2874 matches found
CVE-2018-12356
An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension script...
CVE-2018-12356
An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension script...
CVE-2018-12356
An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension script...
Smule: Disclosure of information about the system, configuration files.
Disclosure of django configuration via debug mode...
New Relic: Insecure Infrastructure Integrations YML Loading leads to Windows Privilege Escalation
After installing the Windows Infrastructure client as discussed in https://docs.newrelic.com/docs/infrastructure/new-relic-infrastructure/installation/install-infrastructure-windows-server I noticed that integration yml config files are not only loaded from the folder within Program Files, but al...
Design/Logic Flaw
A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could allow an unauthenticated, remote attacker to bypass the TLS certificate check when downloading...
CVE-2018-0334
A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could allow an unauthenticated, remote attacker to bypass the TLS certificate check when downloading...
CVE-2018-0334
A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could allow an unauthenticated, remote attacker to bypass the TLS certificate check when downloading...
Authentication flaw
In ABB IP GATEWAY 3.39 and prior, by accessing a specific uniform resource locator URL on the web server, a malicious user is able to access the configuration files and application pages without authentication...
CVE-2017-7933
In ABB IP GATEWAY 3.39 and prior, some configuration files contain passwords stored in plain-text, which may allow an attacker to gain unauthorized access...
Design/Logic Flaw
In ABB IP GATEWAY 3.39 and prior, some configuration files contain passwords stored in plain-text, which may allow an attacker to gain unauthorized access...
CVE-2017-7933
In ABB IP GATEWAY 3.39 and prior, some configuration files contain passwords stored in plain-text, which may allow an attacker to gain unauthorized access...
CVE-2017-7931
In ABB IP GATEWAY 3.39 and prior, by accessing a specific uniform resource locator URL on the web server, a malicious user is able to access the configuration files and application pages without authentication...
CVE-2017-7931
In ABB IP GATEWAY 3.39 and prior, by accessing a specific uniform resource locator URL on the web server, a malicious user is able to access the configuration files and application pages without authentication...
CVE-2017-7933
In ABB IP GATEWAY 3.39 and prior, some configuration files contain passwords stored in plain-text, which may allow an attacker to gain unauthorized access...
Cisco AnyConnect Secure Mobility Client Certificate Bypass Vulnerability
A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could allow an unauthenticated, remote attacker to bypass the TLS certificate check when downloading...
ABB IP Gateway Unauthorized Access Vulnerability
ABB IP GATEWAY is a building management system from ABB Switzerland. A security vulnerability exists in ABB IP GATEWAY version 3.39 and earlier. The vulnerability can be exploited by an attacker to gain unauthenticated access to configuration files or application pages via a specially crafted URL...
CVE-2018-11319
Syntastic aka vim-syntastic through 3.9.0 does not properly handle searches for configuration files it searches the current directory up to potentially the root. This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to a...
Directory traversal
Syntastic aka vim-syntastic through 3.9.0 does not properly handle searches for configuration files it searches the current directory up to potentially the root. This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to a...
CVE-2018-11319
Syntastic aka vim-syntastic through 3.9.0 does not properly handle searches for configuration files it searches the current directory up to potentially the root. This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to a...