FatPipe 安全漏洞

FatPipe is a WAN redundancy technology from FatPipe USA that provides companies with automated and dynamic failover due to a WAN component or service failure that results in a data line connection outage.A security vulnerability exists in FatPipe WARP, IPVPN and MPVPN that stems from a lack of...

actionpack Open Redirect in Host Authorization Middleware

Specially crafted "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. For example, configuration files...

CVE-2021-39312

The True Ranker plugin = 2.2.2 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be accessed via the src parameter found in the /admin/vendor/datatables/examples/resources/examples.php file...

OpenSearch Web browser has an unspecified vulnerability

OpenSearch Web browser is a Web browser. openSearch Web browser 1.0.0 has a security vulnerability that stems from the application's weak permissions on configuration files. No detailed vulnerability details are currently available...

OpenSearch Web browser 安全漏洞

OpenSearch Web browser is a Web browser. openSearch Web browser 1.0.0 has a security vulnerability that stems from the application's weak permissions on configuration files. No detailed vulnerability details are currently available...

The vulnerability of the RoundCube Webmail email client, related to the use of files and directories accessible from external parties, allows a hacker to gain unauthorized access to arbitrary files in the host’s file system.

The vulnerability of the RoundCube Webmail email client stems from the use of files and directories accessible from external parties. Exploiting this vulnerability could allow an attacker to gain unauthorized access to arbitrary files in the host’s file system, including configuration files...

PT-2021-23951 · Sockeye · Sockeye

Name of the Vulnerable Software and Affected Versions: Sockeye versions prior to 2.3.24 Description: Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. It uses YAML to store model and data configurations on disk. The issue arises from unsafe...

CVE-2021-34543

The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require authentication, which allows remote attackers to gain administrative privileges by connecting to the server. As a result, the attacker can modify configuration files and change the system status. Fixed with...

Docker code injection vulnerability

Docker is an open source application container engine from the U.S. company Docker. The product supports creating a container lightweight virtual machine and deploying and running applications on Linux systems, as well as automating the installation, deployment, and upgrade of applications throug...

UDP-Hunter - Network Assessment Tool For Various UDP Services Covering Both IPv4 And IPv6 Protocols

UDP Scanning has always been a slow and painful exercise, and if you add IPv6 on top of UDP, the tool choices get pretty limited. UDP Hunter is a python based open source network assessment tool focused on UDP Service Scanning. With UDP Hunter, we have focused on providing auditing of widely know...

Information disclosure

Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control. The installation directory is vulnerable to weak file permissions by allowing full control for Windows Everyone user group non-admin or any guest users, thereby allowing privilege...

CVE-2021-42954

CVE-2021-42954 affects ZOHO ManageEngine Remote Access Plus Server Windows Desktop Binary prior to version 10.1.2121.1. The root cause is incorrect access control due to weak file permissions in the installation directory, allowing full control to the Everyone group. This enables privilege escala...

CVE-2021-42954

Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control. The installation directory is vulnerable to weak file permissions by allowing full control for Windows Everyone user group non-admin or any guest users, thereby allowing privilege...

Directory traversal

A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 allows remote unauthenticated attackers to delete arbitrary files on the ResourceSpace server via the provider and variant parameters in pages/ajax/tiles.php. Attackers can delete configuration or source code files, causing the...

Siemens SIMATIC RTLS Locating Manager Denial of Service Vulnerability

SIMATIC RTLS Locating Manager is used to configure, operate and maintain the SIMATIC RTLS unit, a real-time wireless positioning system that provides locating solutions. A denial of service vulnerability exists in Siemens SIMATIC RTLS Locating Manager, which arises from the application's inabilit...

Siemens Sentron Powermanager Local Code Execution Vulnerability

Siemens Sentron Powermanager is a power management software from Siemens, a German company. A local code execution vulnerability exists in Siemens Sentron Powermanager, which stems from an affected application assigning incorrect access rights to a specific folder containing configuration files. ...

CVE-2021-37207

A vulnerability has been identified in SENTRON powermanager V3 All versions. The affected application assigns improper access rights to a specific folder containing configuration files. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges...

Improper access control

A vulnerability has been identified in SENTRON powermanager V3 All versions. The affected application assigns improper access rights to a specific folder containing configuration files. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges...

Design/Logic Flaw

A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V2.12. The affected application does not properly handle the import of large configuration files. A local attacker could import a specially crafted file which could lead to a denial-of-service condition of the...

Design/Logic Flaw

A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V2.12. The affected application writes sensitive data, such as database credentials in configuration files. A local attacker with access to the configuration files could use this information to launch further attack...