2867 matches found
mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter
The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications...
mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter
The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications...
mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter
The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications...
Siemens LOGO!8 BM Access Control Error Vulnerability (CNVD-2020-43685)
The Siemens LOGO!8 BM is a programmable logic controller from Siemens, Germany. An access control error vulnerability exists in Siemens LOGO!8 BM all versions, which stems from a lack of identity authentication in the program. An attacker with access to port 135/tcp could exploit this vulnerabili...
Directory traversal attack in Spring Cloud Config
Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...
Secure Computing SnapGear Management Console SG560 3.1.5 - Arbitrary File Read
Title: Secure Computing SnapGear Management Console SG560 3.1.5 - Arbitrary File Read Author:LiquidWorm Date: 2020-06-04 Vendor: http://www.securecomputing.com CVE: N/A Secure Computing SnapGear Management Console SG560 v3.1.5 Arbitrary File Read/Write Vendor: Secure Computing Corp. Product web...
Engel & Völkers Technology GmbH: Information disclosure at https://printshop.engelvoelkers.com/packages/.bash_history
Hello! I found .bashhistory in the home directory and this file was accessible through the web screenshot in attachment. This file exposes sensitive information history commands, directories, software version that could help a malicious user to prepare more advanced attacks. POC:...
Critical SAP ASE Flaws Allow Complete Control of Databases
Researchers are urging users to apply patches for several critical vulnerabilities in SAP’s Adaptive Server Enterprise ASE. If exploited, the most severe flaws could give unprivileged users complete control of databases and – in some cases – even underlying operating systems. ASE previously known...
CVE-2020-5410
Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...
CVE-2020-5410
Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...
Directory traversal
Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...
CVE-2020-5410 Directory Traversal with spring-cloud-config-server
Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...
CVE-2020-5410 Directory Traversal with spring-cloud-config-server
Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...
grafana: information disclosure through world-readable grafana configuration files
An information-disclosure flaw was found in Grafana distributed by Red Hat. This flaw allows a local attacker access to potentially sensitive information such as secretkey and a bindpassword from the world-readable files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml...
PT-2020-4063 · Spring · Spring Cloud Config
Name of the Vulnerable Software and Affected Versions: Spring Cloud Config versions 2.1.x prior to 2.1.9 Spring Cloud Config versions 2.2.x prior to 2.2.3 Spring Cloud Config older unsupported versions Description: The issue allows applications to serve arbitrary configuration files through the...
CVE-2020-5410
Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...
DoubleGun Group Builds Massive Botnet Using Cloud Services
An operation from the China-based cybercrime gang known as DoubleGun Group has been disrupted, which had amassed hundreds of thousands of bots that were controlled via public cloud services, including Alibaba and Baidu Tieba. NetLab 360 researchers, in a recent posting, said that it noticed DNS...
Updated log4net packages fix security vulnerability
Updated log4net packages fix security vulnerability This patch fixes a security vulnerability reported by Karthik Balasundaram. The security vulnerability was found in the way how log4net parses xml configuration files where it allowed to process XML External Entity Processing. An attacker could...
MGASA-2020-0233 Updated log4net packages fix security vulnerability
Updated log4net packages fix security vulnerability This patch fixes a security vulnerability reported by Karthik Balasundaram. The security vulnerability was found in the way how log4net parses xml configuration files where it allowed to process XML External Entity Processing. An attacker could...
Visual Studio Code Python Extension Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads configuration files after opening a project. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on wi...