2867 matches found
CVE-2021-37468
NCH Reflect CRM 3.01 allows local users to discover cleartext user account information by reading the configuration files...
CVE-2021-37452
NCH Quorum v2.03 and earlier allows local users to discover cleartext login information relating to users by reading the local .dat configuration files...
Design/Logic Flaw
NCH Reflect CRM 3.01 allows local users to discover cleartext user account information by reading the configuration files...
Code injection
NCH Quorum v2.03 and earlier allows local users to discover cleartext login information relating to users by reading the local .dat configuration files...
CVE-2021-37468
CVE-2021-37468 affects NCH Reflect CRM 3.01. The vulnerability enables local users to disclose plaintext user account information by reading configuration files, due to inadequate access control and insecure storage of credentials in configuration data. Impact is information disclosure with local...
CVE-2021-37468
NCH Reflect CRM 3.01 allows local users to discover cleartext user account information by reading the configuration files...
NCH Reflect CRM 信息泄露漏洞
An information disclosure vulnerability exists in NCH Reflect CRM, a customer relationship management software. The vulnerability stems from a failure to add valid access to configuration files and a failure to validate user permissions, which could be exploited by a local attacker to discover...
[SECURITY] Fedora 33 Update: containers-common-1-20.fc33
This package contains common configuration files and documentation for contai ner tools ecosystem, such as Podman, Buildah and Skopeo. It is required because the most of configuration files and docs come from pro jects which are vendored into Podman, Buildah, Skopeo, etc. but they are not packag ...
CVE-2021-33214
In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation...
Information disclosure
In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation...
CVE-2021-33214
CVE-2021-33214 affects HMS Networks eCatcher prior to or up to version 6.6.4. The vulnerability arises from weak filesystem permissions that could allow malicious users to access files, potentially leading to sensitive information disclosure, modification of configuration files, or disruption of ...
Malware hits Hive OS cryptomining users; steals funds from wallets
By Sudais Asif The nasty malware specifically targets “wallet configuration” files within Hive OS to steal the victim’s cryptocurrencies. This is a post from HackRead.com Read the original post: Malware hits Hive OS cryptomining users; steals funds from wallets...
CVE-2021-1359 Cisco Web Security Appliance Privilege Escalation Vulnerability
A vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied XML input for the...
CVE-2021-24005
Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key...
CVE-2021-24005
Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key...
CVE-2021-24005
Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key...
CVE-2021-24005
Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key...
jenkins-2-plugins/config-file-provider: does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.
A cross-site request forgery CSRF vulnerability was found in the config-file-provider Jenkins plugin. The plugin does not require POST requests for an HTTP endpoint which allows attackers to delete configuration files corresponding to an attacker-specified ID...
jenkins-2-plugins/config-file-provider: does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.
A cross-site request forgery CSRF vulnerability was found in the config-file-provider Jenkins plugin. The plugin does not require POST requests for an HTTP endpoint which allows attackers to delete configuration files corresponding to an attacker-specified ID...
cmake bug fix and enhancement update
CMake is an open source, cross-platform build system that is used to control the software compilation process using simple platform- and compiler-independent configuration files. CMake generates native makefiles and workspaces that can be used in the compiler environment of your choice. Bug Fixes...