git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree

A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This allows the owner of the repository to cause arbitrary commands to be executed by other...

PT-2024-15286 · Pure Storage · Flasharray Purity

Name of the Vulnerable Software and Affected Versions: FlashArray Purity affected versions not specified Description: A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active, potentially allowing a malicious actor to gain elevated...

CVE-2023-35890 IBM WebSphere Application Server information disclosure

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637...

PT-2023-25365 · Ibm · Ibm Websphere Application Server

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server versions 8.5 through 9.0 Description: The issue is caused by improper encoding in a local configuration file, which could provide weaker than expected security. Recommendations: For IBM WebSphere Application...

IBM WebSphere Application Server 加密问题漏洞

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A security vulnerability exists in IBM WebSphere...

SUSE CVE-2015-8508

Cross-site scripting XSS vulnerability in showdependencygraph.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2, when a local dot configuration is used, allows remote attackers to inject arbitrary web script or HTML via a crafted bug...

USN-5367-1 fish vulnerability

Justin Steven discovered that fish was not properly filtering local git configuration directives when running background git commands. A remote unauthenticated attacker could possibly use this issue to execute arbitrary code...

MELAG FTP Server Information Disclosure Vulnerability

MELAG FTP Server is an FTP server from MELAG Germany.An information disclosure vulnerability exists in MELAG FTP Server version 2.2.0.4, which stems from storing the unencrypted password of an FTP user in a local configuration file. An attacker could exploit this vulnerability to obtain sensitive...

CVE-2021-41639

MELAG FTP Server 2.2.0.4 stores unencrpyted passwords of FTP users in a local configuration file...

CVE-2021-41637

Weak access control permissions in MELAG FTP Server 2.2.0.4 allow the "Everyone" group to read the local FTP configuration file, which includes among other information the unencrypted passwords of all FTP users...

CVE-2021-41639

MELAG FTP Server 2.2.0.4 stores unencrpyted passwords of FTP users in a local configuration file...

Design/Logic Flaw

MELAG FTP Server 2.2.0.4 stores unencrpyted passwords of FTP users in a local configuration file...

MELAG FTP Server 安全漏洞

MELAG FTP Server is an FTP server from MELAG Germany.An information disclosure vulnerability exists in MELAG FTP Server version 2.2.0.4, which stems from storing the unencrypted password of an FTP user in a local configuration file. An attacker could exploit this vulnerability to obtain sensitive...

PT-2022-10829 · Linux Mint +1 · Linuxmint +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A race condition exists in the 'replaced executable' detection. This issue can be exploited, with the correct local configuration, to allow an attacker ...

CVE-2022-26519

There is no limit to the number of attempts to authenticate for the local configuration pages for the Hills ComNav Version 3002-19 interface, which allows local attackers to brute-force credentials...

CVE-2022-26519 Interlogix Hills ComNav Improper Restriction of Excessive Authentication Attempts

There is no limit to the number of attempts to authenticate for the local configuration pages for the Hills ComNav Version 3002-19 interface, which allows local attackers to brute-force credentials...

CVE-2022-25215

Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote attacker to add or remove client MAC addresses to or from a list of banned hosts. Clients with those MAC addresses are then prevented from accessing either the WAN or the router itself...

PT-2022-17154 · Phicomm · K2 Firmware +1

Name of the Vulnerable Software and Affected Versions: No specific software or version information is provided. Description: The issue concerns improper access control on the LocalMACConfig.asp interface. This allows an unauthenticated remote attacker to modify a list of banned hosts by adding or...

PYSEC-2021-330

Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0...

Input validation

Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers with access to engineering data to insert arbitrary code. This firmware lacks the validation of the input values on the device side, which is provided by the engineering software during parameterization. Attackers with access ...