Delivering major enhancements in Windows Defender Application Control with the Windows 10 May 2019 Update

With the Windows 10 May 2019 Update we delivered several important features for Windows Defender Application Control WDAC, which was originally introduced to Windows as part of a scenario called Device Guard. WDAC works in conjunction with features like Windows Defender Application Guard, which...

UBUNTU-CVE-2019-5838

Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension...

DoorGets Sensitive Information Disclosure Vulnerability (CNVD-2019-13793)

DoorGets is a free and open source content management system. A sensitive information disclosure vulnerability exists in /fileman/php/download.php in doorGets 7.0. A remote, unauthenticated attacker can exploit this vulnerability to obtain sensitive information about the server...

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Cross-site scripting in the additional processing of Customize Item function CWE-79 - CVE-2019-5928 Cross-site scripting in the application "Memo" CWE-79 - CVE-2019-5929 Browse restriction bypass in th...

Design/Logic Flaw

Content Hub before version 0.0+15.04.20150331-0ubuntu1.0 DBUS API only requires a file path for a content item, it doesn't actually require the confined app have access to the file to create a transfer. This could allow a malicious application using the DBUS API to export file:///etc/passwd which...

CVE-2015-1327 Content-hub DBUS API doesn't prevent confined apps from passing paths to files without access

Content Hub before version 0.0+15.04.20150331-0ubuntu1.0 DBUS API only requires a file path for a content item, it doesn't actually require the confined app have access to the file to create a transfer. This could allow a malicious application using the DBUS API to export file:///etc/passwd which...

Directory Traversal

harp is vulnerable to directory traversal. The attack exists due to the ignorance of the harp server rules for the file path starting with underscore, allowing an unauthorized listing of the files in another folder of web root...

CVE-2018-13290

Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager SRM before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the filepath parameter...

CVE-2018-13290

Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager SRM before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the filepath parameter...

Information disclosure

Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager SRM before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the filepath parameter...

WordPress Plugin Loco Translate 2.2.1 - Local File Inclusion

Exploit Title: Wordpress Loco Translate Version 2.2.1 Plugin LFI Google Dork: N/A Date: 03 / 26 / 2019 Exploit Author: Ali S. Ahmad S4R1N Vendor Homepage: https://localise.biz/ Software Link: https://wordpress.org/plugins/loco-translate/ Version: Version 2.2.1 Tested on: Debian GNU/Linux 9 Docker...

Design/Logic Flaw

An Information Disclosure / Data Modification issue exists in article2pdfgetfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. A URL can be constructed which allows overriding the PDF file's path leading to any PDF whose path is known and which is readable to the web server can ...

CVE-2019-1010257

An Information Disclosure / Data Modification issue exists in article2pdfgetfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. A URL can be constructed which allows overriding the PDF file's path leading to any PDF whose path is known and which is readable to the web server can ...

CVE-2018-11789

When accessing the heron-ui webpage, people can modify the file paths outside of the current container to access any file on the host. Example woule be modifying the parameter path= to go to the directory you would like to view. i.e. ..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd...

Zip Slip Vulnerability

Apache Karaf is vulnerable to zip slip. The vulnerability exists because it does not validate the presence of .. in the file path before performing the extraction of files from the "repository/" and "resources/" entries in the zip file and directly writing the content to its repository and...

The vulnerability of the Ansible configuration management system lies in the lack of control over the path used to locate the configuration file ansible.cfg, which allows a attacker to execute arbitrary code.

The vulnerability of the Ansible configuration management system lies in the reading of the ansible.cfg file from the working directory. This file’s location can be altered, allowing the attacker to point it to a plugin or module that is under their control. Exploiting this vulnerability could...

WordPress Ultimate-Member 2.0.38 Cross Site Request Forgery / Shell Upload

Exploit Title : WordPress Ultimate-Member Plugins 2.0.38 CSRF Shell Upload Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 05/02/2019 Vendor Homepage : ultimatemember.com Software Download Link : downloads.wordpress.org/plugin/ultimate-member.2.0.38.zip Software...

Directory Traversal

mcstatic is vulnerable to directory traversal. The vulnerability is possible because it does not handle the file name parameter properly, allowing the attacker to read arbitrary files on the target server by appending ../ in the file path...

Stored Cross-Site Scripting Vulnerability in the Daimi CMS da***.me***.php File

DAMI CMS is a PC building station and cell phone building station integrated all-in-one system. A stored cross-site scripting vulnerability exists in the Daimi CMS da.me.php file. An attacker can insert malicious js code into the page to obtain user cookies and other information, leading to user...

WordPress pitajte-strucnjaka 4.9.6 Shell Upload

Exploit Title : WordPress pitajte-strucnjaka Plugins 4.9.6 Shell Upload Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 26/01/2019 Vendor Homepage : wordpress.org Software Information Link : bol.rs/pitajte-strucnjaka Software Version : 4.9.6 Tested On : Windows...