Cisco DNA Center Information Disclosure Vulnerability

A vulnerability in Cisco DNA Center software could allow an unauthenticated remote attacker access to sensitive information on an affected system. The vulnerability is due to improper handling of authentication tokens by the affected software. An attacker could exploit this vulnerability by sendi...

Schneider Electric Easergy Builder Input Validation Error Vulnerability

The Schneider Electric Easergy Builder is used by expert engineering teams to configure the T300 grid automation platform. An input validation error vulnerability exists in Schneider Electric Easergy Builder version 1.4.7.2 and earlier versions, which can be exploited by an attacker to modify...

CVE-2020-7518

A CWE-20: Improper input validation vulnerability exists in Easergy Builder Version 1.4.7.2 and older which could allow an attacker to modify project configuration files...

Input validation

A CWE-20: Improper input validation vulnerability exists in Easergy Builder Version 1.4.7.2 and older which could allow an attacker to modify project configuration files...

CVE-2020-7518

A CWE-20: Improper input validation vulnerability exists in Easergy Builder Version 1.4.7.2 and older which could allow an attacker to modify project configuration files...

BSA Radar 1.6.7234.24750 Local File Inclusion

Exploit title: BSA Radar 1.6.7234.24750 - Local File Inclusion Date: 2020-07-08 Exploit Author: William Summerhill Vendor homepage: https://www.globalradar.com/ Version: BSA Radar - Version 1.6.7234.24750 and lower CVE-2020-14946 - Local File Inclusion Description: The Administrator section of th...

BSA Radar 1.6.7234.24750 - Local File Inclusion

Exploit title: BSA Radar 1.6.7234.24750 - Local File Inclusion Date: 2020-07-08 Exploit Author: William Summerhill Vendor homepage: https://www.globalradar.com/ Version: BSA Radar - Version 1.6.7234.24750 and lower CVE-2020-14946 - Local File Inclusion Description: The Administrator section of th...

Mail.ru: [https://youdrive.today/] Nginx directory traversal

Invalid nginx configuration allowed limited path traversal in youdrive.today and leaking sensitive application data in configuration files. Nginx directory traversal via misconfigured alias leads for disclosing all the configuration. Exploit: https:///static../config.js...

F5 BIG-IP contains multiple vulnerabilities including unauthenticated remote command execution

Overview F5 BIG-IP provides a Traffic Management User Interface TMUI, also referred to as the Configuration utility, that has multiple vulnerabilities including a remotely exploitable command injection vulnerability that can be used to execute arbitrary commands and subsequently take control of a...

kdelibs: malicious desktop files and configuration files lead to code execution with minimal user interaction

A flaw was found in the KDE Frameworks KConfig prior to version 5.61.0. Certain syntax commands were allowed in .desktop, .directory, and configuration files to allow flexible configurations with the desktop environment. An attacker could add malicious code to a file that a user would...

CVE-2020-2213

Jenkins White Source Plugin 19.1.1 and earlier stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission config.xml, or access to the master file system...

Atlassian JIRA Server and Data Center Cross-Site Request Forgery Vulnerability (CNVD-2021-17350)

Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia.Atlassian JIRA Server is the server version of a defect tracking management system. Atlassian JIRA Server is the server version of a defect tracking management system that is used to track and manage all...

F5 Networks BIG-IP : BIG-IP SCP vulnerability (K82518062)

The BIG-IP system does not properly enforce the access controls for the scp.blacklist files. This allows Admin and Resource Admin users with Secure Copy SCP protocol access to read and overwrite blacklisted files via SCP.CVE-2020-5906 Note : F5 is working to eliminate exclusionary language in our...

Code injection

downloadFile.ashx in the Administrator section of the Surveillance module in Global RADAR BSA Radar 1.6.7234.24750 and earlier allows users to download transaction files. When downloading the files, a user is able to view local files on the web server by manipulating the FileName and FilePath...

CVE-2020-14946

downloadFile.ashx in the Administrator section of the Surveillance module in Global RADAR BSA Radar 1.6.7234.24750 and earlier allows users to download transaction files. When downloading the files, a user is able to view local files on the web server by manipulating the FileName and FilePath...

CVE-2019-20843

An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There are weak permissions for configuration files...

CVE-2019-20843

An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There are weak permissions for configuration files...

Design/Logic Flaw

An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There are weak permissions for configuration files...

CVE-2019-20843

An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There are weak permissions for configuration files...

CVE-2019-20843

CVE-2019-20843 affects Mattermost Server prior to 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7, due to weak permissions on configuration files. The issue is documented across NVD/Red Hat/CNVD/OSV lists with the same description. Affected component is Mattermost Server (configuration file permissions...