(0Day) Advantech WebAccess webvrpc IOCTL 0x2715 Arbitrary File Deletion Vulnerability

This vulnerability allows remote attackers to delete arbitrary files on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of IOCTL 0x2715 in the webvrpcs process. The issue results...

DedeCMS v7.5 SP2 - Multiple Persistent Web Vulnerabilities

Document Title: =============== DedeCMS v7.5 SP2 - Multiple Persistent Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2195 Release Date: ============= 2020-04-08 Vulnerability Laboratory ID VL-ID: ===================================...

(0Day) Advantech WebAccess IOCTL 0x2711 BwPFile Arbitrary File Deletion Vulnerability

This vulnerability allows remote attackers to delete arbitrary files on affected installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IOCTL 0x2711, which can be used to invoke BwPFile.exe. The issue...

Design/Logic Flaw

An issue was discovered on Samsung mobile devices with KK4.4.x, L5.x, M6.x, and N7.x software. Arbitrary file read/write operations can occur in the locked state via a crafted MTP command. The Samsung ID is SVE-2017-10086 November 2017...

CVE-2017-18648

An issue was discovered on Samsung mobile devices with KK4.4.x, L5.x, M6.x, and N7.x software. Arbitrary file read/write operations can occur in the locked state via a crafted MTP command. The Samsung ID is SVE-2017-10086 November 2017...

Schneider Electric IGSS IGSSupdateservice Improper Access Control Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric IGSS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

Schneider Electric IGSS IGSSupdateservice Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric IGSS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IGSSupdateservice service, which listens on TCP port 12414 by defaul...

B&R Automation Studio

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: B&R Automation Equipment: Automation Studio Vulnerabilities: Improper Privilege Management, Missing Required Cryptographic Step, Path Traversal 2. RISK EVALUATION Successful exploitation of these...

IBM Spectrum Protect Plus uploadHttpsCertificate Directory Traversal File Creation Vulnerability

This vulnerability allows remote attackers to create arbitrary files on affected installations of IBM Spectrum Protect Plus. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Administrative...

IBM Spectrum Protect Plus cleanupUpdateImage Arbitrary Directory Deletion Vulnerability

This vulnerability allows remote attackers to delete arbitrary directories on affected installations of IBM Spectrum Protect Plus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Administrative Console Framework service. The issue results from the...

The vulnerability of the Work Folder Service in Windows operating systems allows a perpetrator to escalate their privileges.

The vulnerability of the Work Folder Service service in Windows operating systems is related to improper handling of file operations. Exploiting this vulnerability can allow an attacker to enhance their privileges through a specially created application...

CVE-2020-8865

This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the paramstemplate parameter, the process doe...

CVE-2020-8865

This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the paramstemplate parameter, the process doe...

CVE-2020-8865

This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the paramstemplate parameter, the process doe...

The vulnerability of the Connected User Experiences and Telemetry operating system services allows attackers to enhance their privileges.

The vulnerability of the Connected User Experiences and Telemetry operating system services is related to file operation processing errors. Exploiting this vulnerability can allow attackers to enhance their privileges through a specially created application...

Trend Micro Worry-Free Business Security Directory Traversal Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Trend Micro Worry-Free Business Security. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the TempFileName parameter provided to the...

CVE-2020-0897

An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0777, CVE-2020-0797, CVE-2020-0800, CVE-2020-0864, CVE-2020-0865,...

CVE-2020-0897

An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0777, CVE-2020-0797, CVE-2020-0800, CVE-2020-0864, CVE-2020-0865,...

CVE-2020-0868

An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka 'Windows Update Orchestrator Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0867...

CVE-2020-0865

An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0777, CVE-2020-0797, CVE-2020-0800, CVE-2020-0864, CVE-2020-0866,...