63 matches found
CVE-2023-45208
A command injection in the parsingxmlstasurvey function inside libcgifunc.so of the D-Link DAP-X1860 repeater 1.00 through 1.01b05-01 allows attackers within range of the repeater to run shell commands as root during the setup process of the repeater, via a crafted SSID. Also, network names...
UNISOC chipset 安全漏洞
The UNISOC chipset is an integrated circuit chipset from China's Unisplendour UNISOC. A security vulnerability exists in the UNISOC chipset that stems from a lack of privilege checking in the power management service, which could result in setting up the power management service without additiona...
CVE-2022-33202
Authentication bypass vulnerability in the setup screen of L2Blockeron-premise Ver4.8.5 and earlier and L2BlockerCloud Ver4.8.5 and earlier allows an adjacent attacker to perform an unauthorized login and obtain the stored information or cause a malfunction of the device by using alternative path...
DEBIAN-CVE-2022-23134
After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend...
Antilles 代码问题漏洞
Lenovo Antilles is an open-source infrastructure management software for high performance computing Hpc from Lenovo, China. A security vulnerability exists in versions of Antilles open-source software prior to 1.0.1, which stems from the non-existence of packages listed in requirements.txt in the...
SAP Setup 安全漏洞
SAP ERP is a series of software for ERP management from SAP, a German company. A security vulnerability exists in SAP Setup version-9.0. Unreferenced service paths could lead to privilege escalation during the installation process performed when registering the executable. This could further lead...
Unspecified Vulnerability in Oracle E-Business Suite (CNVD-2020-44278)
Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management and other functions. A security vulnerability exists in the Setup of Mobil...
CVE-2020-9462
An issue was discovered in all Athom Homey and Homey Pro devices up to the current version 4.2.0. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup. Upon success, the attacker is able to further...
CVE-2020-4018
The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery CSRF vulnerability...
TP-Link TL-WA855RE login.json Authentication Privilege Elevation Improper Vulnerability
The TP-Link TL-WA855RE is a wireless network signal extender from China P&L TP-Link. A security vulnerability exists in the initial setup process in the TP-Link TL-WA855RE, which stems from the program failing to properly validate the initial setup request. The vulnerability can be exploited by a...
CSRF in the setup resources - CVE-2020-4018
The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery CSRF vulnerability...
CSRF in the setup resources - CVE-2020-4018
The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery CSRF vulnerability...
CVE-2019-5220
There is a Factory Reset Protection FRP bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker could do a certain operation on certain step of setup wizard. Successful exploit could allow the attacker bypass the FRP protection. Affected...
CVE-2019-9002
An issue was discovered in Tiny Issue 1.3.1 and pixeline Bugs through 1.3.2c. install/config-setup.php allows remote attackers to execute arbitrary PHP code via the databasehost parameter if the installer remains present in its original directory after installation is completed...
DEBIAN-CVE-2013-7203
gitolite before commit fa06a34 might allow local users to read arbitrary files in repositories via vectors related to the user umask when running gitolite setup...
CVE-2018-7271
An issue was discovered in MetInfo 6.0.0. In install/install.php in the installation process, the config/configdb.php configuration file filtering is not rigorous: one can insert malicious code in the installation process to execute arbitrary commands or obtain a web shell...
ovirt-hosted-engine-setup information disclosure vulnerability
ovirt-hosted-engine-setup is a web hosting engine installation tool. An information disclosure vulnerability exists in versions of ovirt-hosted-engine-setup prior to 2.2.7. An attacker can exploit this vulnerability to obtain the root user password in a log file...
CVE-2017-16551
K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way...
The vulnerability of the lp_setup() function in the Secure Boot environment loader of the Linux operating system allows a hacker to cause a system failure.
The vulnerability of the lpsetup function, a loader for the Secure Boot mechanism in Linux kernel, arises from writing beyond buffer boundaries. The Linux driver/char/lp.c code does not perform boundary checking on the parportnr array. Exploiting this vulnerability could allow an attacker to caus...
ovirt-engine-reports: setup script logs database password in cleartext
The setup script in ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports rhevm-reports package before 3.3.3, stores the reports database password in cleartext, which allows local users to obtain sensitive information by reading an unspecified file...