2867 matches found
WSO2 API Manager Carbon Interface 3.0.0 File Delete
Document Title: =============== WOS2 API ManagerDelete Extension Arbitrary File DeletePath traversal CVE not assigned yet Author : Raki Ben Hamouda Security Update : https://apim.docs.wso2.com/en/latest/ Common Vulnerability Scoring System: ==================================== 8.5 Affected...
CVE-2020-1624 Junos OS Evolved: objmon logs may leak sensitive information
A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via raw objmon configuration files. This issue affects all versions of Junos OS Evolved prior to 19.1R1...
RHEL 7 : cups (RHSA-2020:1050)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1050 advisory. The Common UNIX Printing System CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fixes: cups...
[SECURITY] Fedora 32 Update: PyYAML-5.3.1-1.fc32
YAML is a data serialization format designed for human readability and interaction with scripting languages. PyYAML is a YAML parser and emitter for Python. PyYAML features a complete YAML 1.1 parser, Unicode support, pickle support, capable extension API, and sensible error messages. PyYAML...
[SECURITY] Fedora 30 Update: PyYAML-5.3.1-1.fc30
YAML is a data serialization format designed for human readability and interaction with scripting languages. PyYAML is a YAML parser and emitter for Python. PyYAML features a complete YAML 1.1 parser, Unicode support, pickle support, capable extension API, and sensible error messages. PyYAML...
CVE-2020-9759
A Vulnerability of LG Electronic web OS TV Emulator could allow an attacker to escalate privileges and overwrite certain files. This vulnerability is due to wrong environment setting. An attacker could exploit this vulnerability through crafted configuration files and executable files...
DEBIAN-CVE-2020-9759
A Vulnerability of LG Electronic web OS TV Emulator could allow an attacker to escalate privileges and overwrite certain files. This vulnerability is due to wrong environment setting. An attacker could exploit this vulnerability through crafted configuration files and executable files...
CVE-2020-9759
A Vulnerability of LG Electronic web OS TV Emulator could allow an attacker to escalate privileges and overwrite certain files. This vulnerability is due to wrong environment setting. An attacker could exploit this vulnerability through crafted configuration files and executable files...
CVE-2020-9759
A Vulnerability of LG Electronic web OS TV Emulator could allow an attacker to escalate privileges and overwrite certain files. This vulnerability is due to wrong environment setting. An attacker could exploit this vulnerability through crafted configuration files and executable files...
CVE-2020-9759
A Vulnerability of LG Electronic web OS TV Emulator could allow an attacker to escalate privileges and overwrite certain files. This vulnerability is due to wrong environment setting. An attacker could exploit this vulnerability through crafted configuration files and executable files...
hitconDockerfile
This repository is an offensive tool for web application exploitation. It contains a collection of web challenges created by the user "Pr0phet" for the HITCON CTF Capture The Flag series. The challenges are designed to test various web application vulnerabilities, including SQL injection, SSRF...
Linux: Read GRUB config files (KB)
The GRUB Grand Unified Bootloader is a bootloader available from the GNU project. A bootloader is very important as it is impossible to start an operating system without it. It is the first program which starts when the program is switched on. The bootloader transfers the control to the operating...
VulnCheck KEV: CVE-2025-34130
An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the /z/zbin/nethtml.cgi endpoint. This vulnerability allows attackers to read sensitive configuration files, such as /zconf/service.xml, which can then be...
TrickBot Now Exploits Infected PCs to Launch RDP Brute Force Attacks
A new module for TrickBot banking Trojan has recently been discovered in the wild that lets attackers leverage compromised systems to launch brute-force attacks against selected Windows systems running a Remote Desktop Protocol RDP connection exposed to the Internet. The module, dubbed...
Design/Logic Flaw
For VMware Horizon Client for Windows 5.x and prior before 5.3.0, VMware Remote Console for Windows 10.x before 11.0.0, VMware Workstation for Windows 15.x before 15.5.2 the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users. A local...
CVE-2020-9518
Login filter can access configuration files vulnerability in Micro Focus Service Manager Web Tier, affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data...
CVE-2020-9518
Technical details (affected product/components, root cause, impact, and fixes) are not publicly available in the provided documents. Monitor for updates.
Information Disclosure
froxlor/froxlor is vulnerable to information disclosure. The application creates files with static names in /tmp during installation in the case that the installation directory was not writable. This allows local attackers to cause retrieve confidential information out of the configuration files...
CVE-2020-8635
Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on installation directories and configuration files. This allows local users to arbitrarily create FTP users with full privileges, and escalate privileges within the operating system by modifying system files...
Directory Traversal
spring-cloud-config-client is vulnerable to directory traversal. The attack is possible because it fails to validate the names and labels in environment and resource controller, allowing an attacker to provide malicious configuration files by exploiting the vulnerability...