CVE-2022-4983 TEC-IT TBarCode SDK 11.15 Remote File Create

TEC-IT TBarCode version 11.15 contains a vulnerability in the TBarCode11.ocx ActiveX/OCX control's licensing handling INI-file based that can be abused to cause remote creation of files on the host filesystem. Depending on where files can be created and which filenames are allowed, this can allow...

EUVD-2020-13687

Malware in sbrugna...

EUVD-2004-2118

Malware in sbrugna...

CVE-2020-20907

MetInfo 7.0 beta is affected by a file modification vulnerability. Attackers can delete and modify ini files in app/system/language/admin/languagegeneral.class.php and app/system/include/function/file.func.php...

CVE-2017-8225

On Wireless IP Camera P2P WIFICAM devices, access to .ini files containing credentials is not correctly checked. An attacker can bypass authentication by providing an empty loginuse parameter and an empty loginpas parameter in the URI...

CVE-2002-2162

Cerulean Studios Trillian 0.73 and earlier use weak encrypttion XOR for storing user passwords in .ini files in the Trillian directory, which allows local users to gain access to other user accounts...

The Windows Registry Adventure #2: A brief history of the feature

Posted by Mateusz Jurczyk, Google Project Zero Before diving into the low-level security aspects of the registry, it is important to understand its role in the operating system and a bit of history behind it. In essence, the registry is a hierarchical database made of named "keys" and "values",...

[SECURITY] Fedora 40 Update: apache-commons-configuration-2.10.1-1.fc40

The Commons Configuration software library provides a generic configuration interface which enables a Java application to read configuration data from a variety of sources. Commons Configuration provides typed access to single, and multi-valued configuration parameters as demonstrated by the...

Prototype Pollution

js-ini is vulnerable to prototype pollution. The vulnerability exists in parse function in index.ts and parse.ts due to lack of validations which allows an attacker to send malicious INI files on the application to cause a pollution on prototype...

js-ini Prorotype Pollution when malicious INI files submitted to an application that parses it with `parse`

This affects the package js-ini before 1.3.0. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context...

GHSA-M939-VRFP-9V8P js-ini Prorotype Pollution when malicious INI files submitted to an application that parses it with `parse`

This affects the package js-ini before 1.3.0. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context...

PT-2022-8904 · Unknown · Ion-Parser

Name of the Vulnerable Software and Affected Versions: ion-parser versions all Description: The issue affects the ion-parser package, where an attacker can submit a malicious INI file to an application that uses the parse function, leading to prototype pollution on the application. This can be...

Change Uploaded File Permissions <= 4.0.0 - File Permission Update via CSRF

Due to missing checks the plugin is vulnerable to CSRF attacks. This can be used to change the file and folder permissions of any folder. This could be problematic when specific files like ini files are made readable for everyone due to this. PoC...

CVE-2020-20907

MetInfo 7.0 beta is affected by a file modification vulnerability. Attackers can delete and modify ini files in app/system/language/admin/languagegeneral.class.php and app/system/include/function/file.func.php...

CVE-2020-20907

MetInfo 7.0 beta is affected by a file modification vulnerability. Attackers can delete and modify ini files in app/system/language/admin/languagegeneral.class.php and app/system/include/function/file.func.php...

Design/Logic Flaw

MetInfo 7.0 beta is affected by a file modification vulnerability. Attackers can delete and modify ini files in app/system/language/admin/languagegeneral.class.php and app/system/include/function/file.func.php...

[SECURITY] Fedora 33 Update: python-py-1.10.0-1.fc33

The py lib is a Python development support library featuring the following tools and modules: py.path: uniform local and svn path objects py.apipkg: explicit API control and lazy-importing py.iniconfig: easy parsing of .ini files py.code: dynamic code generation and introspection py.path: uniform...

[SECURITY] Fedora 32 Update: python-py-1.10.0-1.fc32

The py lib is a Python development support library featuring the following tools and modules: py.path: uniform local and svn path objects py.apipkg: explicit API control and lazy-importing py.iniconfig: easy parsing of .ini files py.code: dynamic code generation and introspection py.path: uniform...

Prototype Pollution in steveukx/properties

Description properties-reader is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC and INI files: // poc.js var propertiesReader = require'properties-reader'; console.log"Before : " + .polluted console.log"Before : " + .polluted1 var properties =...

Grouper - A PowerShell script for helping to find vulnerable settings in AD Group Policy

Grouper is a slightly wobbly PowerShell module designed for pentesters and redteamers although probably also useful for sysadmins which sifts through the usually very noisy XML output from the Get-GPOReport cmdlet part of Microsoft's Group Policy module and identifies all the settings defined in...