74 matches found
Files.com: File access controls incorrectly enforced for files shared via QuickLink - Unshared files can be accessed
Enter the support PIN from your test site if applicable: 305056 Enter the name of your test site if applicable: pwn.brickftp.com Enter the subdomain from your test site if applicable: pwn.brickftp.com Summary This is a bug in the file sharing feature QuickLink. The file access control is flawed...
U.S. Dept Of Defense: Bypass file access control vulnerability on a DoD website
A DoD website was configured in a manner that allowed a remote user to bypass a file access control. This vulnerability could have allowed the user to view potentially sensitive system files. @generaleg able to demonstrate this vulnerability by crafting a specially formatted URL. Thanks @generale...
Advantech WebAccess Multiple Vulnerabilities (Jan 2016)
Advantech WebAccess is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
The vulnerability of the Ubuntu operating system, which allows a hacker to increase their privileges
The vulnerability of the systemd daemon in the Ubuntu operating system is related to deficiencies in access control for files. Exploiting this vulnerability can allow a malicious actor, operating locally, to increase their privileges...
The vulnerability of the GNOME Display Manager’s graphical interface on the Fedora operating system allows a hacker to bypass the screen lock mechanism.
The vulnerability of the GNOME Display Manager’s graphical interface on the Fedora operating system is related to deficiencies in access control for files. Exploiting this vulnerability could allow a malicious individual to bypass the screen lock by pressing the Escape key...
The vulnerability of the Android operating system, which allows a hacker to increase their privileges
The vulnerability of the libmedia library in the Android operating system is related to deficiencies in access control for files. Exploiting this vulnerability allows a malicious actor to enhance their privileges through a specially created application...
The vulnerability of the NX-OS network operating system allows a hacker to execute arbitrary operating system commands.
The vulnerability of the NX-OS network operating system is related to deficiencies in access control for files. Exploiting this vulnerability allows a malicious actor, operating locally, to execute arbitrary commands on the operating system by sending specific parameters...
The vulnerability of the SAP Afaria mobile device management program allows a hacker to gain access to protected information or enhance their privileges.
The vulnerability of the SAP Afaria mobile device management program is related to deficiencies in access control for files. Exploiting this vulnerability can allow a malicious actor to gain access to protected information or enhance their privileges...
The vulnerability of the video conversion program, the Cisco TelePresence IP VCR Converter, allows a perpetrator to execute arbitrary code with privileges of the root user.
The vulnerability of the video conversion web framework of the Cisco TelePresence IP VCR Converter is related to deficiencies in access control for files. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary code with privileges of the root user...
CVE-2005-1908
Perception LiteWeb allows remote attackers to bypass access controls for files via an extra leading / slash or leading \ backslash in the URL...
CVE-2003-1297
Easy File Sharing EFS Web Server 1.2 stores the 1 option.ini aka options.ini file and 2 log directory under the web root with insufficient access control, which allows remote attackers to obtain sensitive information including an SMTP account username and password hash, the server configuration,...
CVE-2002-1886
TightAuction 3.0 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain the database username and password...
iPlanet Remote File Viewing
Sun iPlanet Web Server Remote File Viewing Vulnerability Vendor: Sun Microsystems Product: iPlanet Web Server 6.0 SP2 iPlanet Web Server 4.1 SP9 Netscape Enterprise Server 3.6 Platforms: Windows 2000 Windows NT Other platforms not tested Category: Information Leak Author: [email protected]...
WFTPD v3.00 R5 Directory Traversal
I already posted another way, but this one might work in different situations and is not limited to win9x/ME WFTPD v3.00 R5 Directory Traversal AFFECTED SYSTEMS WFTPD v3.00 R5 DESCRIPTION Let's quote the manual on how the .lnk feature is supposed to work : "File Security Note that since version...