Arbitrary File Read Vulnerability in Hazardous Chemicals Public Security Management Information System of Guangzhou Zhongbao Digital Information Technology Co.

Ltd. is a high-tech enterprise engaged in information technology research and development, promotion and application, and technical support services in the field of software, hardware, Internet application technology and other information technology in the field of hazardous explosives-related...

Cygnux sysPass Local File Inclusion Vulnerability

Cygnux sysPass is an open source multi-user password manager that features easy installation, a clear interface and multi-user options. A local file inclusion vulnerability exists in the javascript file inclusion feature in Cygnux sysPass 2.1.7 and earlier versions. An attacker can exploit this...

CVE-2017-1000391

Jenkins versions 2.88 and earlier and 2.73.2 and earlier stores metadata related to 'people', which encompasses actual user accounts, as well as users appearing in SCM, in directories corresponding to the user ID on disk. These directories used the user ID for their name without additional...

TIBCO JasperReports 6.4.0 Information Disclosure Vulnerability

TIBCO JasperReports contain a vulnerability which fails to prevent remote access to all the contents of the web application, including key configuration files. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

CVE-2017-8139

HedEx Earlier than V200R006C00 versions have the stored cross-site scripting XSS vulnerability. Attackers can exploit the vulnerability to plant malicious scripts into the configuration file to interrupt the services of legitimate users...

Ubuntu 14.04 LTS / 16.04 LTS : Berkeley DB vulnerability (USN-3489-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3489-1 advisory. It was discovered that Berkeley DB incorrectly handled certain configuration files. An attacker could possibly use this issue to read sensitive...

USN-3489-2: Berkeley DB vulnerability

USN-3489-1 fixed a vulnerability in Berkeley DB. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Berkeley DB incorrectly handled certain configuration files. An attacker could possibly use this issue to read sensitive informati...

USN-3489-1 db5.3 vulnerability

It was discovered that Berkeley DB incorrectly handled certain configuration files. An attacker could possibly use this issue to read sensitive information...

USN-3489-1: Berkeley DB vulnerability

It was discovered that Berkeley DB incorrectly handled certain configuration files. An attacker could possibly use this issue to read sensitive information...

[ASA-201711-27] roundcubemail: arbitrary filesystem access

Arch Linux Security Advisory ASA-201711-27 ========================================== Severity: High Date : 2017-11-21 CVE-ID : CVE-2017-16651 Package : roundcubemail Type : arbitrary filesystem access Remote : Yes Link : https://security.archlinux.org/AVG-506 Summary ======= The package...

Design/Logic Flaw

Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the login and password from the database, private encryption key, as well as other sensitive information...

CVE-2017-1000192

Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the login and password from the database, private encryption key, as well as other sensitive information...

CVE-2017-1000192

Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the login and password from the database, private encryption key, as well as other sensitive information...

CVE-2017-1000192

Cygnux sysPass

CVE-2017-1000192

Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the login and password from the database, private encryption key, as well as other sensitive information...

Updated roundcubemail packages fix security vulnerability

It was discovered that roundcubemail contained a zero-day file disclosure vulnerability caused by insuficient input validation which was currently being exploited by hackers to read roundcube's configuration files and steal its database credentials CVE-2017-16651...

CVE-2017-5533

A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability whic...

CVE-2017-5533

A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability whic...

UBUNTU-CVE-2017-5533

A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability whic...

Design/Logic Flaw

A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability whic...