28 matches found
CVE-2026-56021
Webmin allows unauthenticated attackers to read the contents of any file ending in .conf within module directories, due to a bypassable regex pattern...
CVE-2026-11497
CVE-2026-11497 affects the D-Link DCS-5615 (firmware 1.01.00). The vulnerability targets an unknown functionality in the Boa Webserver component, specifically the file /etc/conf.d/boa/boa.conf, and can lead to a least privilege violation . The attack is described as remote and the exploit has bee...
PT-2026-44076
Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile endpoint writes user-supplied numeric config values e.g., SMTP PORT directly into pialert.conf without validation. Since pialert.conf is loaded via Python's exec every 3–5 minute...
CVE-2026-45371
CVE-2026-45371 (SiYuan) : Before v3.7.0, publish-mode Reader can mutate server state via 8 ungated APIs: POST /api/graph/getGraph, /getLocalGraph, /api/sync/setSyncInterval, /api/storage/updateRecentDocViewTime, /api/storage/updateRecentDocCloseTime, /api/storage/updateRecentDocOpenTime, /api/sto...
CVE-2026-20164
CVE-2026-20164 affects Splunk Enterprise and Splunk Cloud Platform. A low-privileged user not in admin/power roles can access the REST endpoint /splunkd/__raw/servicesNS/-/-/configs/conf-passwords, exposing hashed or plaintext passwords from passwords.conf due to improper access control. Impact i...
CVE-2026-20142
Splunk Enterprise is affected in versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11. A user with access to the Splunk _internal index in a Search Head Cluster could read the RSA accessKey from Authentication.conf in plaintext, exposing highly sensitive credentials and impacting confidentiali...
CVE-2026-23741 ast_coredumper running as root sources ast_debug_tools.conf from /etc/asterisk; potentially leading to privilege escalation
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the asterisk/contrib/scripts/astcoredumper runs as root, as noted by the NOTES tag on line 689 of the astcoredumper file. The script will source the conten...
MiracleLinux 8 : trousers-0.3.15-1.el8 (AXSA:2021-1817:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1817:01 advisory. trousers: tss user still has read and write access to the /etc/tcsd.conf file if tcsd is started as root CVE-2020-24331 trousers: tss user can be us...
RLSA-2026:0596 Moderate: cups security update
The Common UNIX Printing System CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fixes: CUPS: Local denial-of-service via cupsd.conf update and related issues CVE-2025-61915 cups: Slow client communication leads to a possible DoS attack CVE-2025-584...
CVE-2024-51366
An arbitrary file upload vulnerability in the component \Roaming\Omega of OmegaT v6.0.1 allows attackers to execute arbitrary code via uploading a crafted .conf file...
CVE-2024-51366
An arbitrary file upload vulnerability in the component \Roaming\Omega of OmegaT v6.0.1 allows attackers to execute arbitrary code via uploading a crafted .conf file...
CVE-2024-51366
An arbitrary file upload vulnerability in the component \Roaming\Omega of OmegaT v6.0.1 allows attackers to execute arbitrary code via uploading a crafted .conf file...
PT-2024-34610 · Omegat · Omegat
Name of the Vulnerable Software and Affected Versions: OmegaT version 6.0.1 Description: The issue allows attackers to execute arbitrary code via uploading a crafted .conf file, exploiting an arbitrary file upload vulnerability in the component RoamingOmega. Recommendations: For OmegaT version...
SUSE CVE-2016-5425
The Tomcat package on Red Hat Enterprise Linux RHEL 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group...
subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to modify configuration
A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the...
SUSE CVE-2015-2704
realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response...
CVE-2022-24677
Admin.php in HYBBS2 through 2.3.2 allows remote code execution because it writes plugin-related configuration information to conf.php...
OPENSUSE-SU-2021:0058-1 Security update for cobbler
This update for cobbler fixes the following issues: - Add cobbler-tests subpackage for unit testing for openSUSE/SLE - Adds LoadModule definitions for openSUSE/SLE - Switch to new refactored auth module. - use systemctl to restart cobblerd on logfile rotation boo1169207 Mainline logrotate conf fi...
ALPINE-CVE-2020-29600
In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501...
Eldy Awstats Path Traversal Vulnerability
Eldy Awstats is Eldy personal developer of a log analysis tool applied to Web sites. The software supports analyzing Web, WAP, proxy, streaming server, FTP, mail server log files on all operating systems such as IIS 5.0 +, Apache, etc. It displays all Web statistics including: visitors, pages,...