Use-After-Free

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

Sierra Wireless AirLink ES450 SNMPD Hard-Coded Credentials Vulnerability

A hard-coded credentials vulnerability exists in the snmpd function of the Sierra Wireless AirLink ES450 FW 4.9.3. Activating snmpd outside of the WebUI can cause the activation of the hard-coded credentials, resulting in a hard-coded, in the exposure of a privileged user. An attacker can activat...

8x8: Sensitive data disclosure via exposed phpunit file

Several domains with the development phpunit configuration files exposed without proper restrictions...

Directory Traversal

spring-cloud-config-server is vulnerable to directory traversal. It is possible because an attacker can serve arbitrary configuration files to the sever through a malicious URL feed into spring-cloud-config-server module...

CVE-2019-1003054

CVE-2019-1003054 relates to the Jenkins Jira Issue Updater Plugin, where credentials are stored unencrypted in job config.xml on the Jenkins master/controller. The vulnerability arises from credentials being accessible to any user with Extended Read permission or with access to the master/control...

metasploit-framework

This is a repository for the Metasploit Framework, a penetration testing tool. The repository contains various files and directories related to the project, including configuration files, documentation, and test scripts. The Metasploit Framework is a powerful tool for testing the security of...

[SECURITY] Fedora 29 Update: PyYAML-5.1-1.fc29

YAML is a data serialization format designed for human readability and interaction with scripting languages. PyYAML is a YAML parser and emitter for Python. PyYAML features a complete YAML 1.1 parser, Unicode support, pickle support, capable extension API, and sensible error messages. PyYAML...

Information Disclosure

ceilometer is vulnerable to information disclosure. The configuration files containing confidential information are printed into log files, which would allow a local user to retrieve the information when the log files are accessible...

PT-2019-11332 · Jenkins · Jenkins Appdynamics Dashboard Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins AppDynamics Dashboard Plugin versions 1.0.14 and earlier Description: The issue allows attackers without permission to obtain passwords configured in jobs. This is due to insufficient protection of credentials in the JenkinsAppDynamic...

8x8: Sensitive information disclosure

The third party marketing company that ran the www application had inadvertently exposed some the configuration files of their application...

Arbitrary File Read Vulnerability in Isthmus Electronic Document Security Management System

Electronic document security management system abbreviation: CDG is an electronic document security protection software. An arbitrary file read vulnerability exists in the IZP Electronic Document Security Management System. The download function somewhere in Yisetong Electronic Document Security...

The vulnerability of the CLI component of Cisco Enterprise Network Function Virtualization Infrastructure (NFVIZ) software allows a attacker to access system configuration files.

The vulnerability of the CLI component of Cisco Enterprise Network Function Virtualization Infrastructure NFVIZ software lies in insufficient validation of input data. Exploiting this vulnerability can allow attackers to access system configuration files through a specially crafted request...

The vulnerability of the Command Line Interface (CLI) of Cisco SD-WAN-enabled software-defined networks allows attackers to elevate their privileges and modify device configuration files.

The vulnerability of the Command Line Interface CLI of Cisco SD-WAN software-defined networks is related to access control violations. Exploiting this vulnerability can allow attackers to enhance their privileges and modify device configuration files by sending specially crafted commands to the...

CVE-2019-1003014

An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete t...

PT-2019-11312 · Jenkins · Jenkins Config File Provider Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Config File Provider Plugin versions 3.4.1 and earlier Description: A cross-site scripting issue exists that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to...

Bscan - An Asynchronous Target Enumeration Tool

Synopsis bscan is a command-line utility to perform active information gathering and service enumeration. At its core, bscan asynchronously spawns processes of well-known scanning utilities, repurposing scan results into highlighted console output and a well-defined directory structure...

CVE-2018-17928

The product CMS-770 Software Versions 1.7.1 and prioris vulnerable that an attacker can read sensitive configuration files by bypassing the user authentication mechanism...

Authentication flaw

The product CMS-770 Software Versions 1.7.1 and prioris vulnerable that an attacker can read sensitive configuration files by bypassing the user authentication mechanism...

CVE-2018-17928

The product CMS-770 Software Versions 1.7.1 and prioris vulnerable that an attacker can read sensitive configuration files by bypassing the user authentication mechanism...

CVE-2018-17928

The product CMS-770 Software Versions 1.7.1 and prioris vulnerable that an attacker can read sensitive configuration files by bypassing the user authentication mechanism...