2857 matches found
CVE-2013-0651
The Portal installation process in GE Intelligent Platforms Proficy Real-Time Information Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to read configuration files, and discover data-source credentials, via a direct request...
CVE-2019-19224
A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface Firmware EU1.03 allows an attacker to download the configuration binary file settings by submitting a rom-0 GET request without being authenticated on the admin interface...
CVE-2019-10990
Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files...
CVE-2018-20094
An issue was discovered in XXL-CONF 1.6.0. There is a path traversal vulnerability via ../ in the keys parameter that can download any configuration file, related to ConfController.java and PropUtil.java...
CVE-2015-9431
The qtranslate-x plugin before 3.4.4 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=qtranslate-x jsonconfigfiles or jsoncustomi18nconfig parameter...
CVE-2017-1000192
Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the login and password from the database, private encryption key, as well as other sensitive information...
CVE-2019-6175
A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations...
CVE-2019-18335
A vulnerability has been identified in SPPA-T3000 Application Server All versions Service Pack R8.2 SP2. An attacker with network access to the Application Server could be able to gain access to logs and configuration files by sending specifically crafted packets to 80/tcp. Please note that an...
CVE-2018-25095
The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server...
CVE-2018-16498
In Versa Director, the unencrypted backup files stored on the Versa deployment contain credentials stored within configuration files. These credentials are for various application components such as SNMP, and SSL and Trust keystores...
PT-2025-22370
Name of the Vulnerable Software and Affected Versions ns backup extension for TYPO3 version 13.0.0 and earlier Description The issue concerns a Predictable Resource Location in the ns backup extension for TYPO3. This allows an unauthenticated remote user to download created backups and...
Security Bulletin: Vulnerability in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The...
Znuny 安全漏洞
Znuny is a work order system from Znuny, Inc. A security vulnerability exists in Znuny 7.1.3 and prior versions, which stems from improperly written configuration files and could lead to command injection...
Ensure That the Permissions on Important Files and Directories Are Minimized
According to the principle of least privilege, the minimum access permission must be correctly set for key files or directories in the system, especially those containing sensitive information. Only users with relevant permissions can access these files or directories. If the file or directory...
Ensure That the LD_LIBRARY_PATH Environment Variable Is Correctly Defined
LDLIBRARYPATH is an environmental variable in Linux. When loading a dynamic link library, the program preferentially obtains the library from the path specified by LDLIBRARYPATH. Generally, LDLIBRARYPATH should not be set, because a maliciously set value will make the program link to an incorrect...
Configure Audit Rules for SELinux
SELinux is a mandatory access control function component of Linux. It is used to implement fine-grained permission control on processes and files. You are advised to audit configurations of SELinux configuration files and policy files and record modification logs. If SELinux audit is not...
A Rusty Link in the AI Supply Chain: Detecting Evil Configurations in Model Repositories
Recent advancements in large language models LLMs have spurred the development of diverse AI applications from code generation and video editing to text generation; however, AI supply chains such as Hugging Face, which host pretrained models and their associated configuration files contributed by...
CVE-2025-46568
Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Prior to version 0.45.0, Stirling-PDF is vulnerable to SSRF-induced arbitrary file read. WeasyPrint redefines a set of HTML tags, including img, embed, object, and others. The references t...
Bosch Rexroth ctrlX OS 安全漏洞
Bosch Rexroth ctrlX OS is a Linux-based real-time operating system from Bosch Rexroth, an open control platform designed for industrial automation equipment. A security vulnerability exists in Bosch Rexroth ctrlX OS that stems from improper handling of user configuration files, which could lead t...
Bosch Rexroth ctrlX OS 安全漏洞
Bosch Rexroth ctrlX OS is a Linux-based real-time operating system from Bosch Rexroth, an open control platform designed for industrial automation equipment. A security vulnerability exists in Bosch Rexroth ctrlX OS that originates from a specially crafted HTTP request in the network interface...