2867 matches found
Security Bulletin: Informaton Disclosure Vulnerability Affects the Dashboard User Interface of IBM Stelring B2B Integrator (CVE-2021-29700)
Summary IBM Sterling B2B Integrator has addressed the security vulnerability. Vulnerability Details CVEID: CVE-2021-29700 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition could allow an authneticated attacker to obtain sensitive information from configuration files that could aid in...
CVE-2021-24040
Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0...
parlai 代码问题漏洞
parlai is used to train and evaluate AI models on various publicly available conversation datasets. A security vulnerability exists in versions prior to ParlAI v1.1.0 that stems from insecure YAML deserialization logic. An attacker could use this vulnerability to modify local YAML configuration...
ROS-2-480
2.480 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability Description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...
ROS-2-2239
2.2239 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability Description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...
ROS-2-2132
2.2132 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...
ROS-2-1957
2.1957 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability Description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...
ROS-2-1255
2.1255 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability Description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...
ROS-2-1307
2.1307 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability Description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...
ROS-2-2214
2.2214 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability Description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...
CVE-2021-39316
The Zoomsounds plugin = 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the dzsapdownload action using directory traversal in the link parameter...
Directory traversal
The Zoomsounds plugin = 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the dzsapdownload action using directory traversal in the link parameter...
Path traversal in mozwire
An issue was discovered in the mozwire crate through 2020-08-18 for Rust. A ../ directory-traversal situation allows overwriting local files that have .conf at the end of the filename...
CVE-2021-39273
In XeroSecurity Sn1per 9.0 free version, insecure permissions 0777 are set upon application execution, allowing an unprivileged user to modify the application, modules, and configuration files. This leads to arbitrary code execution with root privileges...
Possible Open Redirect in Host Authorization Middleware
There is a possible open redirect vulnerability in the Host Authorization middleware in Action Pack. This vulnerability has been assigned the CVE identifier CVE-2021-22942. Versions Affected: = 6.0.0. Not affected: 6.0.0 Fixed Versions: 6.1.4.1, 6.0.4.1 Impact ------ Specially crafted...
spring-cloud-config-server: sending a request using a specially crafted URL can lead to a directory traversal attack
A flaw was found in spring-cloud-config in versions prior to 2.1.9 and 2.2.3. Applications are allowed to serve arbitrary configuration files through the spring-cloud-config-server module allowing an attacker to send a request using a specially crafted URL to create a directory traversal attack...
PT-2021-21194 · Dell · Alienware Update +2
Name of the Vulnerable Software and Affected Versions: Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.3 Description: The issue is related to an improper verification of cryptographic signatures, allowing a local authenticated malicious user to exploit the vulnerabili...
The vulnerability of the “Blockhost-Net” information protection software allows a perpetrator to gain access to the protected information.
The vulnerability of the GIS.BlockPost.GUI application, a software tool for information protection, is related to the use of a symmetric encryption key defined in the program code. Exploiting this vulnerability could allow an attacker to decrypt files containing information about the program’s...
NCH Reflect CRM Information Disclosure Vulnerability
An information disclosure vulnerability exists in NCH Reflect CRM, a customer relationship management software. The vulnerability stems from a failure to add valid access to configuration files and a failure to validate user permissions, which could be exploited by a local attacker to discover...
CVE-2021-37468
NCH Reflect CRM 3.01 allows local users to discover cleartext user account information by reading the configuration files...