10 matches found
PT-2026-20910
Name of the Vulnerable Software and Affected Versions GFI MailEssentials AI versions prior to 22.4 Description The software contains an arbitrary directory existence enumeration issue in the ListServer.IsPathExist web method, accessible via the API endpoint...
CVE-2025-15067
Unrestricted Upload of File with Dangerous Type vulnerability in Innorix Innorix WP allows Upload a Web Shell to a Web Server.This issue affects Innorix WP from All versions If the "exam" directory exists under the directory where the product is installed ex: innorix/exam...
CVE-2025-15066
CVE-2025-15066 affects Innorix WP with a path traversal flaw due to improper pathname restriction in the installation directory (exam directory). All versions are implicated if innorix/exam exists; can lead to arbitrary file download. Exploitation details are not provided beyond the description; ...
CVE-2025-13663 Quartus Prime Pro Edition Installer Advisory
Under certain circumstances, the Quartus Prime Pro Installer for Windows does not check the permissions of the Quartus target installation directory if the target installation directory already exists...
Incorrect Permission Assignment for Critical Resource
Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to using os.MkdirAll function which does not perform any permission checks when a given directory path already exists. An attacker can gain unauthorized access or modify files by...
Incorrect Permission Assignment for Critical Resource
Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to using os.MkdirAll function which does not perform any permission checks when a given directory path already exists. An attacker can gain unauthorized access or modify files by...
Local Privilege Escalation in polkits pkexec
A bug exists in the polkit pkexec binary in how it processes arguments. If the binary is provided with no arguments, it will continue to process environment variables as argument variables, but without any security checking. By using the execve call we can specify a null argument list and populat...
Microsoft Windows 10 AppXSvc Deployment Service - Arbitrary File Deletion Exploit
/ Author : Abdelhamid Naceri Discovered On : 13/08/2019 Description : An Elevation Of Privileges Exist when the microsoft AppXSvc Deployment Service Cannot Properly Handle The Folder Junction lead to an arbitrary file deletion from a low integrity user . Still Unpatched On 13/08/2019 Here Is A De...
Information Disclosure
Apache Sling JCR ContentLoader is vulnerable to information disclosure. The application doesn't properly check if a directory exists before importing files, allowing a malicious user access to arbitrary files...
GNU / Bash v4.4 autocompletion Code Execution Vulnerability
Exploit for linux platform in category local exploits GNU Bash code execution vulnerability in path completion Jens Heyens, Ben Stock January 2017 1 Introduction GNU Bash from version 4.4 contains two bugs in its path completion feature leading to a code execution vulnerability. An exploit can be...