CVE-2016-0870

The web server in Trane Tracer SC 4.2.1134 and earlier allows remote attackers to read sensitive configuration files via a direct request...

CVE-2016-0870

The web server in Trane Tracer SC 4.2.1134 and earlier allows remote attackers to read sensitive configuration files via a direct request...

CVE-2016-0870

CVE-2016-0870 affects Trane Tracer SC web server (versions 4.2.1134 and earlier). A remote attacker can read sensitive configuration files via a direct request, exposing information from specific directories. NVD assigns CVSSv3 base score 5.3 (Network, Low complexity, No privileges, Confidentiali...

Trane Tracer SC Information Disclosure Vulnerability

The Trane Tracer SC is an intelligent control panel from Trane USA that communicates with HVAC equipment controllers. A security vulnerability exists in the web server in Trane Tracer SC 4.2.1134 and earlier versions. A remote attacker could exploit the vulnerability by sending a direct request t...

Ubuntu 14.04 LTS / 16.04 LTS : MySQL vulnerability (USN-3078-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3078-1 advisory. Dawid Golunski discovered that MySQL incorrectly handled configuration files. A remote attacker could possibly use this issue to execute arbitrary cod...

FreeBSD : mysql -- Remote Root Code Execution (856b88bf-7984-11e6-81e7-d050996490d0)

Dawid Golunski reports : An independent research has revealed multiple severe MySQL vulnerabilities. This advisory focuses on a critical vulnerability with a CVEID of CVE-2016-6662 which can allow attackers to remotely inject malicious settings into MySQL configuration files my.cnf leading to...

USN-3078-1: MySQL vulnerability

Dawid Golunski discovered that MySQL incorrectly handled configuration files. A remote attacker could possibly use this issue to execute arbitrary code with root privileges. MySQL has been updated to 5.5.52 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 16.04 LTS has been updated to MySQL 5.7.1...

USN-3078-1 mysql-5.5, mysql-5.7 vulnerability

Dawid Golunski discovered that MySQL incorrectly handled configuration files. A remote attacker could possibly use this issue to execute arbitrary code with root privileges. MySQL has been updated to 5.5.52 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 16.04 LTS has been updated to MySQL 5.7.1...

MySQL MariaDB PerconaDB 5.5.515.6.325.7.14 - Code Execution Privilege Escalation

MySQL MariaDB PerconaDB 5.5.515.6.325.7.14 - Code Execution Privilege Escalation !/usr/bin/python MySQL / MariaDB / Percona - Remote Root Code Execution / PrivEsc PoC Exploit CVE-2016-6662 0ldSQLMySQLRCEexploit.py ver. 1.0 For testing purposes only. Do no harm. Discovered/Coded by: Dawid Golunski...

mysql -- Remote Root Code Execution

Dawid Golunski reports: An independent research has revealed multiple severe MySQL vulnerabilities. This advisory focuses on a critical vulnerability with a CVEID of CVE-2016-6662 which can allow attackers to remotely inject malicious settings into MySQL configuration files my.cnf leading to...

PT-2016-7113 · Apache +5 · Apache Tomcat +5

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 9.0.0.M1 through 9.0.0.M9 Apache Tomcat versions 8.5.0 through 8.5.4 Apache Tomcat versions 8.0.0.RC1 through 8.0.36 Apache Tomcat versions 7.0.0 through 7.0.70 Apache Tomcat versions 6.0.0 through 6.0.45 Description:...

ZKTeco ZKBioSecurity 3.0 - Directory Traversal

ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform: 3.0.1.0R230 Personnel: 1.0.1.0R1916 Access: 6.0.1.0R1757 Elevator:...

File Download Vulnerability in New Windward Technology's Online Learning Test System

New Windward Technology Online Learning Exam System is built based on enterprise-level database platform, the system architecture using a three-tier structure, B/S mode development can be used for online training and examination system. The product exists arbitrary file download vulnerability,...

Debian Security Advisory DSA 3654-1 (quagga - security update)

Two vulnerabilities were discovered in quagga, a BGP/OSPF/RIP routing daemon. CVE-2016-4036 Tams Nmeth discovered that sensitive configuration files in /etc/quagga were world-readable despite containing sensitive information. CVE-2016-4049 Evgeny Uskov discovered that a bgpd instance handling man...

Information Disclosure Vulnerability in Multiple Moxa Products

Moxa OnCell G3100V2 and others are IP gateway products from Moxa. An information disclosure vulnerability exists in a number of Moxa products, which stems from the program's use of plaintext password storage. A local attacker can exploit this vulnerability by reading configuration files to obtain...

WSO2 Carbon 4.4.5 - Local File Inclusion

Credits: John Page aka HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-LOCAL-FILE-INCLUSION.txt + ISR: ApparitionSec Vendor: =============== www.wso2.com Product: ==================== Ws02Carbon v4.4.5 WSO2 Carbon is the core...

The vulnerability of the Emerson DeltaV digital automation system allows a malicious individual to increase their privileges and gain unauthorized access to confidential information.

The vulnerability of the Emerson DeltaV controller is related to errors that occur when processing a specially crafted configuration file. Exploiting this vulnerability allows a malicious individual to gain increased privileges and access confidential information without authorization...

CVE-2016-5087

Alertus Desktop Notification before 2.9.31.1710 on OS X uses weak permissions for configuration files and unspecified other files, which allows local users to suppress emergency notifications or change content via standard filesystem operations...

CVE-2016-5087

Alertus Desktop Notification before 2.9.31.1710 on OS X uses weak permissions for configuration files and unspecified other files, which allows local users to suppress emergency notifications or change content via standard filesystem operations...

Code injection

Alertus Desktop Notification before 2.9.31.1710 on OS X uses weak permissions for configuration files and unspecified other files, which allows local users to suppress emergency notifications or change content via standard filesystem operations...