17 matches found
EUVD-2021-34839
ProcessMaker 3.5.4 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting improper path traversal validation. Attackers can send requests with directory traversal sequences to access sensitive system files like /etc/passwd without...
PT-2026-26611
CVE-2024-44722 SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd. https://t.co/m0vhXKM2HE...
EUVD-2002-1217
Malware in sbrugna...
GHSA-8F93-J3FX-72F3 CRI-O has Potential High Memory Consumption from File Read
There's a vulnerability in the CRI-O application where when container is launched with securityContext.runAsUser specifying a non-existent user, CRI-O attempts to create the user, reading the container's entire /etc/passwd file into memory. If this file is excessively large, it can cause the a hi...
CVE-2022-25571
Bluedon Information Security Technologies Co.,Ltd Internet Access Detector v1.0 was discovered to contain an information leak which allows attackers to access the contents of the password file via unspecified vectors...
CVE-2021-37187
An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may read a password file with reversible passwords from the device, which allows decoding of other users' passwords...
CVE-1999-0146
The campas CGI program provided with some NCSA web servers allows an attacker to execute arbitrary commands via encoded carriage return characters in the query string, as demonstrated by reading the password file...
PT-2024-21789 · Unknown · A-Blog Cms
Name of the Vulnerable Software and Affected Versions: a-blog cms versions 3.1.x through 3.1.9 and earlier a-blog cms versions 3.0.x through 3.0.30 and earlier a-blog cms versions 2.11.x through 2.11.59 and earlier a-blog cms versions 2.10.x through 2.10.51 and earlier a-blog cms version 2.9 and...
PT-2023-30514 · Relyum · Rely-Pcie
Name of the Vulnerable Software and Affected Versions: Relyum RELY-PCIe version 22.2.1 Description: The issue is related to a system group misconfiguration in Relyum RELY-PCIe devices, which allows read access to the central password hash file of the operating system. Recommendations: For Relyum...
CVE-2022-25571
Bluedon Information Security Technologies Co.,Ltd Internet Access Detector v1.0 was discovered to contain an information leak which allows attackers to access the contents of the password file via unspecified vectors...
QSAN Storage Manager 授权问题漏洞
QSAN Storage Manager is a NAS operating system from Quantium Technologies Incorporated QSAN. An authorization issue vulnerability exists in QSAN Storage Manager prior to version 3.3.1 build 202101041800, which stems from the product misassigning permissions on critical resource management and can...
AjaXplorer contains multiple vulnerabilities
Overview AjaXplorer 4.0.3 and earlier versions contain a directory traversal vulnerability and a weak cookie authentication scheme. Description AjaXplorer contains a directory traversal vulnerability in the "Get Template" feature. The URL variables templatename and pluginName can be used to explo...
Debian DSA-188-1 : apache-ssl - several vulnerabilities
According to David Wagner, iDEFENSE and the Apache HTTP Server Project, several vulnerabilities have been found in the Apache package, a commonly used webserver. Most of the code is shared between the Apache and Apache-SSL packages, so vulnerabilities are shared as well. These vulnerabilities cou...
NetInfo Arbitrary Remote File Access
Using NetInfo, it is possible to obtain the password file of the remote host by querying it directly. An attacker may use it to set up a brute-force attack to crack the passwords contained in the file, and then use the gained passwords to login into the remote host, either remotely or locally. C...
DSA-195 apache-perl - several vulnerabilities
Bulletin has no description...
CVE-2002-1233
A regression error in the Debian distributions of the apache-ssl package before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0, for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs 1...
PT-1999-1179 · Undefined · Undefined
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue concerns inappropriate permissions for system-critical data in an anonymous FTP account. This includes the root directory being writeable by anyone, the ability to obtain ...