Privilege escalation

Microsoft File Server Shadow Copy Agent Service RVSS Elevation of Privilege Vulnerability...

CVE-2022-30154

CVE-2022-30154 is an Elevation of Privilege vulnerability in the Microsoft File Server Shadow Copy Agent Service (RVSS). The issue is addressed by Windows updates released on June 14, 2022 (e.g., KB5014702/KB5014738/KB5014678, security updates and hotpatch variants). The vulnerability’s remediati...

CVE-2022-30154 Microsoft File Server Shadow Copy Agent Service (RVSS) Elevation of Privilege Vulnerability

...

Microsoft File Server Shadow Copy Agent Service (RVSS) Elevation of Privilege Vulnerability

...

Xfce 安全特征问题漏洞

Xfce is a desktop environment for Unix and Unix-like operating systems such as Linux and FreeBSD by Olivier Fourdan, a personal developer. A security vulnerability exists in Xfce version 4.16, which originates from xdg-open that can be exploited to execute a .desktop file on an FTP server under t...

CVE-2021-40668

The Android application HTTP File Server Version 1.4.1 by 'slowscript' is affected by a path traversal vulnerability that permits arbitrary directory listing, file read, and file write...

CVE-2021-40668

The Android application HTTP File Server Version 1.4.1 by 'slowscript' is affected by a path traversal vulnerability that permits arbitrary directory listing, file read, and file write...

Path traversal

The Android application HTTP File Server Version 1.4.1 by 'slowscript' is affected by a path traversal vulnerability that permits arbitrary directory listing, file read, and file write...

CVE-2021-40668

The Android application HTTP File Server Version 1.4.1 by 'slowscript' is affected by a path traversal vulnerability that permits arbitrary directory listing, file read, and file write...

CVE-2021-40668

The CVE-2021-40668 entry concerns the Android application HTTP File Server (Version 1.4.1) by slowscript. Multiple connected sources confirm a path traversal vulnerability that permits arbitrary directory listing, file read, and file write. The NVD entry lists impact including partial confidentia...

HTTP File Server 路径遍历漏洞

HTTP File Server is a simple tool that allows you to access your phone's files from your desktop, tablet or other device without any special software - just a web browser. A security vulnerability exists in HTTP File Server for Android version 1.4.1, which stems from a path traversal issue. An...

Input validation

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.7 and 23.0.4, missing input-size validation of new session names allows users to create app passwords with long names. These long names are then loaded into memory on usage,...

Ivanti Avalanche Web File Server Service Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Web File Server service...

PT-2022-23718 · Ivanti · Ivanti Avalanche

Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche version 6.3.2.3490 Description: This issue allows remote attackers to execute arbitrary code on affected installations. Although authentication is required to exploit this issue, the existing authentication mechanism can be...

Code injection

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.6 and 23.0.3, a user can create a link that is not password protected even if the administrator requires links to be password protected. Versions 22.2.6 and 23.0.3 contain a pat...

GHSA-3V63-F83X-37X4 Improper Limitation of a Pathname to a Restricted Directory in Apache ActiveMQ

Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors...

Design/Logic Flaw

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing \n, \r, \t, and \v characters. The server rejects files and folders...

Code injection

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 21.0.8, 22.2.4, and 23.0.1, it is possible to trick administrators into enabling "recommended" apps for the Nextcloud server that they do not need, thus expanding their attack surfac...

CVE-2022-24888

Nextcloud Server vulnerability CVE-2022-24888 affects the file server component: prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files or folders whose names include leading or trailing control characters (\n, \r, \t, \v). The issue arises because the server filt...

CVE-2022-24888 Possible Injection in Nextcloud Server

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing \n, \r, \t, and \v characters. The server rejects files and folders...