20 matches found
CVE-2025-60858
CVE-2025-60858 affects Reolink Video Doorbell Wi‑Fi DB_566128M5MP_W. The vulnerability arises from storing and transmitting DDNS credentials in plaintext within the device’s configuration and update scripts, enabling potential interception or extraction of sensitive information. Across connected ...
EUVD-2008-0850
Malware in sbrugna...
CVE-2014-0468
Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that the users would have uploaded in their raw SCM repositories SVN, Git, Bzr.... This issue affects fusionforge: before 5.3+20140506...
Distro Linux Workbooth 访问控制错误漏洞
Distro Linux Workbooth is an open source application for Distro Linux. An access control error vulnerability exists in Distro Linux Workbooth version v2.5, which originates from allowing privileges to be elevated to the root user via manipulation of network configuration scripts...
CVE-2023-36609
The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges...
Default configuration
The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges...
CVE-2023-36609
The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges...
Ovarro TBox RTUs
1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Ovarro Equipment: TBox RTUs Vulnerabilities: Missing Authorization, Use of Broken or Risky Cryptographic Algorithm, Inclusion of Functionality from Untrusted Control Sphere, Insufficient Entropy,...
M-Files Server 跨站脚本漏洞
M-Files Server is a server for the M-Files system from M-Files, Inc. A security vulnerability exists in versions of M-Files Server prior to 22.2.11051.0, which stems from an administrative tool that allows the use of scripts to store configuration data that can then be run by other library...
Dhclient Bash Environment Variable Injection (Shellshock)
This module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets dhclient by responding to DHCP requests with a malicious hostname, domainname, and URL which are then passed to the configuration scripts as environment...
DHCP Client Bash Environment Variable Code Injection (Shellshock)
This module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets dhclient by responding to DHCP requests with a malicious hostname, domainname, and URL which are then passed to the configuration scripts as environment...
geeeekShop 1.4 Information Disclosure Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/8380/info geeeekShop is prone to multiple information disclosure vulnerabilities. Passing invalid data as URI parameters to geeeekShop scripts, will cause an error message to be displayed, which contains installation path...
PHP 5.5.x < 5.5.14 Multiple Vulnerabilities
According to its banner, the version of PHP 5.5.x installed on the remote host is a version prior to 5.5.14. It is, therefore, affected by the following vulnerabilities : - Boundary checking errors exist related to the Fileinfo extension, Composite Document Format CDF handling and the functions...
CVE-2013-5030
Ruckus Wireless Zoneflex 2942 devices with firmware 9.6.0.0.267 allow remote attackers to bypass authentication, and subsequently access certain configuration/ and maintenance/ scripts, by constructing a crafted URI after receiving an authentication error for an arbitrary login attempt...
Design/Logic Flaw
StatCounteX 3.0 and 3.1 allows remote attackers to obtain sensitive information and edit configuration scripts via a direct request to admin.asp...
CVE-2008-0843
StatCounteX 3.0 and 3.1 allows remote attackers to obtain sensitive information and edit configuration scripts via a direct request to admin.asp...
CVE-2008-0843
StatCounteX 3.0 and 3.1 are affected by a vulnerability that allows remote attackers to obtain sensitive information and edit configuration scripts via a direct request to admin.asp. The available sources corroborate the product/version and the existence of the flaw but do not provide detailed ro...
geeeekShop 1.4 - Information Disclosure
geeeekShop 1.4 - Information Disclosure source: https://www.securityfocus.com/bid/8380/info geeeekShop is prone to multiple information disclosure vulnerabilities. Passing invalid data as URI parameters to geeeekShop scripts, will cause an error message to be displayed, which contains installatio...
CVE-2000-1057
Vulnerabilities in database configuration scripts in HP OpenView Network Node Manager NNM 6.1 and earlier allows local users to gain privileges, possibly via insecure permissions...
majordomo.txt
Hi, Majordomo is a perl script for managing mailing lists. The package comes with several scripts and a program written in C wrapper that runs setuid to ensure that majordomo performs all the work with proper permissions for further information you can check the FAQ that comes with the package...