in its global configuration files on the Jenkins controller as part of its configuration:- Pushover Application Token in tools.devnull.jenkins.plugins.buildnotifications.PushoverNotifier.xml\n- Slack Bot Token in...

Plaintext Storage of a Password in Jenkins Build Notifications Plugin

Build Notifications Plugin 1.5.0 and earlier stores multiple tokens unencrypted in its global configuration files on the Jenkins controller as part of its configuration:- Pushover Application Token in tools.devnull.jenkins.plugins.buildnotifications.PushoverNotifier.xml\n- Slack Bot Token in...

Design/Logic Flaw

Jenkins Build Notifications Plugin 1.5.0 and earlier stores tokens unencrypted in its global configuration files on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

CVE-2022-34800

Jenkins Build Notifications Plugin 1.5.0 and earlier stores tokens unencrypted in its global configuration files on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...