Lucene search
K

17 matches found

EUVD
EUVD
added 2026/05/16 3:28 p.m.9 views

EUVD-2021-34839

ProcessMaker 3.5.4 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting improper path traversal validation. Attackers can send requests with directory traversal sequences to access sensitive system files like /etc/passwd without...

6.9CVSS5.9AI score0.00776EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.5 views

PT-2026-26611

CVE-2024-44722 SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd. https://t.co/m0vhXKM2HE...

6AI score0.00505EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2002-1217

Malware in sbrugna...

2.6CVSS6.1AI score0.00564EPSS
Exploits0References12
OSV
OSV
added 2025/08/20 3:31 p.m.2 views

GHSA-8F93-J3FX-72F3 CRI-O has Potential High Memory Consumption from File Read

There's a vulnerability in the CRI-O application where when container is launched with securityContext.runAsUser specifying a non-existent user, CRI-O attempts to create the user, reading the container's entire /etc/passwd file into memory. If this file is excessively large, it can cause the a hi...

5.7CVSS7AI score0.00224EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 1:22 a.m.7 views

CVE-2022-25571

Bluedon Information Security Technologies Co.,Ltd Internet Access Detector v1.0 was discovered to contain an information leak which allows attackers to access the contents of the password file via unspecified vectors...

7.5CVSS7.3AI score0.00917EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:4 p.m.7 views

CVE-2021-37187

An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may read a password file with reversible passwords from the device, which allows decoding of other users' passwords...

6.5CVSS7AI score0.00682EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 6:22 p.m.7 views

CVE-1999-0146

The campas CGI program provided with some NCSA web servers allows an attacker to execute arbitrary commands via encoded carriage return characters in the query string, as demonstrated by reading the password file...

7.5CVSS8AI score0.14663EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/03/12 12:0 a.m.4 views

PT-2024-21789 · Unknown · A-Blog Cms

Name of the Vulnerable Software and Affected Versions: a-blog cms versions 3.1.x through 3.1.9 and earlier a-blog cms versions 3.0.x through 3.0.30 and earlier a-blog cms versions 2.11.x through 2.11.59 and earlier a-blog cms versions 2.10.x through 2.10.51 and earlier a-blog cms version 2.9 and...

6.5CVSS6.7AI score0.00832EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/12/12 12:0 a.m.7 views

PT-2023-30514 · Relyum · Rely-Pcie

Name of the Vulnerable Software and Affected Versions: Relyum RELY-PCIe version 22.2.1 Description: The issue is related to a system group misconfiguration in Relyum RELY-PCIe devices, which allows read access to the central password hash file of the operating system. Recommendations: For Relyum...

7.5CVSS7AI score0.00583EPSS
Exploits0References5
NVD
NVD
added 2022/03/24 9:15 p.m.17 views

CVE-2022-25571

Bluedon Information Security Technologies Co.,Ltd Internet Access Detector v1.0 was discovered to contain an information leak which allows attackers to access the contents of the password file via unspecified vectors...

7.5CVSS0.00917EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/07/07 12:0 a.m.5 views

QSAN Storage Manager 授权问题漏洞

QSAN Storage Manager is a NAS operating system from Quantium Technologies Incorporated QSAN. An authorization issue vulnerability exists in QSAN Storage Manager prior to version 3.3.1 build 202101041800, which stems from the product misassigning permissions on critical resource management and can...

6.5CVSS5.9AI score0.00943EPSS
Exploits0References2
CERT
CERT
added 2012/03/08 12:0 a.m.15 views

AjaXplorer contains multiple vulnerabilities

Overview AjaXplorer 4.0.3 and earlier versions contain a directory traversal vulnerability and a weak cookie authentication scheme. Description AjaXplorer contains a directory traversal vulnerability in the "Get Template" feature. The URL variables templatename and pluginName can be used to explo...

7.6AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2004/09/29 12:0 a.m.30 views

Debian DSA-188-1 : apache-ssl - several vulnerabilities

According to David Wagner, iDEFENSE and the Apache HTTP Server Project, several vulnerabilities have been found in the Apache package, a commonly used webserver. Most of the code is shared between the Apache and Apache-SSL packages, so vulnerabilities are shared as well. These vulnerabilities cou...

7.5CVSS6.2AI score0.94006EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2003/10/19 12:0 a.m.33 views

NetInfo Arbitrary Remote File Access

Using NetInfo, it is possible to obtain the password file of the remote host by querying it directly. An attacker may use it to set up a brute-force attack to crack the passwords contained in the file, and then use the gained passwords to login into the remote host, either remotely or locally. C...

2.1CVSS5.5AI score0.0103EPSS
Exploits1References2
OSV
OSV
added 2002/11/13 12:0 a.m.26 views

DSA-195 apache-perl - several vulnerabilities

Bulletin has no description...

7.5CVSS9.3AI score0.94006EPSS
Exploits0
NVD
NVD
added 2002/11/04 5:0 a.m.26 views

CVE-2002-1233

A regression error in the Debian distributions of the apache-ssl package before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0, for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs 1...

2.6CVSS6AI score0.00564EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 1999/01/01 12:0 a.m.6 views

PT-1999-1179 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue concerns inappropriate permissions for system-critical data in an anonymous FTP account. This includes the root directory being writeable by anyone, the ability to obtain ...

10CVSS6.4AI score0.01957EPSS
Exploits0References2
Rows per page
Query Builder