New malware attack turns Elasticsearch databases into DDoS botnet

By Uzair Amir The malware attack involves two stages including one in which existing cryptomining malware is removed and other remove configuration files. This is a post from HackRead.com Read the original post: New malware attack turns Elasticsearch databases into DDoS botnet...

Arbitrary File Download Vulnerability in Isthmus Electronic Document Security Management System (CNVD-2019-27482)

Electronic document security management system abbreviation: CDG is an electronic document security protection software. An arbitrary file read vulnerability exists in the IZP Electronic Document Security Management System. The download function somewhere in Yisetong Electronic Document Security...

The vulnerability of the web interface of the SIP phone Yealink SIP-T21P E2, related to insufficient access control checks, allows a perpetrator to gain access to configuration files.

The vulnerability of the web interface of the SIP phone Yealink SIP-T21P E2 is related to insufficient verification of access rights. Exploiting this vulnerability can allow an attacker to gain access to configuration files through a specially crafted GET request...

Design/Logic Flaw

Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

PT-2019-17003 · Ibm · Ibm Content Navigator

Name of the Vulnerable Software and Affected Versions: IBM Content Navigator version 3.0CD Description: The issue allows an attacker to access a configuration file in the ICN server through local file inclusion. Recommendations: For IBM Content Navigator version 3.0CD, consider restricting access...

CVE-2018-17148

An Insufficient Access Control vulnerability leading to credential disclosure in coreconfigsnapshot.php aka configuration snapshot page in Nagios XI before 5.5.4 allows remote attackers to gain access to configuration files containing confidential credentials...

F5 BIG-IP Information Disclosure Vulnerability (CNVD-2019-30623)

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. An information disclosure vulnerability exists in SNMP in F5 BIG-IP, which can be exploited by an attacker to gain access to...

Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability

Cisco Enterprise NFV Infrastructure Software is a lightweight virtualization platform that integrates complete VM lifecycle management, monitoring, device programmability, and service chaining in one installable package. A command injection vulnerability exists in Cisco Enterprise NFV...

CVE-2019-9873

In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8...

CVE-2019-9823

In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8, 2018.1.8...

CVE-2019-9823

In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8, 2018.1.8...

Design/Logic Flaw

In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8...

UBUNTU-CVE-2019-9823

In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8, 2018.1.8...

UBUNTU-CVE-2019-9873

In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8...

Design/Logic Flaw

In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. If the Settings Repository plugin was then used and configured to synchronize...

CVE-2019-9823

In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8, 2018.1.8...

CVE-2019-9873

CVE-2019-9873 affects JetBrains IntelliJ IDEA Ultimate. When configuring Task Servers, the IDE could store server credentials in plaintext in its configuration files, exposing sensitive data. The root cause is cleartext storage of secrets in the IDE’s configuration. The issue has been fixed in th...

CVE-2019-9873

In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8...

CVE-2019-9872

In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. If the Settings Repository plugin was then used and configured to synchronize...

CVE-2019-9823

In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8, 2018.1.8...