CVE-2024-12426

Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remo...

CVE-2024-12426 URL fetching can be used to exfiltrate arbitrary INI file values and environment variables

Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remo...

ROS-20240911-08

The vulnerability of the configobj ini file reader and writer is related to the placement of a malicious value into a server-side configuration file by a developer. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

UBUNTU-CVE-2024-42138

In the Linux kernel, the following vulnerability has been resolved: mlxsw: corelinecards: Fix double memory deallocation in case of invalid INI file In case of invalid INI file mlxswlinecardtypesinit deallocates memory but doesn't reset pointer to NULL and returns 0. In case of any error occurred...

CVE-2024-42138 mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file

In the Linux kernel, the following vulnerability has been resolved: mlxsw: corelinecards: Fix double memory deallocation in case of invalid INI file In case of invalid INI file mlxswlinecardtypesinit deallocates memory but doesn't reset pointer to NULL and returns 0. In case of any error occurred...

CVE-2024-42138 mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file

In the Linux kernel, the following vulnerability has been resolved: mlxsw: corelinecards: Fix double memory deallocation in case of invalid INI file In case of invalid INI file mlxswlinecardtypesinit deallocates memory but doesn't reset pointer to NULL and returns 0. In case of any error occurred...

SUSE CVE-2024-39917

xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter MaxLoginRetry in /etc/xrdp/sesman.ini. However, this...

CVE-2024-2746 Incomplete fix for CVE-2024-1929

Incomplete fix for CVE-2024-1929 The problem with CVE-2024-1929 was that the dnf5 D-Bus daemon accepted arbitrary configuration parameters from unprivileged users, which allowed a local root exploit by tricking the daemon into loading a user controlled "plugin". All of this happened before Polkit...

[SECURITY] Fedora 39 Update: python-configobj-5.0.8-6.fc39

ConfigObj is a simple but powerful configuration file reader and writer: an i ni file round tripper. Its main feature is that it is very easy to use, with a straightforward programmers interface and a simple syntax for config files...

SUSE CVE-2020-7788

This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...

XAMPPv3.3.0-BOF

XAMPPv3.3.0-BOF Proof-of-Concept exploit code for XAMPP v3.3.0...

[SECURITY] Fedora 37 Update: python-configobj-5.0.8-6.fc37

ConfigObj is a simple but powerful configuration file reader and writer: an i ni file round tripper. Its main feature is that it is very easy to use, with a straightforward programmers interface and a simple syntax for config files...

PT-2023-26700 · Unknown · Shuize 0X727

Name of the Vulnerable Software and Affected Versions: ShuiZe 0x727 version 1.0 Description: A remote command execution issue was found in the component /iniFile/config.ini, allowing for potential exploitation. Recommendations: For ShuiZe 0x727 version 1.0, consider restricting access to the...

ShuiZe_0x727 Code Injection Vulnerability

ShuiZe0x727 is an information gathering automation tool from the 0x727 team. A security vulnerability exists in ShuiZe0x727 v1.0, which stems from a Remote Command Execution RCE vulnerability in component/iniFile/config.ini...

TOTOLINK CA300-PoE 信任管理问题漏洞

The TOTOLINK CA300-PoE is a wireless access point from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK CA300-PoE version V6.2c.884, which originates from /etc/config/product.ini storing the password for the telnet service...

[SECURITY] [DLA 3209-1] ini4j security update

Debian LTS Advisory DLA-3209-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany November 28, 2022 https://wiki.debian.org/LTS Package : ini4j Version : 0.5.4-1deb10u1 CVE ID : CVE-2022-41404 It was discovered that ini4j, a Java library for handling the Windows ini...

nodejs-ini: Prototype pollution via malicious INI file

A flaw was found in nodejs-ini. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...

Prototype Pollution

conf-cfg-ini is vulnerable to prototype pollution. A malicious INI file can be parsed and decoded as it does not protect the properties such as "proto" to pollute the global object prototype...

Prototype Pollution

ion-parser is vulnerable to prototype pollution. A remote attacker is able to pollute object creations by passing a crafted malicious payload to parse function via a crafted INI file...

GHSA-M6MG-JVJF-W44X conf-cfg-ini Prototype Pollution via malicious INI file before v1.2.2

This affects the package conf-cfg-ini before 1.2.2. If an attacker submits a malicious INI file to an application that parses it with decode, they will pollute the prototype on the application. This can be exploited further depending on the context...