CVE-2007-0080

Buffer overflow in the SMBConnectServer function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMBHandleType instance. NOTE: the impact of this issue has been disputed by a reliable third party and the vendor, who states that...

Insecure Direct Object Reference

The following URL is vulnerable to Insecure Direct Object Reference, allowing any authenticated user to read configuration files from the application such as the content of webapp directory in confluence. http:///spaces/viewdefaultdecorator.action?decoratorName=...

Insecure Direct Object Reference

The following URL is vulnerable to Insecure Direct Object Reference, allowing any authenticated user to read configuration files from the application such as the content of webapp directory in confluence. http:///spaces/viewdefaultdecorator.action?decoratorName=...

Insecure Direct Object Reference

The following URL is vulnerable to Insecure Direct Object Reference, allowing any authenticated user to read configuration files from the application such as the content of webapp directory in confluence. http:///spaces/viewdefaultdecorator.action?decoratorName=...

Document Containment Vulnerability in e-Government Platform of Shanghai Jofan Information Technology Co.

The eGovernment platform is an office system. A file inclusion vulnerability exists in the e-government platform of Shanghai Zhuo Fan Information Technology Co., Ltd, which allows attackers to obtain sensitive information such as configuration files by guessing the file directory...

RSA Web Threat Detection AnnoDB Password Vulnerability

RSA Web Threat Detection is a big data and security analytics solution. RSA Web Threat Detection has a security vulnerability that allows an attacker to obtain AnnoDB database passwords by viewing system configuration files...

WordPress mTheme-Unus Local File Inclusion Exploit

WordPress mTheme-Unus theme versions prior to 2.3 suffer from a local file inclusion vulnerability. Exploit Title: Wordpress themes mTheme-Unus LFI Vulnerability Date: 2015-09-27 Exploit Author: FullSecurity.org Google Dork: ilnurl:/wp-content/themes/mTheme-Unus/ Vendor Homepage:...

McAfee Threat Intelligence Exchange Secondary Server Information Disclosure Vulnerability

McAfee Threat Intelligence Exchange TIE the United States McAfee McAfee company's set of unified threat defense system to provide security recovery and infection defense capabilities. The system provides comprehensive threat intelligence awareness, instant understanding of the trails of advanced...

Information disclosure

The Secondary server in Threat Intelligence Exchange TIE before 1.2.0 uses weak permissions for unspecified 1 configuration files and 2 installation logs, which allows local users to obtain sensitive information by reading the files...

The vulnerability of the microprogramming software of the Cisco TelePresence Video Communication Server allows a intruder to circumvent existing restrictions on access to configuration files.

The vulnerability of the Microprogramming Software of the Cisco TelePresence Video Communication Server lies in the lack of protection for service data. Exploiting this vulnerability allows a malicious actor, who operates remotely and has completed the authentication process, to circumvent existi...

Modular visual interface for GDB: GDB dashboard

Modular visual interface for GDB in Python This comes as a standalone single-file .gdbinit which, among the other things, enables a configurable dashboard showing the most relevant information during the program execution. Its main goal is to reduce the number of GDB commands issued to inspect th...

Unauthorized download of configuration file vulnerability in routers belonging to Shenzhen New Greenlight Communication Technology Co.

Ltd. is a national high-tech enterprise invested and founded by Futong Group. Unauthorized download configuration file vulnerability exists in the router belonging to Shenzhen New Greenlight Communication Technology Co. via, allowing attackers to utilize the code to get sensitive information...

Amazon Linux: Security Advisory (ALAS-2013-250)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

802.11 Massive Monitoring: WiWo

wiwo is a distributed 802.11 monitoring and injecting system that was designed to be simple and scalable, in which all workers nodes can be managed by a Python framework Building the worker Requirements Install necessary requirements. $ sudo apt-get install build-essential git subversion...

Design/Logic Flaw

Cisco TelePresence Video Communication Server VCS Expressway X8.5.2 allows remote authenticated users to bypass intended access restrictions and read configuration files by leveraging the Mobile and Remote Access MRA role and establishing a TFTP session, aka Bug ID CSCuv78531...

CVE-2015-6261

Cisco TelePresence Video Communication Server Expressway X8.5.2 contains CVE-2015-6261: remote authenticated users with the Mobile and Remote Access (MRA) role can bypass access controls and read configuration files by initiating a TFTP session. Root cause is lack of TFTP authentication/controls ...

Cisco TelePresence Video Communication Server Expressway TFTP Information Disclosure Vulnerability

A vulnerability in TFTP in Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, remote attacker to obtain unauthorized access to configuration files from the device by using TFTP. The vulnerability is due to lack of TFTP authentication and control for the...

Netop Remote Control 11.52 / 12.11 Credential Issue

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-025 Product: Netop Remote Control Vendor: Netop Affected Versions: 11.52, 12.11 Tested Versions: 11.52, 12.11 Vulnerability Type: Use of Hard-coded Cryptographic Key CWE-321 Insufficiently Protected Credentials CWE-522 Risk...

Moderate: Red Hat Security Advisory: openstack-neutron security and bug fix update

Updated openstack-neutron packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 6.0 Red Hat Product Security has rated this update as having a Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Arbitrary File Read Vulnerability in Jinhe IOAS Standard Office System for SMEs

Beijing Jinhe Network Co., Ltd. is an enterprise that provides informationization solutions and collaborative management software, and IOAS Standard Office System for Small and Medium-sized Enterprises is one of the products of Beijing Jinhe Network Co. IOAS is a product of Beijing JinHe Network...