PT-2024-38610 · Webroot · Webroot Secureanywhere - Web Shield

Name of the Vulnerable Software and Affected Versions: Webroot SecureAnywhere - Web Shield versions prior to 2.1.2.3 Description: The issue is related to a 'Type Confusion' vulnerability in the wrUrl.Dll modules of Webroot SecureAnywhere - Web Shield, allowing functionality misuse. This...

Webroot Secure Anywhere 安全漏洞

Webroot Secure Anywhere is a comprehensive antivirus program from Webroot USA. A security vulnerability exists in Webroot Secure Anywhere versions prior to 2.1.2.3, which stems from improper checking of anomalies or exceptions that could lead to feature abuse...

CVE-2024-39341

Entrust Instant Financial Issuance On Premise Software formerly known as Cardwizard 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier leaves behind a configuration file i.e. WebAPI.cfg.xml after the installation process. This file can be accessed without authentication on HTTP port 80 by guessin...

PT-2024-28459 · Entrust · Entrust Instant Financial Issuance

Name of the Vulnerable Software and Affected Versions: Entrust Instant Financial Issuance On Premise Software versions 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier Description: The issue concerns a configuration file, specifically WebAPI.cfg.xml, which is left behind after the installation...

CVE-2024-39341

Entrust Instant Financial Issuance On Premise Software formerly known as Cardwizard 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier leaves behind a configuration file i.e. WebAPI.cfg.xml after the installation process. This file can be accessed without authentication on HTTP port 80 by guessin...

CVE-2024-39341

CVE-2024-39341 affects Entrust Instant Financial Issuance (On Premise) software (6.10.0, 6.9.x, 6.8.x and earlier). A configuration file WebAPI.cfg.xml is left behind after installation and can be accessed without authentication via HTTP port 80, exposing system configuration parameter names and ...

ContentKeeper Web Appliance Mimencode File Access

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ContentKeeper Web Appliance mimencode File Access', 'Description' = %q This module abuses the 'mimencode' binary present within ContentKeeper Web...

Moodle Authenticated LFI risk in some misconfigured shared hosting environments

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore workshop modules and direct access to the web server outside of the Moodle webroot could execute a local file include...

GHSA-JG4F-8W9X-JV35 Moodle Authenticated LFI risk in some misconfigured shared hosting environments

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore workshop modules and direct access to the web server outside of the Moodle webroot could execute a local file include...

GHSA-Q3CM-CCRM-2MR6 Moodle Authenticated LFI risk in some misconfigured shared hosting environments

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore wiki modules and direct access to the web server outside of the Moodle webroot could execute a local file include...

UBUNTU-CVE-2024-34005

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore database activity modules and direct access to the web server outside of the Moodle webroot could execute a local file include...

UBUNTU-CVE-2024-34003

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore workshop modules and direct access to the web server outside of the Moodle webroot could execute a local file include...

CVE-2024-34004 moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_wiki backup

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore wiki modules and direct access to the web server outside of the Moodle webroot could execute a local file include...

CVE-2024-34470

An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read...

CVE-2024-34470

CVE-2024-34470 affects HSC Mailinspector versions 5.2.17-3 through 5.2.18. It is an unauthenticated Local/File Inclusion in /public/loader.php where the path parameter can traverse outside the webroot due to insufficient validation, enabling read access to arbitrary server files (confidentiality ...

Exploit for Path Traversal in Hsclabs Mailinspector

CVE-2024-34470 Description: An Unauthenticated user can a...

CVE-2023-39467

Triangle MicroWorks SCADA Data Gateway certificate Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability...

CVE-2023-39467 Triangle MicroWorks SCADA Data Gateway certificate Information Disclosure Vulnerability

Triangle MicroWorks SCADA Data Gateway certificate Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability...

CVE-2023-39467

Triangle MicroWorks SCADA Data Gateway is affected by an information-disclosure vulnerability related to the certificate web directory configuration. The flaw allows remote attackers to obtain sensitive data without authentication, via exposure of sensitive information in the application webroot....

CVE-2023-7241

Privilege Escalation in WRSA.EXE in Webroot Antivirus 8.0.1X- 9.0.35.12 on Windows64 bit and 32 bit allows malicious software to abuse WRSA.EXE to delete arbitrary and protected files...