Microsoft Windows Unquoted Service Path Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/exe' class MetasploitModule 'Windows Unquoted Service Path Privilege Escalation', 'Description' = %q This module exploits a logic flaw due to h...

Samsung Mobile Device Path Traversal Vulnerability

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. A path traversal vulnerability exists in Samsung mobile devices, which can be exploited by an attacker to modify the client-server data flow in order to insert a...

CVE-2017-18687

An issue was discovered on Samsung mobile devices with KK4.4, L5.0/5.1, M6.0, and N7.0 software. An attacker can obtain the full pathnames of sdcard files by reading the system protected log upon reception of a certain intent. The Samsung ID is SVE-2016-7183 January 2017...

CVE-2020-11594

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that causes a stack error to be shown providing the full file path...

Ansible path traversal vulnerability (CNVD-2020-20686)

Ansible is a computer system configuration manager from the American company Ansible. The product can be used to publish, manage and organize computer systems. A path traversal vulnerability exists in Ansible. The vulnerability stems from a failure of a networked system or product to properly...

CVE-2019-11044

A flaw was discovered in the link function in PHP. When compiled on Windows, it does not correctly handle paths containing NULL bytes. An attacker could abuse this flaw to bypass application checks on file paths...

CVE-2015-6589

Directory traversal vulnerability in Kaseya Virtual System Administrator VSA 7.0.0.0 before 7.0.0.33, 8..0.0.0 before 8.0.0.23, 9.0.0.0 before 9.0.0.19, and 9.1.0.0 before 9.1.0.9 allows remote authenticated users to write to and execute arbitrary files due to insufficient restrictions in file...

CVE-2019-11045

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access...

CVE-2019-1477

An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Windows Printer Service Elevation of Privilege Vulnerability'...

Privilege escalation

An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Windows Printer Service Elevation of Privilege Vulnerability'...

Windows Printer Service Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers. An authenticated attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. To exploit this...

Gemalto SafeNet Sentinel LDK License Manager Backlink Vulnerability

SafeNet Sentinel LDK License Manager is a license manager. A backlink vulnerability exists in Gemalto SafeNet Sentinel LDK License Manager. The vulnerability arises from a network system or product that does not properly filter the filenames of links or shortcuts that represent unintended...

Information Disclosure

symfony/symfony is vulnerable to information disclosure. The vulnerability exists as the file paths were not escaped before it is used in FileBinaryMimeTypeGuesser, allowing Mime-type to be guessed...

Iceweasel-firegpg Backlink Vulnerability

Iceweasel-firegpg is a content encryption package for the Iceweasel browser. A backlink vulnerability in Iceweasel-firegpg versions prior to 0.6, which stems from a network system or product that does not properly filter filenames of links or shortcuts that represent unintended resources, can be...

UBUNTU-CVE-2019-14866

In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have...

Definitive Dossier of Devilish Debug Details – Part Deux: A Didactic Deep Dive into Data Driven Deductions

In Part One of this blog series, Steve Miller outlined what PDB paths are, how they appear in malware, how we use them to detect malicious files, and how we sometimes use them to make associations about groups and actors. As Steve continued his research into PDB paths, we became interested in...

WP Server Log Viewer 1.0 - 'logfile' Persistent Cross-Site Scripting

Exploit Title: WP Server Log Viewer 1.0 - 'logfile' Persistent Cross-Site Scripting Date: 2019-09-10 Exploit Author: strider Software Link: https://github.com/anttiviljami/wp-server-log-viewer Version: 1.0 Tested on: Debian 10 Buster x64 / Kali Linux CVE : None...

Information Disclosure

librenms is vulnerable to information disclosure. The attack exists because it does not prevent the user from fingerprinting the exact code installed to get local file paths...

LibreNMS Information Disclosure Vulnerability

LibreNMS is a PHP/MYSQL/SNMP-based open source monitoring tool . An information disclosure vulnerability exists in LibreNMS 1.47 and earlier versions, which can be exploited by an attacker to identify the exact code version installed and obtain local file paths...

CVE-2019-10667

An issue was discovered in LibreNMS through 1.47. Information disclosure can occur: an attacker can fingerprint the exact code version installed and disclose local file paths...