130 matches found
PT-2024-3258 · Keenetic · Keenetic Kn-1810 +4
Name of the Vulnerable Software and Affected Versions: Keenetic KN-1010, KN-1410, KN-1711, KN-1810, and KN-1910 versions up to 4.1.2.15 Description: A vulnerability was found in the file /ndmComponents.js of the component Configuration Setting Handler, which can lead to information disclosure. Th...
CVE-2023-6154
A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product's expected behavior and potentially load a third-party library upon execution. This...
CVE-2023-6154 Local privilege escalation in Bitdefender Total Security (VA-11168)
A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product's expected behavior and potentially load a third-party library upon execution. This...
CVE-2023-6154
CVE-2023-6154 affects Bitdefender Total Security, Internet Security, Antivirus Plus, and Antivirus Free (all reported as 27.0.25.114). Root cause: a configuration setting issue in seccenter.exe that allows an attacker to change the product’s expected behavior and potentially load a third‑party li...
CVE-2023-6154 Local privilege escalation in Bitdefender Total Security (VA-11168)
A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product's expected behavior and potentially load a third-party library upon execution. This...
BIT-ROUNDCUBE-2020-12641
rcubeimage.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for imconvertpath or imidentifypath...
Apache Archiva Security Vulnerability
Apache Archiva is a suite of software from the Apache USA Foundation for managing one or more remote repositories. The software provides remote Repository agents, role-based secure access management, and usage reporting. A security vulnerability exists in Apache Archiva that stems from a setting...
Apache Airflow Code Execution Vulnerability (CNVD-2024-26531)
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A code execution vulnerability exists in Apache Airflow versions prior to 2.8.1,...
savignano S/Notify Security Vulnerabilities
savignano S/Notify is savignano's most versatile email encryption solution for Jira, Confluence and Bitbucket. A security vulnerability exists in savignano S/Notify versions prior to 2.0.1 that originates from a configuration setting that can be modified via a cross-site request forgery CSRF...
Xxe
External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git...
CVE-2023-4704 External Control of System or Configuration Setting in instantsoft/icms2
External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git...
CVE-2023-4704 External Control of System or Configuration Setting in instantsoft/icms2
External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git...
CVE-2023-28483
An issue was discovered in Tigergraph Enterprise 3.7.0. The GSQL query language provides users with the ability to write data to files on a remote TigerGraph server. The locations that a query is allowed to write to are configurable via the GSQL.FileOutputPolicy configuration setting. GSQL querie...
CVE-2023-35928 Nextcloud user scoped external storage can be used to gather credentials of other users
Nextcloud Server is a space for data storage on Nextcloud, a self-hosted productivity playform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 19.0.0 until 19.0.13.9, 20.0.0 until 20.0.14.14, 21.0.0 until 21.0.9.12, 22.0.0 until...
Roundcube Webmail Remote Code Execution Vulnerability
Roundcube Webmail contains an remote code execution vulnerability that allows attackers to execute code via shell metacharacters in a configuration setting for imconvertpath or imidentifypath...
CVE-2018-25085 Responsive Menus Configuration Setting responsive_menus.module responsive_menus_admin_form_submit cross site scripting
A vulnerability classified as problematic was found in Responsive Menus 7.x-1.x-dev on Drupal. Affected by this vulnerability is the function responsivemenusadminformsubmit of the file responsivemenus.module of the component Configuration Setting Handler. The manipulation leads to cross site...
CVE-2022-39887
Improper access control vulnerability in clearAllGlobalProxy in MiscPolicy prior to SMR Nov-2022 Release 1 allows local attacker to configure EDM setting...
Apache Spark Unauthenticated Command Injection RCE
This module exploits an unauthenticated command injection vulnerability in Apache Spark. Successful exploitation results in remote code execution under the context of the Spark application user. The command injection occurs because Spark checks the group membership of the user passed in the ?doAs...
CVE-2022-21999 SpoolFool Privesc
The Windows Print Spooler has a privilege escalation vulnerability that can be leveraged to achieve code execution as SYSTEM. The SpoolDirectory, a configuration setting that holds the path that a printer's spooled jobs are sent to, is writable for all users, and it can be configured via...
Design/Logic Flaw
Hisuite module has a External Control of System or Configuration Setting vulnerability.Successful exploitation of this vulnerability may lead to Firmware leak...