CVE-2019-25227

Tellion HN-2204AP routers contain an unauthenticated configuration disclosure vulnerability in the /cgi-bin/systemconfigfile management endpoint. The endpoint allows remote retrieval of a compressed configuration archive without requiring authentication or authorization. The exposed configuration...

Tellion HN-2204AP 访问控制错误漏洞

The Tellion HN-2204AP is a wireless access point device from Tellion. An access control error vulnerability exists in the Tellion HN-2204AP that originates in the /cgi-bin/systemconfigfile management endpoint to remotely retrieve a compressed configuration archive without authentication, which...

jboss: jbossas writable config files allow privilege escalation

It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group root:jboss, 664. On systems using classic /etc/init.d init scripts i.e. on Red Hat Enterprise Linux 6 a...