Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. sends base64 encoded credentials in the creds URL parameter. The Web server in 1C:Enterprise 8 before 8. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible. Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. This is exploitable on sites using debug mode with Laravel before 8.4.2. Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).įfay lanproxy 0.1 allows Directory Traversal to read /./conf/config.properties to obtain credentials for a connection to the intranet. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |