CVE-2024-10100

A path traversal vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as...

CVE-2019-10343

Jenkins Configuration as Code Plugin 1.24 and earlier did not properly apply masking to values expected to be hidden when logging the configuration being applied...

CVE-2024-52792 Arbitrary config values override in lam

LDAP Account Manager LAM is a php webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration values, that are set via mainmanage.php and confmain.php. This allows setting arbitrary config values...

CVE-2024-10100

A path traversal vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as...

CVE-2024-39341

Entrust Instant Financial Issuance On Premise Software formerly known as Cardwizard 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier leaves behind a configuration file i.e. WebAPI.cfg.xml after the installation process. This file can be accessed without authentication on HTTP port 80 by guessin...

CVE-2024-8889

Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the...

Umbraco Forms components vulnerable to Stored Cross-site Scripting

Impact Authenticated user that has access to edit Forms may inject unsafe code into Forms components. Patches Issue can be mitigated by configuring TitleAndDescription:AllowUnsafeHtmlRendering after upgrading to patched versions 13.0.1, 12.2.2, 10.5.3, 8.13.13. References...

CVE-2024-3774

aEnrich Technology a+HRD's functionality for front-end retrieval of system configuration values lacks proper restrictions on a specific parameter, allowing attackers to modify this parameter to access certain sensitive system configuration values...

CVE-2024-3774

aEnrich Technology a+HRD's functionality for front-end retrieval of system configuration values lacks proper restrictions on a specific parameter, allowing attackers to modify this parameter to access certain sensitive system configuration values...

PT-2024-27727 · Aenrich Technology · A+Hrd

Name of the Vulnerable Software and Affected Versions: aEnrich Technology a+HRD affected versions not specified Description: The issue concerns a lack of proper restrictions on a specific parameter in the front-end retrieval of system configuration values. This allows attackers to modify the...

git: arbitrary configuration injection when renaming or deleting a section from a configuration file

A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection...

DRUPAL-CONTRIB-2023-006

This module enables you to add social sharing buttons to a site. The module doesn't sufficiently sanitize the weight and ratio values entered in the module or block configuration. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer blocks"...

SUSE CVE-2004-1076

Multiple buffer overflows in the RtConfigLoad function in rt-config.c for Atari800 before 1.3.4 allow local users to execute arbitrary code via large values in the configuration file...

CVE-2022-33194

Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This...

Arbitrary Code Execution

Apache Commons Text is vulnerable to Arbitrary Code Execution. The vulnerability exists in the lookup module due to insecure interpolation defaults when untrusted configuration values are used which allows an attacker to inject arbitrary code into the system...

TCL LinkHub Mesh Wi-Fi 安全漏洞

TCL LinkHub Mesh Wi-Fi is a router from TCL Corporation. A security vulnerability exists in TCL LinkHub Mesh Wi-Fi version MS1G0001.0014, which stems from a buffer overflow vulnerability in the GetValue function, where a specially crafted configured value may cause a buffer overflow...

PT-2022-16422 · Tcl · Tcl Linkhub Mesh Wi-Fi

Name of the Vulnerable Software and Affected Versions: TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14 Description: A buffer overflow issue exists in the GetValue functionality. This can be triggered by a specially-crafted configuration value, allowing an attacker to modify the configuration and cause a...

CVE-2021-34590

In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed...

Cross site scripting

In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed...

CVE-2021-34590 Bender Charge Controller: Cross-site Scripting

In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed...