CVE-2026-39394

CI4MS vulnerable to CRLF injection in .env via unvalidated host parameter in Install::index(). Before 0.31.4.0, host is read without validation and appended to .env through updateEnvSettings() using preg_replace(), allowing newline characters to inject arbitrary key=value lines (e.g., app.baseURL...

pyLoad SETTINGS Permission Users Can Achieve Remote Code Execution via Unrestricted Reconnect Script Configuration

Summary The setconfigvalue API endpoint allows users with the non-admin SETTINGS permission to modify any configuration option without restriction. The reconnect.script config option controls a file path that is passed directly to subprocess.run in the thread manager's reconnect logic. A SETTINGS...

Exploit for Path Traversal in Tp-Link Tapo_C260_Firmware

Tapo C260 RCE Chain CVE-2026-0651 / CVE-2026-0652 / CVE-2026-...

CVE-2024-52792

LDAP Account Manager LAM is a php webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration values, that are set via mainmanage.php and confmain.php. This allows setting arbitrary config values...

UBUNTU-CVE-2024-52792

LDAP Account Manager LAM is a php webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration values, that are set via mainmanage.php and confmain.php. This allows setting arbitrary config values...

CVE-2024-52792 Arbitrary config values override in lam

LDAP Account Manager LAM is a php webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration values, that are set via mainmanage.php and confmain.php. This allows setting arbitrary config values...

CVE-2024-52792 Arbitrary config values override in lam

LDAP Account Manager LAM is a php webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration values, that are set via mainmanage.php and confmain.php. This allows setting arbitrary config values...

CVE-2024-52792 Arbitrary config values override in lam

LDAP Account Manager LAM is a php webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration values, that are set via mainmanage.php and confmain.php. This allows setting arbitrary config values...

PT-2023-29639 · Frigate · Frigate

Name of the Vulnerable Software and Affected Versions: Frigate versions prior to 0.13.0 Beta 3 Description: Frigate is an open source network video recorder. The config/save and config/set endpoints of Frigate do not implement any CSRF protection, making it possible for a request sourced from...

AZL-39958 CVE-2023-5752 affecting package python3 for versions less than 3.12.3-1

When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how and which...

CVE-2023-5752

When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how and which...

GitHub: CVE-2023-29007 Arbitrary configuration injection via `git submodule deinit`

...

CVE-2021-27406

An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in t...

WAVLINK WiFi-Repeater 安全漏洞

WAVLINK WiFi-Repeater is a WiFi range extender from China RuiYin Technology WAVLINK. A security vulnerability exists in WAVLINK WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 version. An attacker exploited the vulnerability to arbitrarily configure device settings by accessing the mbwifibasic.shtm...

VulnCheck KEV: CVE-2020-5410

Spring, by VMware Tanzu, Cloud Config contains a path traversal vulnerability that allows applications to serve arbitrary configuration files...

GravCMS 1.10.7 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GravCMS Remote Command Execution', 'Description' = %q This module exploits arbitrary config write/update vulnerability to achieve remote code...

GravCMS 1.10.7 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GravCMS Remote Command Execution', 'Description' = %q This module exploits arbitrary config write/update vulnerability to achieve remote code...

PT-2021-6006 · Perfact · Openvpn-Client

Name of the Vulnerable Software and Affected Versions: PerFact OpenVPN-Client versions 1.4.1.0 and prior Description: The issue allows an attacker to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instan...

Xymon Daemon Gather Information

This module retrieves information from a Xymon daemon service formerly Hobbit, based on Big Brother, including server configuration information, a list of monitored hosts, and associated client log for each host. This module also retrieves usernames and password hashes from the xymonpasswd config...

Site Builder RumahWeb File Disclosure

========================================================================================== Site Builder RumahWeb Arbitrary Config File Disclosure Vulnerability ==========================================================================================...