2855 matches found
Information Exposure
Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Information Exposure via the backup process. An unauthenticated remote attacker can trigger generation of a configuration backup ZIP via POST...
RUSTSEC-2025-0139 theshit vulnerable to unsafe loading of user-owned Python rules when running as root
The application loads custom Python rules and configuration files from user-writable locations e.g., /.config/theshit/ without validating ownership or permissions when executed with elevated privileges. If the tool is invoked with sudo or otherwise runs with an effective UID of root, it continues...
theshit vulnerable to unsafe loading of user-owned Python rules when running as root
The application loads custom Python rules and configuration files from user-writable locations e.g., /.config/theshit/ without validating ownership or permissions when executed with elevated privileges. If the tool is invoked with sudo or otherwise runs with an effective UID of root, it continues...
PT-2025-54217
theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.1.1, the application loads custom Python rules and configuration files from user-writable locations e.g., /.config/theshit/ without validating ownership or permissions when...
CVE-2019-25239
V-SOL GPON/EPON OLT Platform 2.03 contains an unauthenticated information disclosure vulnerability that allows attackers to download configuration files via direct object reference. Attackers can retrieve sensitive configuration data by sending HTTP GET requests to the usrcfg.conf endpoint,...
CVE-2018-25145
Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers to download sensitive system configuration files. Attackers can retrieve configuration files from multiple directories including '/www', '/etc/mcli/', and '/tmp' to access syst...
CVE-2018-25145
Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers to download sensitive system configuration files. Attackers can retrieve configuration files from multiple directories including '/www', '/etc/mcli/', and '/tmp' to access syst...
CVE-2019-25239
CVE-2019-25239 affects V-SOL GPON/EPON OLT Platform 2.03. An unauthenticated information disclosure allows downloading sensitive configuration data by requesting the usrcfg.conf endpoint via HTTP GET, potentially enabling authentication bypass and system access. This is supported by multiple sour...
CVE-2018-25145 Microhard Systems IPn4G 1.1.0 Configuration Disclosure via Authenticated Download
Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers to download sensitive system configuration files. Attackers can retrieve configuration files from multiple directories including '/www', '/etc/mcli/', and '/tmp' to access syst...
CVE-2018-25145 Microhard Systems IPn4G 1.1.0 Configuration Disclosure via Authenticated Download
Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers to download sensitive system configuration files. Attackers can retrieve configuration files from multiple directories including '/www', '/etc/mcli/', and '/tmp' to access syst...
CVE-2018-25145
The CVE concerns Microhard Systems IPn4G 1.1.0, where an authenticated user can download sensitive configuration files via a configuration-disclosure vulnerability. Affected component is the device’s configuration storage accessible from multiple directories including '/www', '/etc/m_cli/', and '...
PT-2025-53325
Name of the Vulnerable Software and Affected Versions V-SOL GPON/EPON OLT Platform version 2.03 Description The software contains an information disclosure issue that allows unauthorized access to configuration files. Attackers can obtain sensitive configuration data by sending HTTP GET requests ...
PT-2025-53365
Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers to download sensitive system configuration files. Attackers can retrieve configuration files from multiple directories including '/www', '/etc/m cli/', and '/tmp' to access...
V-SOL GPON/EPON OLT Platform 安全漏洞
V-SOL GPON/EPON OLT Platform is an optical line terminal management platform from China Semiconductor V-SOL. A security vulnerability exists in V-SOL GPON/EPON OLT Platform version 2.03, which originates from unauthenticated information disclosure and could result in the downloading of...
CVE-2025-65011
In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 an unauthorised user can view configuration files by directly referencing the resource in question. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version...
CVE-2025-65011
In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 an unauthorised user can view configuration files by directly referencing the resource in question. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version...
CVE-2025-65011 Unauthorized Access to files in WODESYS WD-R608U router
In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 an unauthorised user can view configuration files by directly referencing the resource in question. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version...
CVE-2025-65011
CVE-2025-65011 relates to the WODESYS WD-R608U router (aka WDR122B V2.0, WDR28). The observed issue is that an unauthorised user can view configuration files by directly referencing the vulnerable resource, indicating a disclosure/callback exposure due to insufficient access control. The Red Hat ...
CVE-2025-65011 Unauthorized Access to files in WODESYS WD-R608U router
In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 an unauthorised user can view configuration files by directly referencing the resource in question. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version...
TP-Link WA850RE 安全漏洞
TP-Link WA850RE is a wireless signal extender from China P&L TP-Link. A security vulnerability exists in the TP-Link WA850RE V2160527 and prior versions, which stems from improper authentication of the httpd module and could result in the downloading of configuration files...