Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/22 12:39 p.m.3 views

CVE-2026-56447

MISP allowed an authenticated site administrator to set the Kafkardkafkaconfig setting to an arbitrary filesystem path. MISP subsequently parsed the referenced INI file and passed its options to rdkafka. A crafted attacker-controlled configuration file could use rdkafka options such as...

9.3CVSS6.4AI score0.00342EPSS
Exploits0References2
OSV
OSV
added 2025/01/07 1:15 p.m.13 views

CVE-2024-12426

Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remo...

6.5CVSS6.5AI score0.00528EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/07 12:22 p.m.6 views

CVE-2024-12426 URL fetching can be used to exfiltrate arbitrary INI file values and environment variables

Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remo...

6.7CVSS6.7AI score0.00528EPSS
Exploits0References1
Prion
Prion
added 2019/02/18 3:29 p.m.25 views

Design/Logic Flaw

mIRC before 7.55 allows remote command execution by using argument injection through custom URI protocol handlers. The attacker can specify an irc:// URI that loads an arbitrary .ini file from a UNC share pathname. Exploitation depends on browser-specific URI handling Chrome is not exploitable...

6.8CVSS8.3AI score0.71776EPSS
Exploits8References6Affected Software1
Rows per page
Query Builder