Lucene search
K

779 matches found

Prion
Prion
added 2019/12/10 10:15 p.m.13 views

Privilege escalation

An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Windows Printer Service Elevation of Privilege Vulnerability'...

7.2CVSS7.9AI score0.01004EPSS
Exploits0References1Affected Software1
Microsoft CVE
Microsoft CVE
added 2019/12/10 8:0 a.m.30 views

Windows Printer Service Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers. An authenticated attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. To exploit this...

7.8CVSS5.9AI score0.01004EPSS
Exploits0
CNVD
CNVD
added 2019/12/09 12:0 a.m.4 views

Gemalto SafeNet Sentinel LDK License Manager Backlink Vulnerability

SafeNet Sentinel LDK License Manager is a license manager. A backlink vulnerability exists in Gemalto SafeNet Sentinel LDK License Manager. The vulnerability arises from a network system or product that does not properly filter the filenames of links or shortcuts that represent unintended...

7.8CVSS6.8AI score0.00423EPSS
Exploits0References1
Veracode
Veracode
added 2019/11/18 3:30 a.m.26 views

Information Disclosure

symfony/symfony is vulnerable to information disclosure. The vulnerability exists as the file paths were not escaped before it is used in FileBinaryMimeTypeGuesser, allowing Mime-type to be guessed...

7.5CVSS1.8AI score0.02248EPSS
Exploits0References12Affected Software1
CNVD
CNVD
added 2019/11/18 12:0 a.m.2 views

Iceweasel-firegpg Backlink Vulnerability

Iceweasel-firegpg is a content encryption package for the Iceweasel browser. A backlink vulnerability in Iceweasel-firegpg versions prior to 0.6, which stems from a network system or product that does not properly filter filenames of links or shortcuts that represent unintended resources, can be...

7.8CVSS6.8AI score0.00398EPSS
Exploits0References1
OSV
OSV
added 2019/11/02 12:0 a.m.1 views

UBUNTU-CVE-2019-14866

In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have...

7.3CVSS6.7AI score0.00686EPSS
Exploits1References5
FireEye
FireEye
added 2019/10/17 3:30 p.m.16 views

Definitive Dossier of Devilish Debug Details – Part Deux: A Didactic Deep Dive into Data Driven Deductions

In Part One of this blog series, Steve Miller outlined what PDB paths are, how they appear in malware, how we use them to detect malicious files, and how we sometimes use them to make associations about groups and actors. As Steve continued his research into PDB paths, we became interested in...

6.4AI score
Exploits0References11
Exploit DB
Exploit DB
added 2019/09/25 12:0 a.m.155 views

WP Server Log Viewer 1.0 - 'logfile' Persistent Cross-Site Scripting

Exploit Title: WP Server Log Viewer 1.0 - 'logfile' Persistent Cross-Site Scripting Date: 2019-09-10 Exploit Author: strider Software Link: https://github.com/anttiviljami/wp-server-log-viewer Version: 1.0 Tested on: Debian 10 Buster x64 / Kali Linux CVE : None...

7.4AI score
Exploits0
Veracode
Veracode
added 2019/09/10 7:1 a.m.17 views

Information Disclosure

librenms is vulnerable to information disclosure. The attack exists because it does not prevent the user from fingerprinting the exact code installed to get local file paths...

5.3CVSS1.7AI score0.01219EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2019/09/10 12:0 a.m.1 views

LibreNMS Information Disclosure Vulnerability

LibreNMS is a PHP/MYSQL/SNMP-based open source monitoring tool . An information disclosure vulnerability exists in LibreNMS 1.47 and earlier versions, which can be exploited by an attacker to identify the exact code version installed and obtain local file paths...

5.3CVSS6.3AI score0.01219EPSS
Exploits1References1
OSV
OSV
added 2019/09/09 1:15 p.m.10 views

CVE-2019-10667

An issue was discovered in LibreNMS through 1.47. Information disclosure can occur: an attacker can fingerprint the exact code version installed and disclose local file paths...

5.3CVSS6.7AI score
Exploits0References1
NVD
NVD
added 2019/09/09 1:15 p.m.17 views

CVE-2019-10667

An issue was discovered in LibreNMS through 1.47. Information disclosure can occur: an attacker can fingerprint the exact code version installed and disclose local file paths...

5.3CVSS5.2AI score0.01219EPSS
Exploits1References1
Prion
Prion
added 2019/09/09 1:15 p.m.12 views

Information disclosure

An issue was discovered in LibreNMS through 1.47. Information disclosure can occur: an attacker can fingerprint the exact code version installed and disclose local file paths...

5CVSS5.3AI score0.01219EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/09/09 12:59 p.m.19 views

CVE-2019-10667

An issue was discovered in LibreNMS through 1.47. Information disclosure can occur: an attacker can fingerprint the exact code version installed and disclose local file paths...

5.2AI score0.01219EPSS
Exploits1References1
OSV
OSV
added 2019/07/23 2:15 p.m.2 views

DEBIAN-CVE-2019-11730

A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and...

6.5CVSS8.4AI score0.20271EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2019/06/24 12:0 a.m.195 views

Microsoft Windows Font Cache Service - Insecure Sections Privilege Escalation

Windows: Windows Font Cache Service Insecure Sections EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The Windows Font Cache Service exposes section objects insecurely to low privileged...

7.4AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2019/06/21 12:0 a.m.2 views

The vulnerability of the COM object dfact.dll in the MasterSCADA software package allows a hacker to trigger an emergency termination of the program.

The vulnerability of the COM object dfact.dll in the image processing method of the SetImage classes BmpImager, GifImager, AviImager, JpgImager in the MasterSCADA software package arises due to the use of a insecure memory allocation function on the stack allocaprobe16. Exploiting this...

3.7CVSS5.5AI score
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2019/05/21 12:0 a.m.3 views

PT-2019-2636 · Jenkins · Jenkins Credentials Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Credentials Plugin versions 2.1.18 and earlier Description: The issue allows users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path and obtain the...

4.3CVSS4.8AI score0.00969EPSS
Exploits0References14
Veracode
Veracode
added 2019/05/20 12:55 a.m.27 views

Directory Traversal

pulp is vulnerable to directory traversal. A malicious user is able to write to arbitrary locations or overwrite published content on other iso feed repository caused by improper parsing of file paths...

6.8CVSS6.6AI score0.01067EPSS
Exploits0References469Affected Software242
BDU FSTEC
BDU FSTEC
added 2019/04/04 12:0 a.m.4 views

The vulnerability of VMware Workstation’s virtualization platform lies in its security flaws related to the handling of executable file paths, allowing attackers to escalate their privileges.

The vulnerability of VMware Workstation’s virtualization platform is related to deficiencies in security mechanisms for processing pathnames of executable files. Exploiting this vulnerability can allow attackers to gain increased privileges...

4.8CVSS7.6AI score0.00373EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder