The vulnerability of CGI applications of microprogramming software for controlled switches from FL SWITCH allows a hacker to access the contents of configuration files.

The vulnerability of CGI applications of microprogramming software for controlled switches from FL SWITCH Phoenix Contact is related to security mechanisms that are flawed. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to configuration files’ contents...

ASUSTOR Data Master Cross-Site Scripting Vulnerability

ASUSTOR Data Master ADM is a dedicated operating system for ASUSTOR NAS storage devices from ASUSTOR. A cross-site scripting vulnerability exists in ADM 3.1.5 and prior versions, which originates when the program uses HTTP requests for configuration files. A remote attacker can exploit this...

The vulnerability of the microprogramming software of the 4G LTE Light Industrial M2M Router (NWL-25) is related to insufficient protection of configuration data, allowing attackers to gain unauthorized access to protected data.

The vulnerability of the microprogramming software of the 4G LTE Light Industrial M2M Router NWL-25 is related to insufficient protection of configuration data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to configuration files and profiles...

NetComm NWL-25 Information Disclosure Vulnerability

The NetComm NWL-25 is a 4G LTE industrial grade M2M router. An information disclosure vulnerability exists in the NetComm NWL-25 using firmware version 2.0.29.11 and earlier, which can be exploited by an attacker to access configuration files without authentication...

Design/Logic Flaw

NetComm Wireless G LTE Light Industrial M2M Router NWL-25 with firmware 2.0.29.11 and prior. The device allows access to configuration files and profiles without authenticating the user...

CVE-2018-14782

NetComm Wireless G LTE Light Industrial M2M Router NWL-25 with firmware 2.0.29.11 and prior. The device allows access to configuration files and profiles without authenticating the user...

CVE-2018-14782

NetComm Wireless G LTE Light Industrial M2M Router NWL-25 with firmware 2.0.29.11 and prior. The device allows access to configuration files and profiles without authenticating the user...

Ericson-LG iPECS NMS 30M Directory Traversal Vulnerability

The Ericsson-LG iPECS NMS is a network management solution from Ericson-LG in Korea. A directory traversal vulnerability exists in Ericsson-LG iPECS NMS 30M. An attacker can exploit the vulnerability to directly download configuration files...

LG-Ericsson iPECS NMS 30M - Directory Traversal

LG-Ericsson iPECS NMS 30M - Directory Traversal Exploit Title: LG-Ericsson iPECS NMS 30M - Directory Traversal Shodon Dork: iPECS CM Exploit Author: Safak Aslan Software Link: www.ipecs.com Version: 30M-B.2Ia and 30M-2.3Gn Authentication Required: No Tested on: Linux CVE: N/A Description The...

LG-Ericsson iPECS NMS 30M Directory Traversal

Exploit Title: LG-Ericsson iPECS NMS 30M - Directory Traversal Shodon Dork: iPECS CM Exploit Author: Safak Aslan Software Link: www.ipecs.com Version: 30M System Authentication Required: No Tested on: Linux CVE: N/A Description The directory traversal was detected on LG-Ericsson's iPECS product...

Design/Logic Flaw

It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group root:jboss, 664. On systems using classic /etc/init.d init scripts i.e. on Red Hat Enterprise Linux 6 a...

CVE-2016-8657

CVE-2016-8657 affects Red Hat JBoss EAP on Red Hat Enterprise Linux where /etc/sysconfig/jbossas was created with insecure permissions (root:jboss, 664), making it writable by the jboss group. On systems using classic /etc/init.d scripts (RHEL 6 and earlier), the file is sourced by the jboss init...

CVE-2016-8657

It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group root:jboss, 664. On systems using classic /etc/init.d init scripts i.e. on Red Hat Enterprise Linux 6 a...

[SECURITY] [DLA 1444-1] vim-syntastic security update

Package : vim-syntastic Version : 3.5.0-1+deb8u1 CVE ID : CVE-2018-11319 CVE-2018-11319 The improper handling of search for configuration files might be exploited for arbitrary code execution via a malicious gcc plugin. For Debian 8 "Jessie", this problem has been fixed in version 3.5.0-1+deb8u1...

Debian: Security Advisory (DLA-1444-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-14371

The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications. Mitigation There is no currently known mitigation for this flaw...

PT-2018-18663

Name of the Vulnerable Software and Affected Versions Echelon SmartServer 1 versions all Echelon SmartServer 2 versions prior to 4.11.007 Echelon i.LON 100 versions all Echelon i.LON 600 versions all Description The issue concerns the storage of passwords in plaintext, which could allow an attack...

Directory traversal

The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications...

CVE-2018-14371

The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications...

CVE-2018-14371

The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications...