Command injection

The Rediffmail aka com.rediff.mail.and application 2.2.6 for Android has cleartext mail content in file storage, persisting after a logout...

CVE-2019-11836

The Rediffmail aka com.rediff.mail.and application 2.2.6 for Android has cleartext mail content in file storage, persisting after a logout...

CVE-2019-11836

The Rediffmail aka com.rediff.mail.and application 2.2.6 for Android has cleartext mail content in file storage, persisting after a logout...

CVE-2019-11836

The CVE-2019-11836 entry applies to the Rediffmail Android app (com.rediff.mail.and) version 2.2.6. Description: cleartext mail content is stored in device file storage and persists after logout, exposing potentially sensitive data. The connected documents confirm affected software and the root c...

CVE-2019-11836

The Rediffmail aka com.rediff.mail.and application 2.2.6 for Android has cleartext mail content in file storage, persisting after a logout...

PT-2019-18314 · Foxit · Foxit Reader

Name of the Vulnerable Software and Affected Versions: Foxit Reader version 9.3.10826 Description: This issue allows remote attackers to execute arbitrary code on vulnerable installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The fla...

CVE-2014-1428

A vulnerability in generatefilestoragekey of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2...

Design/Logic Flaw

A vulnerability in generatefilestoragekey of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2...

CVE-2014-1428

The CVE-2014-1428 entry concerns Ubuntu MAAS and the generate_filestorage_key function. Affected: MAAS versions prior to 1.9.2. Issue: vulnerability that allows an attacker to brute-force filenames due to flaws in key/identifier generation. Impact details are limited to the described statment; ex...

CVE-2019-6609

Platform dependent weakness. This issue only impacts iSeries platforms. On these platforms, in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator versions 14.0.0-14.1.0.1, 13.0.0-13.1.1.3, and 12.1.1 HF2-12.1.4, the secureKeyCapable...

Dissecting a NETWIRE Phishing Campaign's Usage of Process Hollowing

Introduction Malware authors attempt to evade detection by executing their payload without having to write the executable file on the disk. One of the most commonly seen techniques of this "fileless" execution is code injection. Rather than executing the malware directly, attackers inject the...

BEWARD N100 H.264 VGA IP Camera M2.1.6 - RTSP Stream Disclosure Vulnerability

Exploit for hardware platform in category web applications BEWARD N100 H.264 VGA IP Camera M2.1.6 Unauthenticated RTSP Stream Disclosure Vendor: Beward R&D Co., Ltd Product web page: https://www.beward.net Affected version: M2.1.6.04C014 Summary: The N100 compact color IP camera with support for ...

BEWARD N100 H.264 VGA IP Camera M2.1.6 Arbitrary File Disclosure

Summary The N100 compact color IP camera with support for a more efficient compression format is optimized for low-speed networks, thanks to which it transmits a real-time image over the network with minimal delays. The camera supports the switching of the broadcast modes, and in the event of a...

[SECURITY] [DLA 1636-1] aria2 security update

Package : aria2 Version : 1.18.8-1+deb8u1 CVE ID : CVE-2019-3500 Debian Bug : 918058 It was discovered that aria2 the lightweight command-line download utility can store passed user credentials in a log file when using the --log option. This might allow local users to obtain sensitive information...

CVE-2019-3500

aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file...

Secure file storage

This is a blog series that responds to common questions we receive from customers about deployment of Microsoft 365 security solutions. In this series, youll find context, answers, and guidance for deployment and driving adoption within your organization. Check out Collaborate Securely, the fifth...

Citrix Profile Management: VHDX-based Outlook cache and Outlook search index on a user basis.

Feature Description To address two Outlook-related performance issues in Profile Management, version 7.18 introduced a new user-based Outlook search index database, stored as a VHDX file. In addition, the Outlook cache .OST file can also be stored as a VHDX file. Note: Profile Management provides...

Microsoft Windows: Prevent the usage of OneDrive for file storage

This policy setting lets you prevent apps and features from working with files on OneDrive. If you enable this policy setting: - Users can SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

CVE-2015-9209

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD...

The vulnerability of the FileStorageService service in the automation software Track-It! allows a hacker to upload arbitrary files to the root directory of the web server and execute arbitrary code.

The vulnerability of the FileStorageService service in the automation software Track-It! is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to upload arbitrary files to the root directory of the web server and execute arbitrary code with privilege...