137 matches found
CVE-2020-5752
CVE-2020-5752: Druva inSync Windows Client contains a path traversal vulnerability in the inSyncCPHwnet64 RPC service (port 6064) that can be exploited locally to run commands as SYSTEM on Windows 10 (x64) with inSync Client 6.6.3 and below. The RPC type 5 handling flaw enables command injection ...
CVE-2020-5752
creationtimestamp| type| source ---|---|--- 2020-05-12 18:48:12+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/druvainsyncinsynccphwnet64rcptype5privesc.rb 2020-05-22 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/48505...
Druva inSync inSyncCPHwnet64.exe RPC Type 5 Privilege Escalation
Druva inSync client for Windows exposes a network service on TCP port 6064 on the local network interface. inSync versions 6.6.3 and prior do not properly validate user-supplied program paths in RPC type 5 messages, allowing execution of arbitrary commands as SYSTEM. This module has been tested...
CVE-2018-5752
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery SSRF attacks via vectors involving non-decimal representations of IP addresses and...
CVE-2018-5752
Open-Xchange OX App Suite vulnerability CVE-2018-5752 affects the backend component in versions before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22. The issue is a server-side request forgery (SSRF) via vectors involving non-decimal representations...
CVE-2016-5752
The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 was handling unsigned SAML requests incorrectly, leaking results to a potentially malicious "Assertion Consumer Service URL" instead of the original requester...
CVE-2016-5752
The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 was handling unsigned SAML requests incorrectly, leaking results to a potentially malicious "Assertion Consumer Service URL" instead of the original requester...
CVE-2016-5752
The CVE-2016-5752 entry concerns NetIQ Access Manager’s Identity Server SAML2 implementation. Affected versions are 4.1 prior to 4.1.2 HF1 and 4.2 prior to 4.2.2. The issue arises from handling unsigned SAML requests, causing leakage of results to a potentially malicious Assertion Consumer Servic...
CVE-2015-5752
Backup in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via a crafted app that creates a symlink...
CVE-2015-5752
CVE-2015-5752 (Apple iOS Backup Symbolic Link Vulnerability) Affected software: Apple iOS prior to 8.4.1, specifically the Backup component. Root cause: A symbolic link handling flaw in the backup mechanism allowed a crafted app to create symlinks that bypassed intended filesystem access restrict...
CVE-2015-5752
Backup in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via a crafted app that creates a symlink...
CVE-2014-5752
CVE-2014-5752 affects the Android app wTradersActivity (com.wTradersActivity) version 0.1, where the application does not verify X.509 certificates from SSL servers. This vulnerability can enable man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certifica...
Oracle Linux 3 : httpd (ELSA-2007-0533)
From Red Hat Security Advisory 2007:0533 : Updated Apache httpd packages that correct two security issues and two bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a...
Oracle Linux 5 : Moderate: / httpd (ELSA-2007-0556)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2007-0556 advisory. 2.2.3-7.el5.0.1 - Marks removal + index page cleanup 2.2.3-7.el5 - add security fixes for CVE-2007-1863, CVE-2007-3304, and CVE-2006-5752 244665 Tenabl...
RHEL 4 : Proxy Server (RHSA-2008:0263)
Red Hat Network Proxy Server version 5.0.2 is now available. This update includes fixes for a number of security issues in Red Hat Network Proxy Server components. This update has been rated as having low security impact by the Red Hat Security Response Team. The Red Hat Network Proxy Server 5.0....
SLES9: Security update for apache2
The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: apache2-doc apache2 apache2-prefork apache2-worker apache2-devel apache2-example-pages libapr0 For more information, please visit the referenced security...
Ubuntu: Security Advisory (USN-499-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for httpd FEDORA-2007-617
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora Update for httpd FEDORA-2007-2214
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora Update for httpd FEDORA-2007-0704
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...