183 matches found
MiniWeb HTTP Server 0.8.19 Buffer Overflow
Exploit Title: MiniWeb HTTP Server 0.8.19 - Buffer Overflow PoC Date: 13.12.2020 Exploit Author: securityforeveryone.com Author Mail: helloATsecurityforeveryone.com Vendor Homepage: https://sourceforge.net/projects/miniweb/ Software Link:...
MiniWeb HTTP Server 0.8.19 - Buffer Overflow (PoC)
Exploit Title: MiniWeb HTTP Server 0.8.19 - Buffer Overflow PoC Date: 13.12.2020 Exploit Author: securityforeveryone.com Author Mail: helloATsecurityforeveryone.com Vendor Homepage: https://sourceforge.net/projects/miniweb/ Software Link:...
Unspecified Vulnerability in Various Apple Products (CNVD-2020-67608)
Apple watchOS is an operating system for smartwatches.Apple iPadOS is an operating system for iPad tablets.Apple macOS Catalina is a specialized operating system developed for Mac computers. A security vulnerability exists in a number of Apple products that stems from the fact that spaced-drop...
CVE-2019-8796
A logic issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, iOS 12.4.3, watchOS 6.1, iOS 13.2 and iPadOS 13.2. AirDrop transfers may be unexpectedly accepted while in Everyone mode...
CVE-2019-8796
A logic issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, iOS 12.4.3, watchOS 6.1, iOS 13.2 and iPadOS 13.2. AirDrop transfers may be unexpectedly accepted while in Everyone mode...
Command Execution Vulnerability in Everyone Piano Windows Client
Everyone Piano is a piano simulation software that combines piano learning and entertainment. A command execution vulnerability exists in the Everyone Piano windows client, which can be exploited by an attacker to gain control of the server...
Guild Wars 2 - Insecure Folder Permissions Vulnerability
Exploit Title: Guild Wars 2 - Insecure Folder Permissions Exploit Author: George Tsimpidas Software Link : https://account.arena.net/welcome Version Build : 106915 Tested on: Microsoft Windows 10 Home 10.0.18362 N/A Build 18362 Category: local Vulnerability Description: Guild Wars 2 Launcher...
Privilege escalation
ActFax Version 7.10 Build 0335 2020-05-25 is susceptible to a privilege escalation vulnerability due to insecure folder permissions on %PROGRAMFILES%\ActiveFax\Client, %PROGRAMFILES%\ActiveFax\Install\ and %PROGRAMFILES%\ActiveFax\Terminal. The folder permissions allow "Full Control" to...
CVE-2019-19490
LiteManager 4.5.0 has weak permissions Everyone: Full Control in the "LiteManagerFree - Server" folder, as demonstrated by ROMFUSClient.exe...
CVE-2019-16913
PC Protect Antivirus v4.14.31 installs by default to %PROGRAMFILESX86%\PCProtect with very weak folder permissions, granting any user full permission "Everyone: F" to the contents of the directory and its subfolders. In addition, the program installs a service called SecurityService that runs as...
WhatsApp 'Delete for Everyone' Doesn't Delete Media Files Sent to iPhone Users
Telegram messenger patches a privacy flaw in its "delete for everyone" feature that was not actually deleting shared images from the recipients' devices stored under "/Telegram/Telegram Images/" folder; instead was only deleting it from the chat screen...
WhatsApp 'Delete for Everyone' Doesn't Delete Media Files Sent to iPhone Users
Telegram messenger patches a privacy flaw in its "delete for everyone" feature that was not actually deleting shared images from the recipients' devices stored under "/Telegram/Telegram Images/" folder; instead was only deleting it from the chat screen.https://t.co/JNgfUsNYYL...
CVE-2019-14935
3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA%\3CXPhone for Windows\PhoneApp" installation directory, allowing Full Control access for Everyone, and leading to privilege escalation because of a StartUp link...
Design/Logic Flaw
OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configure excessive permissions by default on Windows. During installation, a displaylistcache file share is created on the Windows server with full read and write permissions for the Everyone group at both the NTFS and Share levels. T...
CVE-2019-12270
OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configure excessive permissions by default on Windows. During installation, a displaylistcache file share is created on the Windows server with full read and write permissions for the Everyone group at both the NTFS and Share levels. T...
CVE-2018-18435
KioWare Server version 4.9.6 and older installs by default to "C:\kiowarecom" with weak folder permissions granting any user full permission "Everyone: F" to the contents of the directory and it's sub-folders. In addition, the program installs a service called "KWSService" which runs as...
How to Delete Accidentally Sent Messages, Photos on Facebook Messenger
Ever sent a message on Facebook Messenger then immediately regretted it, or an embarrassing text to your boss in the heat of the moment at late night, or maybe accidentally sent messages or photos to a wrong group chat? Of course, you have. We have all been through drunk texts and embarrassing...
hotels-for-everyone.com XSS vulnerability
Open Bug Bounty ID: OBB-709875 Description| Value ---|--- Affected Website:| hotels-for-everyone.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:|...
Default configuration
The CorsairService Service in Corsair Utility Engine is installed with insecure default permissions, which allows unprivileged local users to execute arbitrary commands via modification of the CorsairService BINARYPATHNAME, leading to complete control of the affected system. The issue exists due ...
CVE-2018-12441
The CorsairService Service in Corsair Utility Engine is installed with insecure default permissions, which allows unprivileged local users to execute arbitrary commands via modification of the CorsairService BINARYPATHNAME, leading to complete control of the affected system. The issue exists due ...