EUVD-2007-4914

Malware in sbrugna...

CVE-2025-40741

A vulnerability has been identified in Solid Edge SE2025 All versions V225.0 Update 5. The affected applications contain a stack based overflow vulnerability while parsing specially crafted CFG files. This could allow an attacker to execute code in the context of the current process...

CVE-2020-10565

grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, does not validate the address provided as part of a memrw command read or write by a guest through a grub2.cfg file. This allows an untrusted guest to perform arbitrary read or write operations in the context of the grub-bhy...

CVE-2017-5260

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' account, the configuration file is accessible via direct object reference DRO at...

CVE-2017-6531

On Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgwv1.02.0014 4.20, the backup/restore feature lacks access control, related to ReadFile.cgi and LoadCfgFile...

AlienVault Unified Security Management Remote Code Execution Vulnerability

AlienVault Unified Security Management is a security management platform that provides security monitoring, security event management and reporting, and a threat awareness system. A remote code execution vulnerability exists in the AlienVault Framework backend process of AlienVault USM that allow...

CVE-2014-8390

Multiple buffer overflows in Schneider Electric VAMPSET before 2.2.168 allow local users to gain privileges via malformed disturbance-recording data in a 1 CFG or 2 DAT file...

Buffer overflow

Multiple buffer overflows in Schneider Electric VAMPSET before 2.2.168 allow local users to gain privileges via malformed disturbance-recording data in a 1 CFG or 2 DAT file...

Design/Logic Flaw

Untrusted search path vulnerability in SmartSniff 1.71 allows local users to gain privileges via a Trojan horse wpcap.dll file in the current working directory, as demonstrated by a directory that contains a .cfg or .ssp file. NOTE: some of these details are obtained from third party information...

Kaspersky IS&AV 2012 - Memory Corruption Vulnerability

Document Title: =============== Kaspersky IS&AV 2012 - Memory Corruption Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=129 http://www.vulnerability-lab.com/getcontent.php?id=19 Release Date: ============= 2011-12-18 Vulnerability Laborato...

Crimson Editor 3.70 SEH Overwrite

!/usr/bin/python Exploit Title : Crimson Editor r3.70 SEH Overwrite Vulnerability PoC exploit Date : 21/03/2010 Author : mrme Bug found by : sharpe Version : 3.70 Release Tested on : XP SP3 En Reference : http://www.exploit-db.com/exploits/11803 Greetz to : Corelan Security Team & sharpe...

Crimson Editor r3.70 SEH Overwrite Vulnerability PoC exploit

Exploit for windows platform in category local exploits ============================================================ Crimson Editor r3.70 SEH Overwrite Vulnerability PoC exploit ============================================================ !/usr/bin/python Exploit Title : Crimson Editor r3.70 SEH...

CVE-2008-5868

CVE-2008-5868 describes a stack-based buffer overflow in IntelliTamper versions 2.07 and 2.08. The overflow can be triggered by a long ProxyLogin value in a configuration (.cfg) file, potentially allowing user-assisted attackers to execute arbitrary code. The description enumerates the vulnerable...

Default configuration

The web server for D-Link Wireless Access-Point DWL-2100ap firmware 2.10na and earlier allows remote attackers to obtain sensitive system information via a request to an arbitrary .cfg file, which returns configuration information including passwords...