Lucene search
+L

193 matches found

OSV
OSV
added 2019/08/01 5:15 p.m.6 views

CVE-2018-20952

cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor SEC-388...

6.5CVSS5.8AI score0.00875EPSS
Exploits0References1
Prion
Prion
added 2019/08/01 5:15 p.m.16 views

Code injection

cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor SEC-388...

4CVSS6.5AI score0.00875EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/08/01 4:19 p.m.20 views

CVE-2018-20952

cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor SEC-388...

6.6AI score0.00875EPSS
Exploits0References1
CVE
CVE
added 2019/08/01 4:19 p.m.61 views

CVE-2018-20952

CVE-2018-20952 affects cPanel prior to 68.0.27. The issue involves world-readable files created during use of the WHM Apache Includes Editor (SEC-388). The public description confirms the vulnerable state; no exploitation details are provided in the supplied documents. Remediation appears to be u...

6.5CVSS6.5AI score0.00875EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2019/01/22 1:21 p.m.67 views

DuckDuckGo: XXE on https://duckduckgo.com

An XML External Entity XXE injection vulnerability was discovered in the x.js endpoint on https://duckduckgo.com via u parameter. This was due to improper sanitation of external XML entities. The results was a leak of certain world readable files on the system. This issue was patched. Additionall...

0.8AI score
Exploits0
CNVD
CNVD
added 2018/10/17 12:0 a.m.6 views

Dell EMC ESRS Virtual Edition Incorrect File Permissions Vulnerability

Dell EMC ESRS is a secure storage product from DEll. An incorrect file permission vulnerability exists in Dell EMC ESRS Virtual Edition, an application that contains multiple configuration files with world-readable permissions, allowing an authenticated, malicious user to exploit the contents of...

7.8CVSS7.4AI score0.00368EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:30 p.m.32 views

Security Bulletin: IBM Security Access Manager for Web is affected by a vulnerability in the WebSEAL HTTPTransformation request processing (CVE-2015-4963)

Summary IBM Security Access Manager for Web is affected by a vulnerability in the processing of HTTPTransformation requests in WebSEAL. This vulnerability could allow a remote attacker to gain access to readable/writable files on the system. Vulnerability Details CVEID: CVE-2015-4963 DESCRIPTION:...

7.5CVSS0.7AI score0.03299EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2017/12/13 5:57 p.m.49 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.0 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

9.8CVSS7AI score0.37721EPSS
Exploits7References20
RedHat Linux
RedHat Linux
added 2017/12/13 5:57 p.m.6 views

EAP-7: Wrong privileges on multiple property files

It was found that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system...

5.5CVSS7.3AI score0.00376EPSS
Exploits0References4
Veracode
Veracode
added 2017/11/14 6:35 a.m.4 views

Unauthorized Access

Apache Hadoop Mapreduce is vulnerable to unauthorized access. If a file with world-readable access permissions is localized through YARN's localization mechanism, the file will be stored in a world-readable location that can then be accessed by a malicious user...

7.8CVSS6.3AI score0.00347EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2017/07/17 7:29 p.m.6 views

CVE-2017-3742

In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for this ad-hoc connection will be stored in a user-readable location. An attacker with read access to t...

4.8CVSS5.6AI score0.00483EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2016/11/11 12:0 a.m.18 views

Amazon Linux AMI : cloud-init (ALAS-2016-763)

It was discovered that cloud-init in the Amazon Linux AMI wrote IAM role credentials from the instance metadata service to files readable by the root user in /var/lib/cloud. An application with root privileges, a container with access to the relevant files, or a root user of an AMI derived from a...

5.5AI score
Exploits0References1
CNVD
CNVD
added 2016/10/31 12:0 a.m.8 views

Candlepin 'subscription-manager' Insecure File Permissions Vulnerability

Candlepin is a collection of subscription tools that allow companies to manage their software. An insecure file permission vulnerability exists in Candlepin 'subscription-manager'. A local attacker could gain access to world-readable files and extract sensitive information from them...

3.3CVSS6.4AI score0.00425EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2016/10/06 12:0 a.m.27 views

Cisco Firepower Management Center Console Local File Inclusion Vulnerability

A vulnerability in the web console of Cisco Firepower Management Center could allow an authenticated, remote attacker to access sensitive information. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respecti...

6.5CVSS6.4AI score0.36617EPSS
Exploits5References1
OSV
OSV
added 2016/08/26 12:0 a.m.27 views

DLA-601-1 quagga - security update

Bulletin has no description...

7.5CVSS6.3AI score0.04642EPSS
Exploits0
Kitploit
Kitploit
added 2015/10/05 9:49 p.m.69 views

QARK - Tool to look for several security related Android application vulnerabilities

Q uick A ndroid R eview K it - This tool is designed to look for several security related Android application vulnerabilities, either in source code or packaged APKs. The tool is also capable of creating "Proof-of-Concept" deployable APKs and/or ADB commands, capable of exploiting many of the...

7.6AI score
Exploits0References1
Cvelist
Cvelist
added 2015/02/10 7:0 p.m.22 views

CVE-2014-8733

Cloudera Manager 5.2.0, 5.2.1, and 5.3.0 stores the LDAP bind password in plaintext in unspecified world-readable files under /etc/hadoop, which allows local users to obtain this password...

6.4AI score0.00318EPSS
Exploits0References1
CNVD
CNVD
added 2015/01/20 12:0 a.m.3 views

pxz Insecure File Permissions Vulnerability

pxz is a compression tool for linux. An insecure file permission vulnerability exists in pxz, which allows local attackers to exploit the vulnerability to access globally readable files and obtain sensitive information...

6.5AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2014/10/20 3:55 p.m.25 views

CVE-2014-5448

Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files...

2.1CVSS6.1AI score0.00371EPSS
Exploits0References3
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.21 views

phpMyAdmin 2.x Export.PHP File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9564/info phpMyAdmin is prone to a vulnerability that may permit remote attackers to gain access to files that are readable by the hosting web server. The issue is reported to exist in the 'export.php' script and may be...

7.1AI score
Exploits0
Rows per page
Query Builder