1173 matches found
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code. Details A Directory Traversal attack also known as path traversal aims to access files and...
Malicious Package
Overview aes44 is a malicious package. It leaks logins.json and key4.db Firefox logins and encryption data to a remote FTP server hosted on ftpupload.net. Remediation Avoid using all malicious instances of the aes44 package. Credit: Raul Onitza-Klugman from Snyk Research Team...
FreeBSD : krb5 -- Integer overflow vulnerabilities in PAC parsing (094e4a5b-6511-11ed-8c5e-206a8a720317)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 094e4a5b-6511-11ed-8c5e-206a8a720317 advisory. - The Kerberos libraries used by Samba provide a mechanism for authenticating a user or service by mean...
Samba buffer overflow vulnerabilities on 32-bit
Description The Kerberos libraries used by Samba provide a mechanism for authenticating a user or service by means of tickets that can contain Privilege Attribute Certificates PACs. Both the Heimdal and MIT Kerberos libraries, and so the embedded Heimdal shipped by Samba suffer from an integer...
AZL-11379 CVE-2022-43945 affecting package kernel for versions less than 5.15.82.1-1
The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call RPC into a single array of pages. A client can force the send...
CVE-2022-39364
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server prior to versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server prior to versions 22.2.10.5, 23.0.9, and 24.0.5 an attacker reading nextcloud.log may gain knowledge of...
CVE-2022-43749
Improper privilege management vulnerability in summary report management in Synology Presto File Server before 2.1.2-1601 allows remote authenticated users to bypass security constraint via unspecified vectors...
CVE-2022-43749
Improper privilege management vulnerability in summary report management in Synology Presto File Server before 2.1.2-1601 allows remote authenticated users to bypass security constraint via unspecified vectors...
CVE-2022-43748
Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in file operation management in Synology Presto File Server before 2.1.2-1601 allows remote attackers to write arbitrary files via unspecified vectors...
Path traversal
Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in file operation management in Synology Presto File Server before 2.1.2-1601 allows remote attackers to write arbitrary files via unspecified vectors...
Privilege escalation
Improper privilege management vulnerability in summary report management in Synology Presto File Server before 2.1.2-1601 allows remote authenticated users to bypass security constraint via unspecified vectors...
CVE-2022-43748
CVE-2022-43748 concerns Synology Presto File Server. The issue is an improper limitation of a pathname to a restricted directory (Path Traversal) in the file operation management component, allowing remote attackers to write arbitrary files via unspecified vectors on versions prior to 2.1.2-1601....
CVE-2022-43748
Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in file operation management in Synology Presto File Server before 2.1.2-1601 allows remote attackers to write arbitrary files via unspecified vectors...
CVE-2022-43749
Improper privilege management vulnerability in summary report management in Synology Presto File Server before 2.1.2-1601 allows remote authenticated users to bypass security constraint via unspecified vectors...
CVE-2022-43749
CVE-2022-43749 is an improper privilege management vulnerability in Synology Presto File Server’s summary report management, affecting versions prior to 2.1.2-1601. It allows remote authenticated users to bypass security constraints via unspecified vectors. Public sources in the connected documen...
CVE-2022-43749
Improper privilege management vulnerability in summary report management in Synology Presto File Server before 2.1.2-1601 allows remote authenticated users to bypass security constraint via unspecified vectors...
PT-2022-27021 · Synology · Synology Presto File Server
Name of the Vulnerable Software and Affected Versions: Synology Presto File Server versions prior to 2.1.2-1601 Description: The issue is related to improper privilege management in the summary report management of Synology Presto File Server. This allows remote authenticated users to bypass...
Synology Presto File Server 路径遍历漏洞
Synology Presto File Server is a high-speed file transfer suite from China-based Synology Inc. A path traversal vulnerability exists in Synology Presto File Server versions prior to 2.1.2-1601, which stems from improperly restricting pathnames of restricted directories in the File Operations...
Synology Presto File Server 安全漏洞
Synology Presto File Server is a high-speed file transfer suite from China-based Synology Inc. A security vulnerability exists in Synology Presto File Server versions prior to 2.1.2-1601, which stems from improper privilege management in Summary Report Management and allows remote authenticated...
You can’t stop me. MS Teams session hijacking and bypass
How cleartext session tokens are stored in an unsecured directory that can be stolen and used to impersonate a Teams user. TL;DR Microsoft Teams stores unencrypted session tokens and cached conversations in users’ roaming AppData, which can be used by an attacker to gain access to the victim’s...