CVE-2024-8459

Certain switch models from PLANET Technology store SNMPv3 users' passwords in plaintext within the configuration files, allowing remote attackers with administrator privileges to read the file and obtain the credentials...

CVE-2024-8453

Certain switch models from PLANET Technology use an insecure hashing function to hash user passwords without being salted. Remote attackers with administrator privileges can read configuration files to obtain the hash values, and potentially crack them to retrieve the plaintext passwords...

CVE-2024-6394

A Local File Inclusion vulnerability exists in parisneo/lollms-webui versions below v9.8. The vulnerability is due to unverified path concatenation in the servejs function in app.py, which allows attackers to perform path traversal attacks. This can lead to unauthorized access to arbitrary files ...

CVE-2024-8459

The CVE-2024-8459 entry concerns PLANET Technology switch models where SNMPv3 users’ passwords are stored in plaintext in configuration files. The root cause is cleartext storage in the device configuration, enabling remote administrators (with high privileges) to read the file and obtain credent...

CVE-2024-8459 PLANET Technology switch devices - Cleartext storage of SNMPv3 users' passwords

Certain switch models from PLANET Technology store SNMPv3 users' passwords in plaintext within the configuration files, allowing remote attackers with administrator privileges to read the file and obtain the credentials...

CVE-2024-8459 PLANET Technology switch devices - Cleartext storage of SNMPv3 users' passwords

Certain switch models from PLANET Technology store SNMPv3 users' passwords in plaintext within the configuration files, allowing remote attackers with administrator privileges to read the file and obtain the credentials...

CVE-2024-8453 PLANET Technology switch devices - Weak hash for users' passwords

Certain switch models from PLANET Technology use an insecure hashing function to hash user passwords without being salted. Remote attackers with administrator privileges can read configuration files to obtain the hash values, and potentially crack them to retrieve the plaintext passwords...

CVE-2024-8453

CVE-2024-8453 concerns PLANET Technology switch devices where passwords are hashed with an insecure, unsalted hashing function. The affected components are PLANET Technology switch models; the vulnerability arises from using an hash function that does not salt, enabling an attacker with administr...

LoLLMs 安全漏洞

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A security vulnerability exists in LoLLMs versions prior to v9.8, which stems from an unverified path connection in the servejs function in app.py. An attacker exploiting this vulnerability can...

PLANET switch devices 安全漏洞

PLANET switch devices are a series of switch devices from PLANET China. A security vulnerability exists in PLANET switch devices that stems from SNMPv3 user passwords being stored in plaintext in a configuration file, allowing a remote attacker with administrator privileges to read the file and...

Foxit PDF Reader Elevation of Privilege Vulnerability

Foxit PDF Reader is a PDF document reader and printer with fast startup speed and rich features. An elevation of privilege vulnerability exists in Foxit PDF Reader, which stems from not properly assigning privileges when handling configuration files, and can be exploited by an attacker to elevate...

Agnai File Disclosure Vulnerability: JSON via Path Traversal

CWE-35: Path Traversal https://cwe.mitre.org/data/definitions/35.html CVSSv3.1 4.3 - Medium CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Summary A vulnerability has been discovered in Agnai that permits attackers to read arbitrary JS...

GHSA-H355-HM5H-CM8H Agnai File Disclosure Vulnerability: JSON via Path Traversal

CWE-35: Path Traversal https://cwe.mitre.org/data/definitions/35.html CVSSv3.1 4.3 - Medium CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Summary A vulnerability has been discovered in Agnai that permits attackers to read arbitrary JS...

CVE-2024-47170 Agnai File Disclosure Vulnerability: JSON via Path Traversal

Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to read arbitrary JSON files at attacker-chosen locations on the server. This issue can lead to unauthorized access to sensitive information an...

Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the...

Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the...

EulerOS 2.0 SP8 : c-ares (EulerOS-SA-2024-2458)

According to the versions of the c-ares packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf,...

CVE-2024-6786

The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of sensitive information, such as configuration files and JWT signing secrets...

CVE-2024-6786

The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of sensitive information, such as configuration files and JWT signing secrets...

CVE-2024-20430 Cisco Meraki Systems Manager Agent for Windows Privilege Escalation Vulnerability

A vulnerability in Cisco Meraki Systems Manager SM Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges. This vulnerability is due to incorrect handling of directory search paths at runtime. A low-privileged attacker could exploit this...