The vulnerability of the guest OS layer of the Cisco IOS XE operating system allows a hacker to gain access to read and write system and configuration files.

The vulnerability of the Cisco IOS XE operating system’s guest layer is related to errors in privilege management. Exploiting this vulnerability can allow an attacker to gain read and write access to system and configuration files...

spamassassin: command injection via crafted configuration file

A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious Configuration .cf files can be configured to run system commands similar to CVE-2018-11805. This issue is less stealthy and attempts to exploit the issue will throw warnings. Thanks to Damian...

RHEL 8 : spamassassin (RHSA-2020:4625)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:4625 advisory. The SpamAssassin tool provides a way to reduce unsolicited commercial email spam from incoming email. Security Fixes: spamassassin: crafted...

Moderate: spamassassin security update

The SpamAssassin tool provides a way to reduce unsolicited commercial email spam from incoming email. Security Fixes: spamassassin: crafted configuration files can run system commands without any output or errors CVE-2018-11805 spamassassin: crafted email message can lead to DoS CVE-2019-12420...

CVE-2020-7757

This affects all versions of package droppy. It is possible to traverse directories to fetch configuration files from a droopy server...

CVE-2020-7757

This affects all versions of package droppy. It is possible to traverse directories to fetch configuration files from a droopy server...

Design/Logic Flaw

This affects all versions of package droppy. It is possible to traverse directories to fetch configuration files from a droopy server...

CVE-2020-7757 Path Traversal

This affects all versions of package droppy. It is possible to traverse directories to fetch configuration files from a droopy server...

Path Traversal

Overview droppy is a library for self-hosted file storage. Affected versions of this package are vulnerable to Path Traversal. It is possible to traverse directories to fetch configuration files from a droopy server. PoC GET...

CVE-2020-27181

A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files...

Hardcoded credentials

A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files...

CVE-2020-27181

The CVE-2020-27181 entry concerns the Java applet of konzept-ix PubliXone (before 2020.015) with a hardcoded AES key in CipherUtils.java. This flaw enables attackers to craft password-reset tokens or decrypt server-side configuration files, per the primary description. Connected records corrobora...

CVE-2020-27181

A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files...

CVE-2020-11496

Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers with access to engineering data to insert arbitrary code. This firmware lacks the validation of the input values on the device side, which is provided by the engineering software during parameterization. Attackers with access ...

Input validation

Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers with access to engineering data to insert arbitrary code. This firmware lacks the validation of the input values on the device side, which is provided by the engineering software during parameterization. Attackers with access ...

CVE-2020-11496

Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers with access to engineering data to insert arbitrary code. This firmware lacks the validation of the input values on the device side, which is provided by the engineering software during parameterization. Attackers with access ...

U.S. Dept Of Defense: Local File Inclusion In Registration Page

Summary: When registering on https://████████ it is possible to use path traversal characters in a parameter allowing an attacker to read local files. Description: The registerUserInfoCommand.nextPageName parameter within the registration form is vulnerable to file path manipulation, where it is...

CVE-2020-17415

This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PhantomPDF 10.0.0.35798. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

CVE-2020-17414

This vulnerability allows local attackers to escalate privileges on affected installations of Foxit Reader 10.0.0.35798. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handli...

Design/Logic Flaw

This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PhantomPDF 10.0.0.35798. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...