2867 matches found
CVE-2016-5087
Alertus Desktop Notification before 2.9.31.1710 on OS X uses weak permissions for configuration files and unspecified other files, which allows local users to suppress emergency notifications or change content via standard filesystem operations...
CVE-2016-5087
The CVE-2016-5087 issue affects Alertus Desktop Notification for OS X prior to version 2.9.31.1710, where insecure default permissions on configuration and other files allow a local unprivileged user to disable emergency notifications or alter content. The root cause is weak file permissions; imp...
Trane Tracer SC Sensitive Information Exposure Vulnerability
OVERVIEW Independent researcher Maxim Rupp has identified an information exposure vulnerability in Trane U.S. Inc.’s Tracer SC field panel. Trane U.S. Inc. has produced an update to mitigate this vulnerability. Maxim Rupp has tested the update to validate that it resolves the vulnerability. This...
KMC Controls BAC-5051E Cross-Site Request Forgery Vulnerability
KMC Controls BAC-5051E is a router product for use in building automation systems from KMC Controls, USA. A cross-site request forgery vulnerability exists in the KMC Controls BAC-5051E using firmware versions prior to E0.2.0.2. A remote attacker could exploit this vulnerability to disclose the...
KMC Controls BAC-5051E Security Bypass Vulnerability
KMC Controls BAC-5051E is a router product for use in building automation systems from KMC Controls, USA. A security vulnerability exists in the KMC Controls BAC-5051E using firmware versions prior to E0.2.0.2. A remote attacker could use this vulnerability to bypass established access restrictio...
CVE-2016-4495
CVE-2016-4495 affects KMC Controls BAC-5051E routers with firmware prior to E0.2.0.2. The issue allows remote attackers to bypass access restrictions and read a configuration file via unspecified vectors. NVD/NIST records a CVSS v3 base score of 5.3 (Network, low complexity, no privileges require...
Moxa EDR G903 Router Multiple Vulnerabilities
Moxa EDR G903 Router is prone to multiple vulnerabilities SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/h:moxa:edr-g903";...
WordPress Simple Backup 2.7.11 Plugin - Multiple Vulnerabilities
Exploit for php platform in category web applications Meta information Exploit Title: Wordpress plugin simple-backup - Multiple vulnerabilities Date: 2016-06-02 Exploit Author: PizzaHatHacker A gmail . com Vendor Homepage: DEAD LINK https://wordpress.org/plugins/simple-backup/ Software Link: DEAD...
An arbitrary file read vulnerability recorded-vulnerability warning-the black bar safety net
Black box testing Black-box testing found that an interface exist arbitrary file read vulnerability. ! "" The preferred determination is file read or file contains, because filegetcontent“/etc/passwd”include“/etc/passwd”black box view of the performance may be the same. And the file contains is c...
CVE-2016-0875
Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to read configuration and log files via a crafted URL...
CVE-2016-0875
Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to read configuration and log files via a crafted URL...
CVE-2016-0879
Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log files after completing the import function, which allows remote attackers to obtain sensitive information by requesting these files at an unspecified URL...
CVE-2016-0875
CVE-2016-0875 affects Moxa EDR-G903 Secure Router devices (prior to firmware version 3.4.12). The vulnerability stems from improper access control that allows remote attackers to read configuration and log files by requesting a crafted URL. Public references describe affected products as EDR-G903...
Moxa EDR-G903 Information Disclosure Vulnerability
Moxa EDR-G903 is a suite of Moxa's all-in-one firewall/VPN security router products. A security vulnerability exists in Moxa EDR-G903 V3.4.11 and earlier versions. The vulnerability can be exploited by a remote attacker to obtain plaintext passwords in configuration files...
Protocol Learning and Stateful Fuzzing: Pulsar
Pulsar is a network fuzzer with automatic protocol learning and simulation capabilites. The tool allows to model a protocol through machine learning techniques, such as clustering and hidden Markov models. These models can be used to simulate communication between Pulsar and a real client or serv...
The vulnerability of the Debian GNU/Linux operating system allows a perpetrator to read arbitrary files in the configuration directory.
The vulnerability in the xymond component of the Debian GNU/Linux operating system is related to the lack of protection for configuration data. Exploiting this vulnerability allows a malicious actor to read arbitrary files from the configuration directory using the “config” command...
Multiple CCTV-DVR Vendors RCE Vulnerability - Active Check
The remote CCTV-DVR system is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Firmware File System Extraction: firmwalker
A simple bash script for searching the extracted or mounted firmware file system. It will search through the extracted or mounted firmware file system for things of interest such as: etc/shadow and etc/passwd list out the etc/ssl directory search for SSL related files such as .pem, .crt, etc...
UBUNTU-CVE-2016-2055
xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command...
CVE-2015-8399
Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to 1 spaces/viewdefaultdecorator.action or 2 admin/viewdefaultdecorator.action...