Astra Linux - уязвимость в libreoffice

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 t...

CVE-2026-25116

Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the UserConfigController allows any remote user to overwrite the system's docker-compose.yml configuration file. By exploiting insecure URN...

EUVD-2026-4942

Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the UserConfigController allows any remote user to overwrite the system's docker-compose.yml configuration file. By exploiting insecure URN...

CVE-2026-25116

Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the UserConfigController allows any remote user to overwrite the system's docker-compose.yml configuration file. By exploiting insecure URN...

CVE-2025-56802

The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56801. NOTE: the Supplier's position is...

PT-2025-51626

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the idpf driver related to the removal of the driver. Specifically, a NULL pointer dereference can occur in the idpf remove function when attempti...

EUVD-2020-21686

Malware in sbrugna...

CVE-2021-39510

An issue was discovered in D-Link DIR816A1FW101CNB04 750m11ac wireless router, The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the user name string to delete the user function. This can lead to command injection through shell...

CVE-2024-22734

An issue was discovered in AMCS Group Trux Waste Management Software before version 7.19.0018.26912, allows local attackers to obtain sensitive information via a static, hard-coded AES Key-IV pair in the TxUtilities.dll and TruxUser.cfg components...

SUSE CVE-2013-5573

Cross-site scripting XSS vulnerability in the default markup formatter in Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration...

CVE-2020-35971

A storage XSS vulnerability is found in YzmCMS v5.8, which can be used by attackers to inject JS code and attack malicious XSS on the /admin/systemmanage/userconfigedit.html page...

CVE-2020-35971

A storage XSS vulnerability is found in YzmCMS v5.8, which can be used by attackers to inject JS code and attack malicious XSS on the /admin/systemmanage/userconfigedit.html page...

YzmCMS Cross-Site Scripting Vulnerability (CNVD-2019-07930)

YzmCMS is an open source CMS Content Management System by Yuan Zhimeng programmers in China. A cross-site scripting vulnerability exists in YzmCMS version 5.2. A remote attacker can exploit this vulnerability to inject arbitrary Web script or HTML with the help of the 'configuration value'...

QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'base64' class MetasploitModule 'QNAP TS-431 QTS %q This module creates a virtual web server and uploads the php payload into it. Admin privileges cannot access a...

CVE-2018-17044

In YzmCMS 5.1, stored XSS exists via the admin/systemmanage/userconfigadd.html title parameter...

Oracle Identity Manager (April 2012 CPU)

The remote host is missing the April 2012 Critical Patch Update for Oracle Identity Manager. It is, therefore, affected by an unspecified vulnerability related to User Config Management. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

CVE-2012-0532

Unspecified vulnerability in the Identity Manager component in Oracle Fusion Middleware 11.1.1.3 and 11.1.1.5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to User Config Management...

Design/Logic Flaw

Unspecified vulnerability in the Identity Manager component in Oracle Fusion Middleware 11.1.1.3 and 11.1.1.5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to User Config Management...

CVE-2012-0532

Technical details for CVE-2012-0532 are not publicly available in the provided documents. The connected sources reference an unspecified vulnerability in Oracle Identity Manager related to User Config Management. Monitor for updates.

CVE-2012-0532

Unspecified vulnerability in the Identity Manager component in Oracle Fusion Middleware 11.1.1.3 and 11.1.1.5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to User Config Management...