193 matches found
CVE-2018-20952
cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor SEC-388...
Code injection
cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor SEC-388...
CVE-2018-20952
cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor SEC-388...
CVE-2018-20952
CVE-2018-20952 affects cPanel prior to 68.0.27. The issue involves world-readable files created during use of the WHM Apache Includes Editor (SEC-388). The public description confirms the vulnerable state; no exploitation details are provided in the supplied documents. Remediation appears to be u...
DuckDuckGo: XXE on https://duckduckgo.com
An XML External Entity XXE injection vulnerability was discovered in the x.js endpoint on https://duckduckgo.com via u parameter. This was due to improper sanitation of external XML entities. The results was a leak of certain world readable files on the system. This issue was patched. Additionall...
Dell EMC ESRS Virtual Edition Incorrect File Permissions Vulnerability
Dell EMC ESRS is a secure storage product from DEll. An incorrect file permission vulnerability exists in Dell EMC ESRS Virtual Edition, an application that contains multiple configuration files with world-readable permissions, allowing an authenticated, malicious user to exploit the contents of...
Security Bulletin: IBM Security Access Manager for Web is affected by a vulnerability in the WebSEAL HTTPTransformation request processing (CVE-2015-4963)
Summary IBM Security Access Manager for Web is affected by a vulnerability in the processing of HTTPTransformation requests in WebSEAL. This vulnerability could allow a remote attacker to gain access to readable/writable files on the system. Vulnerability Details CVEID: CVE-2015-4963 DESCRIPTION:...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.0 security update
An update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
EAP-7: Wrong privileges on multiple property files
It was found that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system...
Unauthorized Access
Apache Hadoop Mapreduce is vulnerable to unauthorized access. If a file with world-readable access permissions is localized through YARN's localization mechanism, the file will be stored in a world-readable location that can then be accessed by a malicious user...
CVE-2017-3742
In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for this ad-hoc connection will be stored in a user-readable location. An attacker with read access to t...
Amazon Linux AMI : cloud-init (ALAS-2016-763)
It was discovered that cloud-init in the Amazon Linux AMI wrote IAM role credentials from the instance metadata service to files readable by the root user in /var/lib/cloud. An application with root privileges, a container with access to the relevant files, or a root user of an AMI derived from a...
Candlepin 'subscription-manager' Insecure File Permissions Vulnerability
Candlepin is a collection of subscription tools that allow companies to manage their software. An insecure file permission vulnerability exists in Candlepin 'subscription-manager'. A local attacker could gain access to world-readable files and extract sensitive information from them...
Cisco Firepower Management Center Console Local File Inclusion Vulnerability
A vulnerability in the web console of Cisco Firepower Management Center could allow an authenticated, remote attacker to access sensitive information. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respecti...
DLA-601-1 quagga - security update
Bulletin has no description...
QARK - Tool to look for several security related Android application vulnerabilities
Q uick A ndroid R eview K it - This tool is designed to look for several security related Android application vulnerabilities, either in source code or packaged APKs. The tool is also capable of creating "Proof-of-Concept" deployable APKs and/or ADB commands, capable of exploiting many of the...
CVE-2014-8733
Cloudera Manager 5.2.0, 5.2.1, and 5.3.0 stores the LDAP bind password in plaintext in unspecified world-readable files under /etc/hadoop, which allows local users to obtain this password...
pxz Insecure File Permissions Vulnerability
pxz is a compression tool for linux. An insecure file permission vulnerability exists in pxz, which allows local attackers to exploit the vulnerability to access globally readable files and obtain sensitive information...
CVE-2014-5448
Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files...
phpMyAdmin 2.x Export.PHP File Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9564/info phpMyAdmin is prone to a vulnerability that may permit remote attackers to gain access to files that are readable by the hosting web server. The issue is reported to exist in the 'export.php' script and may be...