CVE-2020-29550

An issue was discovered in URVE Build 24.03.2020. The password of an integration user account used for the connection of the MS Office 365 Integration Service is stored in cleartext in configuration files as well as in the database. The following files contain the password in cleartext:...

Design/Logic Flaw

An issue was discovered in URVE Build 24.03.2020. The password of an integration user account used for the connection of the MS Office 365 Integration Service is stored in cleartext in configuration files as well as in the database. The following files contain the password in cleartext:...

CVE-2020-29550

The CVE-2020-29550 issue affects URVE Build 24.03.2020, where the password for an integration user (Office 365 integration) is stored in cleartext in multiple files and in the database, enabling exposure. Affected files include Profiles/urve/files/sql_db.backup, Server/data/pg_wal/000000010000000...

CVE-2020-29550

An issue was discovered in URVE Build 24.03.2020. The password of an integration user account used for the connection of the MS Office 365 Integration Service is stored in cleartext in configuration files as well as in the database. The following files contain the password in cleartext:...

Urve Information Disclosure Vulnerability

Urve is a device for booking meeting rooms/rooms from Urve UK. The device supports integration with MS Exchange, Lotus, Office 365, Google Calendar and other systems to support meeting room and guest room reservations. A security vulnerability exists in URVE Build 24.03.2020, which arises when th...

PT-2020-17186 · Microsoft · Ms Office 365

Name of the Vulnerable Software and Affected Versions: URVE Build 24.03.2020 Description: An issue was discovered where the password of an integration user account, used for the connection of the MS Office 365 Integration Service, is stored in cleartext in configuration files as well as in the...

Number withdrawn

Docker is an open source application container engine from the American company Docker. It supports the creation of a container lightweight virtual machine and the deployment and running of applications on Linux systems, as well as the automated installation, deployment and upgrading of...

The vulnerability of the components term.arh and core.arh of the EKRA 200 microprocessor series allows a hacker to access confidential information and create new configuration files.

The vulnerability of the term.arh and core.arh components of the EKRA microprogramming system lies in the presence of pre-installed registration data. Exploiting this vulnerability can allow attackers to access confidential information and create new configuration files...

Ubuntu 16.04 LTS : SniffIt vulnerability (USN-4652-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4652-1 advisory. It was discovered that SniffIt incorrectly handled certain configuration files. An attacker could possibly use this issue to execute arbitrary code. Tenable has...

USN-4652-1: SniffIt vulnerability

It was discovered that SniffIt incorrectly handled certain configuration files. An attacker could possibly use this issue to execute arbitrary code...

USN-4652-1 sniffit vulnerability

It was discovered that SniffIt incorrectly handled certain configuration files. An attacker could possibly use this issue to execute arbitrary code...

Mail.ru: Exposed Git Repo at https://mini-app.delivery-club.ru

Leaking sensitive application data in configuration files at mini-app.delivery-club.ru...

Ubuntu: Security Advisory (USN-4171-6)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4171-6 apport regression

USN-4171-1 fixed vulnerabilities in Apport. The update caused a regression when handling configuration files. This update fixes the problem, and also introduces further hardening measures. Original advisory details: Kevin Backhouse discovered Apport would read its user-controlled settings file as...

Exodus: Exposed Configuration Files at https://www.exodus.io/keybase.txt

Summary: Username, uid information is present in txt file. Steps To Reproduce: 1. Open This link https://www.exodus.io/keybase.txt 2. Search for username, uid 3. You will get some usernames with uid. Impact This information may help attacker in further attacks...

CVE-2020-27688

RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt method from VISKD.cs from the RVTools.exe executable allows for decrypting the encrypted passwords. The...

Design/Logic Flaw

RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt method from VISKD.cs from the RVTools.exe executable allows for decrypting the encrypted passwords. The...

CVE-2020-27688

RVTools 4.0.6 is affected by CVE-2020-27688: RVToolsPasswordEncryption.exe uses a static IV and key for encryption, and the Decrypt() method in VISKD.cs within RVTools.exe can decrypt the stored passwords. This creates a risk that passwords in configuration files could be recovered by anyone with...

Arbitrary Code Execution

spamassassin is vulnerable to arbitrary code execution. An attacker can send malicious configuration files to run system commands without any output or errors...

PT-2020-16764 · Robbie Van Bommel · Rvtools

Name of the Vulnerable Software and Affected Versions: RVTools version 4.0.6 Description: The issue concerns the encryption of passwords in RVTools. Specifically, the RVToolsPasswordEncryption.exe utility in RVTools 4.0.6 uses a static initialization vector IV and key for encryption. This static...