CVE-2025-52460

Files or directories accessible to external parties issue exists in SS1 Ver.16.0.0.10 and earlier Media version:16.0.0a and earlier. If exploited, uploaded files and SS1 configuration files may be accessed by a remote unauthenticated attacker...

CVE-2025-52460

CVE-2025-52460 affects SS1 (DOS CO) versions 16.0.0.10 and earlier (Media 16.0.0a and earlier). The issue enables remote, unauthenticated access to uploaded files and SS1 configuration files due to files/directories accessible to external parties. Affected products are SS1 Ver.16.0.0.10 and earli...

PT-2025-34973

Name of the Vulnerable Software and Affected Versions: SS1 versions 16.0.0.10 and earlier SS1 Media versions 16.0.0a and earlier Description: An issue exists where files or directories are accessible to external parties. Exploitation may allow a remote, unauthenticated attacker to access uploaded...

CVE-2025-30063 Excessive permissions on configuration files containing database logins and passwords

The configuration file containing database logins and passwords is readable by any local user...

Git Link Following Vulnerability

Git contains a link following vulnerability that stems from Git’s inconsistent handling of carriage return characters in configuration files...

CVE-2010-20109 Barracuda Spam & Virus Firewall "locale" Path Traversal

Barracuda products, confirmed in Spam & Virus Firewall, SSL VPN, and Web Application Firewall versions prior to October 2010, contain a path traversal vulnerability in the viewhelp.cgi endpoint. The locale parameter fails to properly sanitize user input, allowing attackers to inject traversal...

CVE-2025-51539

EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability due to improper access control and insufficient input validation in a script exposed via the web interface. A remote attacker can supply a crafted path parameter to a PHP script to read arbitrary files from the filesystem...

Linux Distros Unpatched Vulnerability : CVE-2018-14371

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker...

Default Credentials in nginx-defender Configuration Files

Impact This is a configuration vulnerability affecting nginx-defender deployments. Example configuration files config.yaml, docker-compose.yml contain default credentials defaultpassword: "changemeplease", GFSECURITYADMINPASSWORD=admin123. If users deploy nginx-defender without changing these...

CVE-2025-55740 Default Credentials in nginx-defender Configuration Files

nginx-defender is a high-performance, enterprise-grade Web Application Firewall WAF and threat detection system engineered for modern web infrastructure. This is a configuration vulnerability affecting nginx-defender deployments. Example configuration files config.yaml and docker-compose.yml...

CVE-2025-55740 Default Credentials in nginx-defender Configuration Files

nginx-defender is a high-performance, enterprise-grade Web Application Firewall WAF and threat detection system engineered for modern web infrastructure. This is a configuration vulnerability affecting nginx-defender deployments. Example configuration files config.yaml and docker-compose.yml...

CVE-2025-51539

EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability due to improper access control and insufficient input validation in a script exposed via the web interface. A remote attacker can supply a crafted path parameter to a PHP script to read arbitrary files from the filesystem...

CVE-2025-51539

EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability due to improper access control and insufficient input validation in a script exposed via the web interface. A remote attacker can supply a crafted path parameter to a PHP script to read arbitrary files from the filesystem...

Default Credentials in nginx-defender Configuration Files

This is a configuration vulnerability affecting nginx-defender deployments. Example configuration files config.yaml, docker-compose.yml contain default credentials defaultpassword: "changemeplease", GFSECURITYADMINPASSWORD=admin123. If users deploy nginx-defender without changing these defaults,...

PT-2025-33862 · Unknown · Nginx-Defender

Name of the Vulnerable Software and Affected Versions: nginx-defender versions prior to 1.5.0 Description: nginx-defender deployments are susceptible to a configuration issue due to the presence of default credentials in example configuration files, such as config.yaml and docker-compose.yml. The...

CVE-2025-51539

EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability in a web‑exposed script. A remote attacker can supply a crafted path parameter to read arbitrary files from the filesystem via directory traversal (e.g., ../../../), without authentication or proper path handling. Potentia...

BIT-HELM-2025-55198 Helm May Panic Due To Incorrect YAML Content

Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring YAML files are formatted as Helm expect...

CVE-2025-55198 Helm May Panic Due To Incorrect YAML Content

Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring YAML files are formatted as Helm expect...

CVE-2011-10012

NetOp now part of Impero Software Remote Control Client v9.5 is vulnerable to a stack-based buffer overflow when processing .dws configuration files. If a .dws file contains a string longer than 520 bytes, the application fails to perform proper bounds checking, allowing an attacker to execute...

CVE-2011-10012 NetOp Remote Control Client 9.5 .dws File Buffer Overflow

NetOp now part of Impero Software Remote Control Client v9.5 is vulnerable to a stack-based buffer overflow when processing .dws configuration files. If a .dws file contains a string longer than 520 bytes, the application fails to perform proper bounds checking, allowing an attacker to execute...