28 matches found
CVE-2026-11423
A path traversal vulnerability exists in the Altium Enterprise Server Collaboration Service due to improper handling of user-supplied filenames in the MCAD and Simulation file download flows. A regular authenticated user can submit a collaboration message containing a crafted filename, which is...
CVE-2026-11423
The CVE affects Altium Enterprise Server Collaboration Service. The vulnerability is a path traversal in the MCAD and Simulation file download flows caused by improper handling of user-supplied filenames, allowing an authenticated user to craft a filename in a collaboration message that is later ...
CVE-2026-9129
A path traversal vulnerability exists in the Altium Enterprise Server Viewer StorageController due to improper handling of file path route parameters. On on-premise deployments that use local filesystem storage, a regular authenticated user can supply a URL-encoded absolute path such as an encode...
CVE-2026-9129 Path Traversal in Altium Enterprise Server Viewer StorageController Allows Arbitrary File Read
A path traversal vulnerability exists in the Altium Enterprise Server Viewer StorageController due to improper handling of file path route parameters. On on-premise deployments that use local filesystem storage, a regular authenticated user can supply a URL-encoded absolute path such as an encode...
PT-2026-42246
A path traversal vulnerability exists in the Altium Enterprise Server Viewer StorageController due to improper handling of file path route parameters. On on-premise deployments that use local filesystem storage, a regular authenticated user can supply a URL-encoded absolute path such as an encode...
CVE-2024-23333
LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When th...
DEBIAN-CVE-2024-23333
LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When th...
CVE-2024-23333 LAM vulnerable to Authenticated Remote Code Execution
LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When th...
CVE-2024-23333 LAM vulnerable to Authenticated Remote Code Execution
LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When th...
SUSE CVE-2017-8109
The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions clients...
SUSE CVE-2019-16543
Jenkins Spira Importer Plugin 3.2.2 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
The vulnerability of the Master Configuration Wizard component of Kaspersky’s antivirus protection tools—Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Small Office Security, and Kaspersky Security Cloud—allows a perpetrator to delete any file in the system.
The vulnerability of the Master Configuration Wizard component of Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Small Office Security, and Kaspersky Security Cloud antivirus products is related to errors in processing symbolic links. Exploiting this...
PT-2020-15427 · Jenkins · Jenkins Github Coverage Reporter Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins GitHub Coverage Reporter Plugin versions 1.8 and earlier Jenkins GitHub Coverage Reporter Plugin versions 1.10 and earlier Description: The issue concerns the storage of secrets in plain text in the global configuration file on the...
PT-2020-15434 · Jenkins · Jenkins Hp Alm Quality Center Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins HP ALM Quality Center Plugin versions 1.6 and earlier Description: The issue concerns the storage of a password in plain text in the global configuration file, specifically in...
Unspecified Vulnerability in CloudBees Jenkins Eagle Tester Plugin
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A security vulnerability exis...
PT-2020-15338 · Jenkins · Jenkins Eagle Tester Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Eagle Tester Plugin versions 1.0.9 and earlier Description: The issue concerns the storage of a password in an unencrypted form in the global configuration file on the Jenkins master. This allows users with access to the master file...
PT-2020-15336 · Jenkins · Jenkins Bmc Release Package/Deployment Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins BMC Release Package and Deployment Plugin versions 1.1 and earlier Description: The issue allows credentials to be stored unencrypted in the global configuration file on the Jenkins master. This can be viewed by users with access to t...
PT-2019-11847 · Jenkins · Jenkins Delphix Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Delphix Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file of the Jenkins master. This allows users with access to the master...
PT-2019-11823 · Jenkins · Jenkins Gitlab Logo Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins GitLab Logo Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file of the Jenkins master. This allows users with access to the...
CVE-2019-10298
Jenkins Koji Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...