CVE-2021-20066

JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled...

PT-2021-13744 · Jsdom · Jsdom

Name of the Vulnerable Software and Affected Versions: JSDom affected versions not specified Description: JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled. Recommendations: At the moment...

Privilege escalation

Privilege Escalation vulnerability in McAfee Total Protection MTP prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file deletion as the SYSTEM user potentially causing Denial of Service via manipulating Junction link, after enumerating certain files, at a...

CVE-2020-25238

A vulnerability has been identified in PCS neo Administration Console All versions V3.1, TIA Portal V15, V15.1 and V16. Manipulating certain files in specific folders could allow a local attacker to execute code with SYSTEM privileges. The security vulnerability could be exploited by an attacker...

CVE-2020-29166

PacsOne Server PACS Server In One Box below 7.1.1 is affected by file read/manipulation, which can result in remote information disclosure...

CVE-2020-29166

PacsOne Server PACS Server In One Box below 7.1.1 is affected by file read/manipulation, which can result in remote information disclosure...

Information disclosure

PacsOne Server PACS Server In One Box below 7.1.1 is affected by file read/manipulation, which can result in remote information disclosure...

CVE-2020-29166

PacsOne Server PACS Server In One Box below 7.1.1 is affected by file read/manipulation, which can result in remote information disclosure...

CVE-2020-29166

CVE-2020-29166 affects PacsOne Server (PACS Server In One Box) prior to version 7.1.1, with a file read/manipulation vulnerability that can lead to remote information disclosure. The connected data confirms the flaw and its impact but does not provide explicit remediation steps or confirmed explo...

Packed.Win32.Katusha.o Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/e184abe44bec183a522d2c66bc3f90e0.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Packed.Win32.Katusha.o Ransomeware Vulnerability: Insecure Permissions EoP Description: The malware...

CVE-2021-21272

ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability. The directory support feature allows the downloade...

Ssh-Mitm - Ssh Mitm Server For Security Audits Supporting Public Key Authentication, Session Hijacking And File Manipulation

ssh-mitm is an intercepting mitm proxy server for security audits. Redirect/mirror Shell to anotherssh client supported in 0.2.8 Replace File in SCP supported in 0.2.6 Replace File in SFTP supported in 0.2.3 Transparent proxy support in 0.2.2! - intercepting traffic to other hosts is now possible...

Cisco Webex Teams Shared File Manipulation Vulnerability

Cisco Webex Teams is a comprehensive communications application designed to provide you with all the necessary tools and the right environment to enhance team collaboration. A shared file manipulation vulnerability exists in versions prior to Cisco Webex Teams 40.12.0.17293. The vulnerability ste...

CVE-2021-1242

A vulnerability in Cisco Webex Teams could allow an unauthenticated, remote attacker to manipulate file names within the messaging interface. The vulnerability exists because the affected software mishandles character rendering. An attacker could exploit this vulnerability by sharing a file withi...

CVE-2021-1242 Cisco Webex Teams Shared File Manipulation Vulnerability

A vulnerability in Cisco Webex Teams could allow an unauthenticated, remote attacker to manipulate file names within the messaging interface. The vulnerability exists because the affected software mishandles character rendering. An attacker could exploit this vulnerability by sharing a file withi...

CVE-2021-1242 Cisco Webex Teams Shared File Manipulation Vulnerability

A vulnerability in Cisco Webex Teams could allow an unauthenticated, remote attacker to manipulate file names within the messaging interface. The vulnerability exists because the affected software mishandles character rendering. An attacker could exploit this vulnerability by sharing a file withi...

CVE-2021-1242

CVE-2021-1242 affects Cisco Webex Teams (Webex/Jabber client) where the shared-file name display can be manipulated due to improper character rendering. An unauthenticated, remote attacker could share a file to alter how the file name appears in the messaging interface, enabling phishing or spoof...

Cisco Jabber and Webex Client Software Shared File Manipulation Vulnerability

A vulnerability in Cisco Jabber and Cisco Webex formerly Teams could allow an unauthenticated, remote attacker to manipulate file names within the messaging interface. The vulnerability exists because the affected software mishandles character rendering. An attacker could exploit this vulnerabili...

Cisco Webex Teams Shared File Manipulation Vulnerability (cisco-sa-webex-teams-7ZMcXG99)

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cisco-sa-webex-teams-7ZMcXG99 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's...

CVE-2020-29552

An issue was discovered in URVE Build 24.03.2020. By using the internal/pc/vpro.php?mac=0&ip=0&operation=0&usr=0&pass=0%3bpowershell+-c+" substring, it is possible to execute a Powershell command and redirect its output to a file under the web root...