193 matches found
CVE-2022-39821
In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerability occurs. The web application stores critical information, such as cleartext user credentials, in world-readable files in the filesystem...
Data Transfer Project 安全漏洞
Google Data Transfer Project is an open source data transfer project of the U.S. company Google Google. It enables people to easily transfer data between online service providers. A security vulnerability exists in data-transfer-project that originates on Unix-like systems where the system...
Incorrect Default Permissions in Cobbler
An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobble...
PYSEC-2022-38
An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobble...
PT-2022-12304 · Cobbler +2 · Cobbler +2
Name of the Vulnerable Software and Affected Versions: Cobbler versions prior to 3.3.1 Description: An issue was discovered where files in /etc/cobbler are world readable, exposing sensitive information to local users with non-privileged access. The users.digest file contains the sha2-512 digest ...
CVE-2021-43413
An issue was discovered in GNU Hurd before 0.9 20210404-9. A single pager port is shared among everyone who mmaps a file, allowing anyone to modify any files that they can read. This can be trivially exploited to get full root access...
grafana: information disclosure through world-readable grafana configuration files
An information-disclosure flaw was found in Grafana distributed by Red Hat. This flaw allows a local attacker access to potentially sensitive information such as secretkey and a bindpassword from the world-readable files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml...
MGASA-2020-0326 Updated targetcli packages fix security vulnerability
An access flaw was found in targetcli, where the /etc/target and underneath backup directory/files were world-readable. This flaw allows a local attacker to access potentially sensitive information such as authentication credentials from the /etc/target/saveconfig.json and backup files. The highe...
Exploit for Path Traversal in F5 Big-Ip_Access_Policy_Manager
cve-2020-5902 cve-2020-5902 POC exploit bash POC CVE-2020-...
grafana: information disclosure through world-readable grafana configuration files
An information-disclosure flaw was found in Grafana distributed by Red Hat. This flaw allows a local attacker access to potentially sensitive information such as secretkey and a bindpassword from the world-readable files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml...
CVE-2020-1631
A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN DVPN, Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning ZTP allows an unauthenticated attacker to perform local file inclusion LFI or path traversal. Using this vulnerability...
Grafana Information Disclosure Vulnerability (CNVD-2020-27229)
Grafana is a set of open source monitoring tools from Grafana Labs that provide a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. An information disclosure vulnerability exists in Grafana 6.7.3 and earlier versions,...
GHSA-8867-VPM3-G98G Incorrect Default Permissions in keyring
Python keyring has insecure permissions on new databases, allowing world-readable files to be created...
The vulnerability of the Junos operating system arises from an incorrect path limitation for the access-limited directory. This allows attackers to gain access to files with a “world” read permission, or to delete any files with a “world” permission.
The vulnerability of the Junos operating system exists due to an incorrect restriction on the path name to the restricted access directory. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain read access to files with the "world" permission, or to delete any files...
CVE-2016-3192
Cloudera Manager 5.x before 5.7.1 places Sensitive Data in cleartext Readable Files...
CVE-2012-5578
Python keyring has insecure permissions on new databases allowing world-readable files to be created...
Code injection
Python keyring has insecure permissions on new databases allowing world-readable files to be created...
CVE-2012-5578
Python keyring has insecure permissions on new databases allowing world-readable files to be created...
CVE-2012-5578
Python keyring has insecure permissions on new databases allowing world-readable files to be created...
CVE-2012-5578
Python keyring has insecure permissions on new databases allowing world-readable files to be created...