2867 matches found
CVE-2021-31540
CVE-2021-31540 affects Wowza Streaming Engine up to version 4.8.5 in a default installation. The root cause is incorrect file permissions in the conf/ directory, allowing a regular local user to read and write all configuration files and potentially modify the application server configuration. Do...
CVE-2021-31540
Wowza Streaming Engine through 4.8.5 in a default installation has incorrect file permissions of configuration files in the conf/ directory. A regular local user is able to read and write to all the configuration files, e.g., modify the application server configuration...
CVE-2021-21642
A flaw was found in the config-file-provider Jenkins plugin. The plugin XML parser wasn't configure to prevent XML external entity XXE attacks. An attacker with the ability to define Maven configuration files can use this vulnerability to prepare a crafted configuration file that uses external...
CVE-2021-21644
A cross-site request forgery CSRF vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID...
CVE-2021-21644
A cross-site request forgery CSRF vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID...
CVE-2021-21644
Summary: CVE-2021-21644 affects Jenkins Config File Provider Plugin 3.7.0 and earlier. The vulnerability arises from an HTTP endpoint that does not require POST requests, enabling a CSRF attack to delete configuration files by attacker-specified IDs. The issue is addressed by upgrading to 3.7.1, ...
CVE-2021-21644
A cross-site request forgery CSRF vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID...
CVE-2021-21644
A cross-site request forgery CSRF vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID...
NetworkManager 输入验证错误漏洞
NetworkManager is a network management daemon. A security vulnerability exists in networkmanager, which can be exploited by an attacker to trigger a denial of service via a fatal error in certain configuration files...
Unspecified Vulnerability in Liberty lisPBX
Common Lisp Lispbox is Common Lisp open source an IDE. A security vulnerability exists in Liberty lisPBX version 2.0-4, which can be exploited by an attacker to remotely retrieve configuration backup files from /backup/lispbx-CONF-YYYYY-MM-DD.tar or /backup/lispbx-CDR-YYYY-MM-DD.tar without...
CVE-2019-15059
In Liberty lisPBX 2.0-4, configuration backup files can be retrieved remotely from /backup/lispbx-CONF-YYYY-MM-DD.tar or /backup/lispbx-CDR-YYYY-MM-DD.tar without authentication or authorization. These configuration files have all PBX information including extension numbers, contacts, and passwor...
MGASA-2021-0182 Updated spamassassin packages fix security vulnerability
In Apache SpamAssassin before 3.4.5, malicious rule configuration .cf files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3...
sos bug fix and enhancement update
The sos package contains a set of utilities that gather information from system hardware, logs, and configuration files. The information can then be used for diagnostic purposes and debugging. Bug Fixes and Enhancements: network glitch while running ethtool -e command in sosreport BZ1928627...
USN-4899-1 spamassassin vulnerability
Damian Lukowski discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially- crafted CF file, a remote attacker could possibly run arbitrary code...
Debian DSA-4879-1 : spamassassin - security update
Damian Lukowski discovered a flaw in spamassassin, a Perl-based spam filter using text analysis. Malicious rule configuration files, possibly downloaded from an updates server, could execute arbitrary commands under multiple scenarios. C Tenable Network Security, Inc. The descriptive text and...
FreeBSD : spamassassin -- Malicious rule configuration (.cf) files can be configured to run system commands (ec04f3d0-8cd9-11eb-bb9f-206a8a720317)
The Apache SpamAssassin project reports : Apache SpamAssassin 3.4.5 was recently released 1, and fixes an issue of security note where malicious rule configuration .cf files can be configured to run system commands. In Apache SpamAssassin before 3.4.5, exploits can be injected in a number of...
Mail.ru: Development configurations file with a sensitive data exposure could be leads to take down the social media accounts and the DB
Configuration files were accessible at tanks.mail.ru leaking configuration information, including database accounts...
Ovarro TWinSoft 安全漏洞
Ovarro TWinSoft is an application platform from Ovarro Germany. One that can be used anywhere, anytime to access network functions using its mobile devices and PCs. Ovarro TWinSoft suffers from a security vulnerability that stems from TBox's proprietary Modbus file access feature that allows an...
CVE-2020-27282
In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an XML validation vulnerability in the ventilator allows privileged attackers with physical access to render the device persistently unusable by uploading specially crafted configuration files...
CVE-2020-27290
In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an information disclosure vulnerability in the ventilator allows attackers with physical access to the configuration interface's logs to get valid checksums for tampered configuration files...