12 matches found
GHSA-64CJ-QVX5-M4F3 Nhost CLI local configserver allows cross-origin unauthenticated read/write access to local development configuration and secrets
Summary The hidden nhost configserver used by nhost dev exposes the Mimir GraphQL API with dummy authorization directives and permissive CORS. When a developer is running the local development environment, any process that can reach the developer's localhost service, including a web page loaded...
PT-2026-46881
Name of the Vulnerable Software and Affected Versions Nhost CLI affected versions not specified Description The hidden configserver used by nhost dev exposes the Mimir GraphQL API with permissive CORS and dummy authorization directives. This allows any process capable of reaching the developer's...
PT-2026-46848
Summary The hidden nhost configserver used by nhost dev exposes the Mimir GraphQL API with dummy authorization directives and permissive CORS. When a developer is running the local development environment, any process that can reach the developer's localhost service, including a web page loaded...
org.apereo.cas:cas-server-support-configuration-cloud-amqp (>=8.0.0-RC1 <=8.0.0-RC4), org.apereo.cas:cas-server-webapp-init-config-server (>=8.0.0-RC1 <=8.0.0-RC4) +2 more potentially affected by CVE-2026-40982 via org.springframework.cloud:spring-cloud-config-server (>=5.0.0 <=5.0.2)
org.springframework.cloud:spring-cloud-config-server MAVEN version =5.0.0, =8.0.0-RC1, =8.0.0-RC1, =5.0.0, =5.0.0, =5.0.1 Source cves: CVE-2026-40982 Source advisory: OSV:GHSA-6G23-24MC-HX6X...
org.apereo.cas:cas-server-support-configuration-cloud-amqp (>=8.0.0-RC1 <=8.0.0-RC4), org.apereo.cas:cas-server-webapp-init-config-server (>=8.0.0-RC1 <=8.0.0-RC4) +3 more potentially affected by CVE-2026-40982 via org.springframework.cloud:spring-cloud-config-server (>=5.0.0-M1 <=5.0.2)
org.springframework.cloud:spring-cloud-config-server MAVEN version =5.0.0-M1, =8.0.0-RC1, =8.0.0-RC1, =5.0.0, =5.0.0, =5.0.1 Source cves: CVE-2026-40982 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKCLOUD-16439043...
EUVD-2011-4938
Malware in sbrugna...
Configserver: Passwords from application blueprint stored plaintext in configserver.log
Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to read plaintext passwords by reading the log file...
CVE-2011-5033
Stack-based buffer overflow in CFS.c in ConfigServer Security & Firewall CSF before 5.43, when running on a DirectAdmin server, allows local users to cause a denial of service crash via a long string in an admin.list file...
Stack overflow
Stack-based buffer overflow in CFS.c in ConfigServer Security & Firewall CSF before 5.43, when running on a DirectAdmin server, allows local users to cause a denial of service crash via a long string in an admin.list file...
CVE-2011-5033
ConfigServer Security & Firewall (CSF) contains a stack-based buffer overflow in CFS.c affecting CSF before 5.43 when run on a DirectAdmin server. Local users can crash the service by supplying a long string in the admin.list file, per CVE-2011-5033. The vulnerability details are supported by mul...
CSF Firewall Buffer Overflow
Exploit for linux platform in category dos / poc Exploit Title: CSF Firewall Buffer overflow p0c DownLoaD : http://www.configserver.com/free/csf.tgz Date: 2011-12-09 Author: FoX HaCkEr site : www.sec4ever.com MaiL : email protected Tested on: CentOS3/4...
CSF Firewall - Buffer Overflow (PoC)
CSF Firewall - Buffer Overflow PoC / Exploit Title: CSF Firewall Buffer overflow p0c DownLoaD : http://www.configserver.com/free/csf.tgz Date: 2011-12-09 Author: FoX HaCkEr site : www.sec4ever.com MaiL : [email protected] Tested on: CentOS3/4...