779 matches found
GLSA-202006-14 : PEAR Archive_Tar: Remote code execution vulnerability
The remote host is affected by the vulnerability described in GLSA-202006-14 PEAR ArchiveTar: Remote code execution vulnerability An issue was discovered in the PEAR module ArchiveTars handling of file paths within Tar achives. Impact : A local or remote attacker could possibly execute arbitrary...
Windows Shell Remote Code Execution Vulnerability
A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user. If the current user is logged on as an administrator, an attacker could...
June 2, 2020, update for Office 2016 (KB4484335)
June 2, 2020, update for Office 2016 KB4484335 This article describes update 4484335 for Microsoft Office 2016 that was released on June 2, 2020.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply to Offi...
ownCloud: File System Monitoring Queue Overflow
in the source code "owncloud/client" in the file "src/gui/folderwatcherlinux.cpp" in the function "void FolderWatcherPrivate :: inotifyRegisterPath const QString & path" by calling "inotifyaddwatch" the file paths are set for monitoring cpp int wd = inotifyaddwatchfd, path.toUtf8.constData,...
CVE-2020-1081
An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Windows Printer Service Elevation of Privilege Vulnerability'...
Privilege escalation
An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Windows Printer Service Elevation of Privilege Vulnerability'...
CVE-2020-1081
An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Windows Printer Service Elevation of Privilege Vulnerability'...
GOG GalaxyClientService Privilege Escalation
This module will send arbitrary filepaths to the GOG GalaxyClientService, which will be executed with SYSTEM privileges verified on GOG Galaxy Client v1.2.62 and v2.0.12; prior versions are also likely affected. This module requires Metasploit: https://metasploit.com/download Current source:...
Windows Printer Service Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers. An authenticated attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. To exploit this...
CVE-2020-11883
In Divante vue-storefront-api through 1.11.1 and storefront-api through 1.0-rc.1, as used in VueStorefront PWA, unexpected HTTP requests lead to an exception that discloses the error stack trace, with absolute file paths and Node.js module names...
CVE-2020-11883
In Divante vue-storefront-api through 1.11.1 and storefront-api through 1.0-rc.1, as used in VueStorefront PWA, unexpected HTTP requests lead to an exception that discloses the error stack trace, with absolute file paths and Node.js module names...
Microsoft Windows Unquoted Service Path Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/exe' class MetasploitModule 'Windows Unquoted Service Path Privilege Escalation', 'Description' = %q This module exploits a logic flaw due to h...
Samsung Mobile Device Path Traversal Vulnerability
Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. A path traversal vulnerability exists in Samsung mobile devices, which can be exploited by an attacker to modify the client-server data flow in order to insert a...
CVE-2017-18687
An issue was discovered on Samsung mobile devices with KK4.4, L5.0/5.1, M6.0, and N7.0 software. An attacker can obtain the full pathnames of sdcard files by reading the system protected log upon reception of a certain intent. The Samsung ID is SVE-2016-7183 January 2017...
CVE-2020-11594
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that causes a stack error to be shown providing the full file path...
Ansible path traversal vulnerability (CNVD-2020-20686)
Ansible is a computer system configuration manager from the American company Ansible. The product can be used to publish, manage and organize computer systems. A path traversal vulnerability exists in Ansible. The vulnerability stems from a failure of a networked system or product to properly...
CVE-2019-11044
A flaw was discovered in the link function in PHP. When compiled on Windows, it does not correctly handle paths containing NULL bytes. An attacker could abuse this flaw to bypass application checks on file paths...
CVE-2015-6589
Directory traversal vulnerability in Kaseya Virtual System Administrator VSA 7.0.0.0 before 7.0.0.33, 8..0.0.0 before 8.0.0.23, 9.0.0.0 before 9.0.0.19, and 9.1.0.0 before 9.1.0.9 allows remote authenticated users to write to and execute arbitrary files due to insufficient restrictions in file...
CVE-2019-11045
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access...
CVE-2019-1477
An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Windows Printer Service Elevation of Privilege Vulnerability'...