CVE-2015-8399

Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to 1 spaces/viewdefaultdecorator.action or 2 admin/viewdefaultdecorator.action...

Hsort报刊管理系统目录遍历漏洞

0x01 框架介绍 HSORT提供数字报纸,电子报纸,电子杂志,新闻网系统,在线看报软件,全力助报社,政府,高校,集团企业等单位多媒体网络化平台搭建系统。 整个系统基于最新的微软.NET 3.5架构，可以方便的扩充和定制，极高的稳定性，让您的使用毫无后顾之忧。专业的团队，为您的报社服务。通过插件，可以方便的解读方正等的PS文件并转化为图片上传到系统中。 一套用于报刊杂志数字版发布、更新的软件，只需将包含文章内容的纯文本进行简单标识，就可由本软件根据模板快速生成整个网站的内容，可使更新效率大大提高，而且避免了手工更新容易出现错误的问题，是各中小报纸杂志社制作、更新自已的数字版网站的好助手...

SUSE SLES11 Security Update : quagga (SUSE-SU-2016:0954-1)

This update for quagga fixes one security issue : - bsc770619: Disallow unprivileged users to enter config directory /etc/quagga group: quagga, mode: 750 and read configuration files installed there group: quagga, mode: 640. Note that Tenable Network Security has extracted the preceding descripti...

Eaton Lighting Systems EG2 Web Control Authentication Bypass Vulnerability

The Eaton Lighting Systems EG2 Web Control is a controller product from Eaton Lighting Systems USA for Internet and Wi-Fi LAN connections to the iLumin network. An authentication bypass vulnerability exists in Eaton Lighting Systems EG2 Web Control V4.04P and prior versions. A remote attacker cou...

SUSE-SU-2016:0953-1 Security update for quagga

This update for quagga fixes one security issue: - bsc770619: Disallow unprivileged users to enter config directory /etc/quagga group: quagga, mode: 750 and read configuration files installed there group: quagga, mode: 640...

Directory traversal

Directory traversal vulnerability in ICONICS WebHMI 9 and earlier allows remote attackers to read configuration files, and consequently discover password hashes, via unspecified vectors...

CVE-2016-2289

Directory traversal vulnerability in ICONICS WebHMI 9 and earlier allows remote attackers to read configuration files, and consequently discover password hashes, via unspecified vectors...

CVE-2016-2289

Directory traversal vulnerability in ICONICS WebHMI 9 and earlier allows remote attackers to read configuration files, and consequently discover password hashes, via unspecified vectors...

CVE-2016-2289

ICONICS WebHMI (versions 9 and earlier) suffers a directory traversal flaw (CWE-22) that enables remote attackers to read configuration files and obtain password hashes. Multiple sources (NVD CVE-2016-2289; CNVD-2016-01984; PRION/CVE-2016-2289; ICSA-16-091-01) describe the vulnerability as exploi...

Firmwalker - Script for searching the extracted firmware file system for goodies!

A simple bash script for searching the extracted or mounted firmware file system. It will search through the extracted or mounted firmware file system for things of interest such as: etc/shadow and etc/passwd list out the etc/ssl directory search for SSL related files such as .pem, .crt, etc...

Shopify: File name and folder enumeration.

Hello, An attacker can enumerate your sensitive files and folder such as configuration files name via the timezone parameter in cube.csv: GET...

Xymon Information Disclosure Vulnerability

Xymon is an open source , cross-platform network monitoring application . The application can be viewed through the web page of the operational status of each server , and supports Email and SMS notification function . There is a security vulnerability in Xymon. This vulnerability can be exploite...

SeaWell Networks Spectrum - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: SeaWell Networks Spectrum - Multiple Vulnerabilities Discovered by: Karn Ganeshen Vendor Homepage: http://www.seawellnetworks.com/spectrum/ Versions Reported: Spectrum SDC 02.05.00, Build 02.05.00.0016 CVE-ID: CVE-2015-8282...

Atlassian Confluence XSS and Insecure Direct Object Reference Vulnerabilities

Atlassian Confluence is prone to cross site scripting and insecure direct object reference vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Atlassian Confluence 5.2 / 5.8.14 / 5.8.15 - Multiple Vulnerabilities

Exploit for php platform in category web applications Systems Affected Product : Confluence Company : Atlassian Versions 1 : 5.2 / 5.8.14 / 5.8.15 CVSS Score 1 : 6.1 / Medium classified by vendor Versions 2 : 5.9.1 / 5.8.14 / 5.8.15 CVSS Score 2 : 7.7 / High classified by vendor Product Descripti...

ZTE ZXHN H108N R1A devices information disclosure vulnerability

The ZTE ZXHN H108N R1A is a wireless router product from China's ZTE Corporation. An information disclosure vulnerability exists in the ZTE ZXHN H108N R1A ZTE.bhs.ZXHNH108NR1A.hPE version and the ZXV10 W300 W300V1.0.0fER1PE. Allows remote attackers to bypass predetermined access rights and discov...

Scientific Linux Security Update : grub2 on SL7.x x86_64 (20151215)

A flaw was found in the way the grub2 handled backspace characters entered in username and password prompts. An attacker with access to the system console could use this flaw to bypass grub2 password protection and gain administrative access to the system. CVE-2015-8370 This update also fixes the...

CentOS 7 : grub2 (CESA-2015:2623)

Updated grub2 packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CVE-2015-8482

CVE-2015-8482 affects the Blue Coat Unified Agent prior to 4.6.2. In local enforcement mode, the agent does not prevent modification of its configuration files, allowing a locally privileged administrator to unblock categories or disable the agent via unspecified vectors. The issue is mitigated b...

Two New Strains of POS Malware, Cherry Picker, Abaddon, Surface

Point of sale malware has gotten more sophisticated as we inch closer to the two-year anniversary of the Target data breach. Now, two weeks from the biggest shopping day of the year, two new and different strains of point of sale malware have come to light, including one that’s gone largely...