2875 matches found
VulnCheck KEV: CVE-2025-34130
An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the /z/zbin/nethtml.cgi endpoint. This vulnerability allows attackers to read sensitive configuration files, such as /zconf/service.xml, which can then be...
TrickBot Now Exploits Infected PCs to Launch RDP Brute Force Attacks
A new module for TrickBot banking Trojan has recently been discovered in the wild that lets attackers leverage compromised systems to launch brute-force attacks against selected Windows systems running a Remote Desktop Protocol RDP connection exposed to the Internet. The module, dubbed...
Design/Logic Flaw
For VMware Horizon Client for Windows 5.x and prior before 5.3.0, VMware Remote Console for Windows 10.x before 11.0.0, VMware Workstation for Windows 15.x before 15.5.2 the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users. A local...
CVE-2020-9518
Login filter can access configuration files vulnerability in Micro Focus Service Manager Web Tier, affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data...
CVE-2020-9518
Technical details (affected product/components, root cause, impact, and fixes) are not publicly available in the provided documents. Monitor for updates.
Information Disclosure
froxlor/froxlor is vulnerable to information disclosure. The application creates files with static names in /tmp during installation in the case that the installation directory was not writable. This allows local attackers to cause retrieve confidential information out of the configuration files...
CVE-2020-8635
Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on installation directories and configuration files. This allows local users to arbitrarily create FTP users with full privileges, and escalate privileges within the operating system by modifying system files...
Directory Traversal
spring-cloud-config-client is vulnerable to directory traversal. The attack is possible because it fails to validate the names and labels in environment and resource controller, allowing an attacker to provide malicious configuration files by exploiting the vulnerability...
CVE-2020-5405
Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...
CVE-2020-5405
Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...
Directory traversal
Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...
CVE-2020-5405 Directory Traversal with spring-cloud-config-server
Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...
CVE-2020-5405
Spring Cloud Config - Local File Inclusion (CVE-2020-5405): Affects Spring Cloud Config Server in 2.2.x before 2.2.2 and 2.1.x before 2.1.7 (older/unsupported). Exploitable via a crafted URL to serve arbitrary configuration files, enabling potential data exposure. Remediation: upgrade to patched ...
[SECURITY] Fedora 31 Update: PyYAML-5.3-2.fc31
YAML is a data serialization format designed for human readability and interaction with scripting languages. PyYAML is a YAML parser and emitter for Python. PyYAML features a complete YAML 1.1 parser, Unicode support, pickle support, capable extension API, and sensible error messages. PyYAML...
Design/Logic Flaw
An off by one issue existed in the handling of racoon configuration files. This issue was addressed through improved bounds checking. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1. Loading a maliciously crafted racoon configuration file may lead to...
CVE-2020-3840
CVE-2020-3840 describes an off-by-one error in the handling of racoon configuration files within IPSec-related components. The underlying issue arises from improper bounds checking, which could allow a maliciously crafted racoon config to trigger arbitrary code execution. Apple and Red Hat record...
CVE-2019-18238
In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is stored in configuration files without encryption, which may allow an attacker to access an administrative account...
CVE-2020-6968
Honeywell INNCOM INNControl 3 allows workstation users to escalate application user privileges through the modification of local configuration files...
CVE-2020-6968
Honeywell INNCOM INNControl 3 allows workstation users to escalate application user privileges through the modification of local configuration files...
Code injection
Honeywell INNCOM INNControl 3 allows workstation users to escalate application user privileges through the modification of local configuration files...