IBM Content Navigator Local File Containment Vulnerability

IBM Content Navigator is a Web client from IBM USA. The product supports searching and processing documents stored in content servers from a Web browser. A local file inclusion vulnerability exists in IBM Content Navigator version 3.0CD. An attacker can exploit this vulnerability to access...

CVE-2019-7225

The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool "Panel Builder 600" to flash a new interface and Tags MODBUS coils mapping to the HMI. These credentials are the idal123...

Cisco Integrated Management Controller Operating System Command Injection Vulnerability (CNVD-2019-18899)

Cisco Integrated Management Controller IMC is a set of software from the American company Cisco Cisco for the management of UCS Unified Computing System. The software supports HTTP, SSH access, etc., and can perform operations such as powering on, powering off and rebooting the server. An operati...

The vulnerability of the Open Cloud Integrity Technology, a tool for creating cloud services, lies in the insufficient password protection in configuration files, which allows attackers to disclose sensitive information.

The vulnerability of the Open Cloud Integrity Technology, which is used to create cloud services, is related to insufficient password protection in configuration files. Exploiting this vulnerability can allow attackers to disclose sensitive information...

CVE-2018-17148

An Insufficient Access Control vulnerability leading to credential disclosure in coreconfigsnapshot.php aka configuration snapshot page in Nagios XI before 5.5.4 allows remote attackers to gain access to configuration files containing confidential credentials...

Improper access control

An Insufficient Access Control vulnerability leading to credential disclosure in coreconfigsnapshot.php aka configuration snapshot page in Nagios XI before 5.5.4 allows remote attackers to gain access to configuration files containing confidential credentials...

CVE-2019-2257

Wrong permissions in configuration file can lead to unauthorized permission in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W,...

PT-2019-2563 · Abb · Panel Builder 600 +15

Name of the Vulnerable Software and Affected Versions: ABB CP620 versions 1SAP520100R0001 through 1SAP520100R4001 ABB CP620-WEB version 1SAP520200R0001 ABB CP630 version 1SAP530100R0001 ABB CP630-WEB version 1SAP530200R0001 ABB CP635 versions 1SAP535100R0001 through 1SAP535100R5001 ABB CP635-B...

GHSA-4X49-W62V-76Q7 Path Traversal in Spring Cloud Config

Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a...

Path Traversal in Spring Cloud Config

Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a...

Schneider Electric Modicon Configuration File Override Vulnerability

The Schneider Electric Modicon M580, M340 is a programmable automation controller. A security vulnerability exists in the Schneider Electric Modicon M580, M340 that allows remote attackers to exploit the vulnerability to submit a special request that could overwrite configuration files...

CVE-2018-5430

The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contain a vulnerability which...

CVE-2019-3799

Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a...

CVE-2019-9505

The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not sanitize special characters allowing for remote unauthorized changes to configuration files. An unauthenticated attacker may be able to remotely execute arbitrary code with SYSTEM privileges...

CVE-2019-9505

The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not sanitize special characters allowing for remote unauthorized changes to configuration files. An unauthenticated attacker may be able to remotely execute arbitrary code with SYSTEM privileges...

Design/Logic Flaw

The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not sanitize special characters allowing for remote unauthorized changes to configuration files. An unauthenticated attacker may be able to remotely execute arbitrary code with SYSTEM privileges...

Fedora Update for PyYAML FEDORA-2019-bed9afe622

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Directory traversal

Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a...

CVE-2019-3799 Directory Traversal with spring-cloud-config-server

Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a...

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...