Lucene search
K

2875 matches found

VulnCheck KEV
VulnCheck KEV
added 2020/03/20 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-34130

An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the /z/zbin/nethtml.cgi endpoint. This vulnerability allows attackers to read sensitive configuration files, such as /zconf/service.xml, which can then be...

8.7CVSS5.9AI score0.01149EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2020/03/18 8:35 a.m.91 views

TrickBot Now Exploits Infected PCs to Launch RDP Brute Force Attacks

A new module for TrickBot banking Trojan has recently been discovered in the wild that lets attackers leverage compromised systems to launch brute-force attacks against selected Windows systems running a Remote Desktop Protocol RDP connection exposed to the Internet. The module, dubbed...

0.6AI score
Exploits0
Prion
Prion
added 2020/03/16 6:15 p.m.21 views

Design/Logic Flaw

For VMware Horizon Client for Windows 5.x and prior before 5.3.0, VMware Remote Console for Windows 10.x before 11.0.0, VMware Workstation for Windows 15.x before 15.5.2 the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users. A local...

7.2CVSS8.2AI score0.00391EPSS
Exploits0References1Affected Software3
Cvelist
Cvelist
added 2020/03/16 1:1 p.m.19 views

CVE-2020-9518

Login filter can access configuration files vulnerability in Micro Focus Service Manager Web Tier, affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data...

5.2AI score0.00862EPSS
Exploits0References1
CVE
CVE
added 2020/03/16 1:1 p.m.49 views

CVE-2020-9518

Technical details (affected product/components, root cause, impact, and fixes) are not publicly available in the provided documents. Monitor for updates.

5.3CVSS5.2AI score0.00862EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2020/03/10 1:25 a.m.16 views

Information Disclosure

froxlor/froxlor is vulnerable to information disclosure. The application creates files with static names in /tmp during installation in the case that the installation directory was not writable. This allows local attackers to cause retrieve confidential information out of the configuration files...

6.1CVSS3.7AI score0.00322EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2020/03/07 12:15 a.m.25 views

CVE-2020-8635

Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on installation directories and configuration files. This allows local users to arbitrarily create FTP users with full privileges, and escalate privileges within the operating system by modifying system files...

7.8CVSS7.6AI score0.00807EPSS
Exploits6References1
Veracode
Veracode
added 2020/03/06 3:25 a.m.20 views

Directory Traversal

spring-cloud-config-client is vulnerable to directory traversal. The attack is possible because it fails to validate the names and labels in environment and resource controller, allowing an attacker to provide malicious configuration files by exploiting the vulnerability...

6.5CVSS5.2AI score0.6876EPSS
Exploits0References1Affected Software2
NVD
NVD
added 2020/03/05 7:15 p.m.30 views

CVE-2020-5405

Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...

6.5CVSS6.5AI score0.6876EPSS
Exploits0References1
OSV
OSV
added 2020/03/05 7:15 p.m.23 views

CVE-2020-5405

Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...

6.5CVSS6.8AI score0.6876EPSS
Exploits0References1
Prion
Prion
added 2020/03/05 7:15 p.m.14 views

Directory traversal

Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...

4.3CVSS6.4AI score0.6876EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/03/05 7:0 p.m.34 views

CVE-2020-5405 Directory Traversal with spring-cloud-config-server

Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...

6.7AI score0.6876EPSS
Exploits0References1
CVE
CVE
added 2020/03/05 7:0 p.m.169 views

CVE-2020-5405

Spring Cloud Config - Local File Inclusion (CVE-2020-5405): Affects Spring Cloud Config Server in 2.2.x before 2.2.2 and 2.1.x before 2.1.7 (older/unsupported). Exploitable via a crafted URL to serve arbitrary configuration files, enabling potential data exposure. Remediation: upgrade to patched ...

6.5CVSS6.7AI score0.6876EPSS
Exploits0References1Affected Software1
Fedora
Fedora
added 2020/02/29 10:32 p.m.34 views

[SECURITY] Fedora 31 Update: PyYAML-5.3-2.fc31

YAML is a data serialization format designed for human readability and interaction with scripting languages. PyYAML is a YAML parser and emitter for Python. PyYAML features a complete YAML 1.1 parser, Unicode support, pickle support, capable extension API, and sensible error messages. PyYAML...

9.8CVSS1.7AI score0.05156EPSS
Exploits1
Prion
Prion
added 2020/02/27 9:15 p.m.22 views

Design/Logic Flaw

An off by one issue existed in the handling of racoon configuration files. This issue was addressed through improved bounds checking. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1. Loading a maliciously crafted racoon configuration file may lead to...

6.8CVSS7.7AI score0.01136EPSS
Exploits0References3Affected Software4
CVE
CVE
added 2020/02/27 8:45 p.m.138 views

CVE-2020-3840

CVE-2020-3840 describes an off-by-one error in the handling of racoon configuration files within IPSec-related components. The underlying issue arises from improper bounds checking, which could allow a maliciously crafted racoon config to trigger arbitrary code execution. Apple and Red Hat record...

7.8CVSS7.4AI score0.01136EPSS
Exploits0References3Affected Software4
Cvelist
Cvelist
added 2020/02/26 9:19 p.m.19 views

CVE-2019-18238

In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is stored in configuration files without encryption, which may allow an attacker to access an administrative account...

7.3AI score0.00493EPSS
Exploits0References1
OSV
OSV
added 2020/02/20 9:15 p.m.5 views

CVE-2020-6968

Honeywell INNCOM INNControl 3 allows workstation users to escalate application user privileges through the modification of local configuration files...

7.8CVSS7.1AI score0.00264EPSS
Exploits0References1
NVD
NVD
added 2020/02/20 9:15 p.m.18 views

CVE-2020-6968

Honeywell INNCOM INNControl 3 allows workstation users to escalate application user privileges through the modification of local configuration files...

7.8CVSS7.7AI score0.00264EPSS
Exploits0References1
Prion
Prion
added 2020/02/20 9:15 p.m.12 views

Code injection

Honeywell INNCOM INNControl 3 allows workstation users to escalate application user privileges through the modification of local configuration files...

4.6CVSS7.6AI score0.00264EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder