NetOp Remote Control Client 安全漏洞

NetOp Remote Control Client is a remote control software from the Danish company NetOp. A security vulnerability exists in NetOp Remote Control Client version 9.5, which stems from a stack buffer overflow when processing .dws configuration files, and could lead to the execution of arbitrary code...

Johnson Controls FX Server, FX80 and FX90 (Update A)

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to compromise the device's configuration files. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...

SolarWinds Web Help Desk < 12.8.7 XXE Vulnerability

The version of Solarwinds Web Help Desk installed on the remote host is prior to 12.8.7. It is, therefore, affected by a vulnerability. SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection XXE vulnerability that could lead to information disclosure. A valid,...

NewStart CGSL MAIN 7.02 : c-ares Vulnerability (NS-SA-2025-0167)

The remote NewStart CGSL host, running version MAIN 7.02, has c-ares packages installed that are affected by a vulnerability: - c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASE...

NewStart CGSL MAIN 7.02 : libeconf Multiple Vulnerabilities (NS-SA-2025-0131)

The remote NewStart CGSL host, running version MAIN 7.02, has libeconf packages installed that are affected by multiple vulnerabilities: - A Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in openSUSE libeconf allows for DoS via malformed configuration files Thi...

CVE-2025-7766

Lantronix Provisioning Manager is vulnerable to XML external entity attacks in configuration files supplied by network devices, leading to unauthenticated remote code execution on hosts with Provisioning Manager installed...

Security Bulletin: Arbitrary Code Execution via JaninoEventEvaluator in Logback-Core through Malicious Configuration Files or Environment Variables

Summary ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before...

Apache Jena Input Validation Error Vulnerability

Apache Jena is the Apache Software Foundation's open source Java framework for building semantic web and linked data applications. A file path validation vulnerability exists in Apache Jena 5.4.0 and earlier versions, which stems from a failure to validate file access paths in configuration files...

CVE-2025-7766

Lantronix Provisioning Manager is affected by an XML External Entity (XXE) vulnerability that allows unauthenticated remote code execution via XML configuration data. Public references within connected sources note an exploit PoC for Provisioning Manager

GHSA-XG9P-P463-3QJP Apache Jena doesn't validate file access paths in configuration files uploaded by users with administrator access

File access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload...

CVE-2025-50151

File access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload...

CVE-2025-50151 Apache Jena: Configuration files uploaded by administrative users are not check properly

File access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload...

PT-2025-30315

Name of the Vulnerable Software and Affected Versions Netgear RAX30 version 1.0.10.94 3 Description The USERLIMIT GLOBAL option is set to 0 in multiple bftpd-related configuration files, potentially leading to denial-of-service DoS attacks when an unlimited number of users connect. Recommendation...

CVE-2025-34130

An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the /z/zbin/nethtml.cgi endpoint. This vulnerability allows attackers to read sensitive configuration files, such as /zconf/service.xml, which can then be used to...

Lenovo Vantage 安全漏洞

Lenovo Vantage is a computer management application from the Chinese company Lenovo Lenovo. The program supports features such as driver updates, device status diagnostics, and computer configuration. A security vulnerability exists in Lenovo Vantage that stems from improper authentication and...

CVE-2025-34130 LILIN DVR Arbitrary File Read via net_html.cgi

An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the /z/zbin/nethtml.cgi endpoint. This vulnerability allows attackers to read sensitive configuration files, such as /zconf/service.xml, which can then be used to...

CVE-2025-34130

CVE-2025-34130 affects LILIN Digital Video Recorder (DVR) devices up to firmware version 2.0b60_20200207. An unauthenticated arbitrary file read via the endpoint /z/zbin/net_html.cgi allows reading sensitive files such as /zconf/service.xml , enabling further attacks including command injection. ...

CVE-2025-34130

An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the /z/zbin/nethtml.cgi endpoint. This vulnerability allows attackers to read sensitive configuration files, such as /zconf/service.xml, which can then be used to...

CVE-2025-6982

CVE-2025-6982 affects TP-Link Archer C50 V3/V4/V5 firmware with hard-coded DES decryption keys, allowing offline decryption of config.xml and potential exposure of admin credentials and settings. Affected versions are V3 (&lt;=180703), V4 (&lt;=250117), and V5 (

LILIN Digital Video Recorder 安全漏洞

LILIN Digital Video Recorder is a video recorder from LILIN Taiwan, China. A security vulnerability exists in LILIN Digital Video Recorder versions prior to 2.0b6020200207, which originates from an arbitrary file read and could lead to the reading of sensitive configuration files...