Lucene search
K

74 matches found

AlmaLinux
AlmaLinux
added 2020/12/17 7:20 a.m.23 views

Important: fapolicyd bug fix update

The fapolicyd software framework introduces a form of file access control based on a user-defined policy. The application file access control feature provides one of the most efficient ways to prevent running untrusted and possibly malicious applications on the system. Bug Fixes: When an update...

7.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2020/12/17 7:20 a.m.44 views

(RHSA-2020:5607) Important: fapolicyd bug fix update

The fapolicyd software framework introduces a form of file access control based on a user-defined policy. The application file access control feature provides one of the most efficient ways to prevent running untrusted and possibly malicious applications on the system. Bug Fixes: When an update...

7.2AI score
Exploits0
CVE
CVE
added 2020/07/28 3:17 p.m.219 views

CVE-2020-15900

CVE-2020-15900 affects Artifex Ghostscript 9.50 and 9.52. A memory corruption due to use of a non-standard PostScript operator can allow overriding of file access controls. The vulnerability also involves the calculation of the 'rsearch' for the 'post' size, which could overflow/underflow to max ...

9.8CVSS9.3AI score0.05186EPSS
Exploits0References9Affected Software1
RedhatCVE
RedhatCVE
added 2020/03/27 8:13 a.m.46 views

CVE-2020-10691

An archive traversal flaw was found in Ansible Engine when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system. Mitigation A possibl...

5.2CVSS2.9AI score0.00358EPSS
Exploits0References3
Hacker One
Hacker One
added 2019/09/19 4:29 p.m.46 views

Nextcloud: Only the file extensions are checked, not the MIME types as configured

The tool is not working as hoped. File access control speaks of MIME types that are blocked or not blocked. In fact, only the file extensions are checked. If a user renames an unauthorized file to an allowed file, he can upload and download it. The MIME type of the current file is insignificant,...

6CVSS0.7AI score0.0113EPSS
Exploits0
Packet Storm
Packet Storm
added 2019/04/20 12:0 a.m.353 views

OpenDocMan Document Management System 1.3.5 Database Disclosure

Exploit Title : OpenDocMan Document Management System 1.3.5 Database Disclosure Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 20/04/2019 Vendor Homepage : opendocman.com Software Download Link : opendocman.com/free-download/...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/04/12 12:0 a.m.161 views

CyberArk EPM 10.2.1.603 - Security Restrictions #Bypass Exploit

Exploit for windows platform in category local exploits Exploit Title: CyberArk Endpoint bypass Exploit Author: Alpcan Onaran Vendor Homepage: https://www.cyberark.com Software Link: - Version: 10.2.1.603 Tested on: Windows 10 CVE : CVE-2018-14894 //If user needs admin privileges, CyberArk gives...

4.6CVSS7.6AI score0.01927EPSS
Exploits5
Zero Day Initiative
Zero Day Initiative
added 2019/03/07 12:0 a.m.9 views

(0Day) Advantech WebAccess Node Product Installation File Access Control Modification Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Advantech WebAccess Node. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the acces...

7.8CVSS4.5AI score
Exploits0
Prion
Prion
added 2018/07/13 2:29 p.m.18 views

Improper access control

mstdlib aka the M Standard Library for C 1.2.0 has incorrect file access control in situations where Mfspermscanaccess attempts to delete an existing file that lacks public read/write access during a copy operation, related to fs/mfs.c and fs/mfspath.c. An attacker could create the file and then...

7.5CVSS9.2AI score0.01653EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2018/07/13 2:29 p.m.13 views

CVE-2018-14043

mstdlib aka the M Standard Library for C 1.2.0 has incorrect file access control in situations where Mfspermscanaccess attempts to delete an existing file that lacks public read/write access during a copy operation, related to fs/mfs.c and fs/mfspath.c. An attacker could create the file and then...

9.8CVSS6.8AI score0.01653EPSS
Exploits0References2
NVD
NVD
added 2018/07/13 2:29 p.m.14 views

CVE-2018-14043

mstdlib aka the M Standard Library for C 1.2.0 has incorrect file access control in situations where Mfspermscanaccess attempts to delete an existing file that lacks public read/write access during a copy operation, related to fs/mfs.c and fs/mfspath.c. An attacker could create the file and then...

9.8CVSS9.4AI score0.01653EPSS
Exploits0References2
CVE
CVE
added 2018/07/13 2:0 p.m.46 views

CVE-2018-14043

CVE-2018-14043 affects mstdlib (M Standard Library for C) 1.2.0. The issue arises when M_fs_perms_can_access attempts to delete an existing file that lacks public read/write access during a copy operation, related to fs/m_fs.c and fs/m_fs_path.c. An attacker could create the file and then gain ac...

9.8CVSS9.3AI score0.01653EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/07/13 2:0 p.m.18 views

CVE-2018-14043

mstdlib aka the M Standard Library for C 1.2.0 has incorrect file access control in situations where Mfspermscanaccess attempts to delete an existing file that lacks public read/write access during a copy operation, related to fs/mfs.c and fs/mfspath.c. An attacker could create the file and then...

9.4AI score0.01653EPSS
Exploits0References2
Nextcloud
Nextcloud
added 2018/06/21 12:0 a.m.29 views

File access control rules not applied to image previews (NC-SA-2018-002)

A missing check for read permissions allowed users that received an incomming share containing files tagged so they should be denied access to still request a preview for those files...

4CVSS4.5AI score0.00888EPSS
Exploits0Affected Software1
Hacker One
Hacker One
added 2018/05/28 3:24 p.m.55 views

Nextcloud: File access control rules not enforced on image files

Installed Nextcloud from Snap package version 13.0.2snap1, revision 6916 on fresh Ubuntu 18.04 LTS install. 2. Installed and enabled Files access control v1.3.0 and Files automated tagging v1.3.0 apps. 3. As an administrator created an invisible collaborative tag Secret. 4. Added Files automated...

4CVSS1.2AI score0.00888EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2018/05/18 12:0 a.m.34 views

Advantech WebAccess Node Product Installation File Access Control Modification Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privilege on vulnerable installations of Advantech WebAccess Node. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the access...

7.2CVSS5AI score0.00362EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/04/23 9:0 p.m.21 views

CVE-2018-6491 MFSBGN03803 rev.1 - UCMDB, Installation File Access Control Privilege Escalation Vulnerability

Local Escalation of Privilege vulnerability to Micro Focus Universal CMDB, versions 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.00. The vulnerability could be remotely exploited to Local Escalation of Privilege...

8.1CVSS9.4AI score0.01013EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2018/04/12 12:0 a.m.25 views

Hewlett Packard Enterprise Universal CMDB Product Installation File Access Control Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privilege on vulnerable installations of Hewlett Packard Enterprise Universal CMDB. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

7.2CVSS4.3AI score0.01013EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2017/08/30 12:0 a.m.34 views

Advantech WebAccess Product Installation File Access Control Modification Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privilege on vulnerable installations of Advantech WebAccess. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the access...

7.2CVSS5AI score0.0035EPSS
Exploits0References1
CVE
CVE
added 2017/07/13 3:0 p.m.49 views

CVE-2017-1308

Summary of CVE-2017-1308 : IBM Daeja ViewONE products (Standard, Professional & Virtual) are affected. The vulnerability involves improper access controls that could allow an authenticated attacker to download files they should not access. Affected versions include IBM Daeja ViewONE Standard, Pro...

6.5CVSS6.1AI score0.01537EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder