Honeywell IP-AK2

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Honeywell Equipment: IP-AK2 Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to download...

CVE-2019-10459

Jenkins Mattermost Notification Plugin 2.7.0 and earlier stored webhook URLs containing a secret token unencrypted in its global configuration file and job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...

CVE-2019-10459

Jenkins Mattermost Notification Plugin 2.7.0 and earlier stored webhook URLs containing a secret token unencrypted in its global configuration file and job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...

Phishing Tool Analysis: Modlishka

Additional research and support provided by Danny Wasserman. Overview One of the goals of phishing sites is to lure individuals into providing sensitive data, such as personally identifiable information, banking and credit card details, and passwords, through the use of email, SMS, social media,...

Code injection

In Centreon VM through 19.04.3, centreon-backup.pl allows attackers to become root via a crafted script, due to incorrect rights of sourced configuration files...

CVE-2018-21025

CVE-2018-21025 affects Centreon VM up to version 19.04.3. The vulnerability arises from incorrect rights on sourced configuration files in centreon-backup.pl, allowing an attacker to escalate to root via a crafted script. The CVSSv3.1 base score is 9.8 (CRITICAL) with network attack vector, low a...

CVE-2017-12167

It was found that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system...

GE Mark VIe Controller CVE-2019-13554 Authorization Bypass Vulnerability

Description GE Mark VIe Controller is prone to an authorization-bypass vulnerability. Attackers can exploit this issue to gain unauthorized access to the affected system and obtain sensitive information. This may aid in further attacks. Technologies Affected Ge Mark VIe Controller Recommendations...

CVE-2009-1285

Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files...

CVE-2019-6175

A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations...

CVE-2019-6175

A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations...

Denial of service

A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations...

CVE-2019-6175 System Update Vulnerability

A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations...

Processes, Logs And Configuration Files Participating in Citrix ADM High Availability

The following processes participate in Citrix ADM HA operations: /usr/local/bin/python /mps/mashbmonit.py This process is run by both nodes. It is responsible for sending and receiving heartbeats and healthchecks. By default, it uses UDP port 5005. The configuration file for this process...

Arbitrary File Read Vulnerability in UsualToolCMS

UsualToolCMS is a content management system and rapid site building framework. Using template separation technology, it supports the creation of multiple application platforms. Has an independent template language and API model , rich plug-ins, easy to use. Supports secondary development, rich...

The vulnerability of the microprogramming software of Moxa EDS-G516E and Moxa EDS-510E switches lies in the use of a unstable cryptographic algorithm in the configuration files. This allows an intruder to gain unauthorized access to the protected information.

The vulnerability of the microprogramming software for Moxa EDS-G516E and Moxa EDS-510E switches is related to the use of a unstable cryptographic algorithm in the configuration files. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected...

The vulnerability of the microprogrammed Ethernet switches Moxa PT-7528 and Moxa PT-7828 lies in the use of a unstable cryptographic algorithm in the configuration files. This allows a hacker to decrypt the configuration data.

The vulnerability of the microprogrammed Ethernet switches Moxa PT-7528 and Moxa PT-7828 lies in the use of a unstable cryptographic algorithm in the configuration files. Exploiting this vulnerability allows a remote attacker to decrypt the configuration data...

System Update Vulnerability - US

Lenovo Security Advisory: LEN-28093 Potential Impact:: Denial of Service Severity: Medium Scope of Impact: Lenovo-specific CVE Identifier: CVE-2019-6175 Summary Description: A denial of service vulnerability was reported in Lenovo System Update that could allow configuration files to be written t...

CVE-2019-10990

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files...

Hardcoded credentials

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files...