8 matches found
CVE-2026-26335
CVE-2026-26335 affects Calero VeraSMART web applications running on IIS where VeraSMART versions prior to 2022 R1 store static machineKey values in web.config. The static keys allow an attacker to craft a valid ASP.NET ViewState payload, bypassing integrity checks and enabling server-side deseria...
CVE-2025-60805
An issue was discovered in BESSystem BES Application Server thru 9.5.x allowing unauthorized attackers to gain sensitive information via the "pre-resource" option in bes-web.xml...
ThriveX-Blog 安全漏洞
ThriveX-Blog is a blog management system by the individual developer LiuYuYang01. A security vulnerability exists in ThriveX-Blog 3.1.7 and earlier versions, which originates from an improper authorization issue in the function updateJsonValueByName in the file /webconfig/json/name/web...
Code injection
An issue exists within the SSH console of Akkadian Provisioning Manager 4.50.02 which allows a low-level privileged user to escape the web configuration file editor and escalate privileges...
U.S. Dept Of Defense: Local File Disclosure on the █████ (https://████████.edu/) leads to the full source code disclosure and credentials leak
A local file disclosure vulnerability was discovered on the █████ website https://████████.edu/. The vulnerability allowed an attacker to download the website's configuration file, which exposed the database credentials. Additionally, the source code for certain server-side resources was also...
Combodo iTop Command Injection Vulnerability
Combodo iTop also known as IT Operations Portal, IT Operations Portal is a French company Combodo ITIL-based development and for the daily operation of the IT environment of open source Web applications. The tool provides incident management, configuration management and problem management and...
PT-2015-6092 · Unknown · Thermostat
Name of the Vulnerable Software and Affected Versions: Thermostat versions prior to 2.0.0 Description: The issue allows local users to obtain user credentials by reading the web.xml configuration file due to world-readable permissions. Recommendations: For versions prior to 2.0.0, update to versi...
PT-2011-2925 · Apache · Apache Tomcat
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A regression in a previous fix caused security constraints to be ignored under certain conditions. Specifically, this occurred when there was no login...