UltraVNC Launcher 1.2.2.4 - 'Path' Denial of Service (PoC)

Exploit Title: UltraVNC Launcher 1.2.2.4 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-04-14 Vendor Homepage: https://www.uvnc.com/ Software Link: https://www.uvnc.com/downloads/ultravnc/126-download-ultravnc-1224.html Tested Version: 1.2.2.4 Tested on: Windows 7 x64...

CVE-2018-13288

Information exposure vulnerability in SYNO.FolderSharing.List in Synology File Station before 1.2.3-0252 and before 1.1.5-0125 allows remote attackers to obtain sensitive information via the 1 folderpath or 2 realpath parameter...

CVE-2018-13297

Information exposure vulnerability in SYNO.SynologyDrive.Files in Synology Drive before 1.1.2-10562 allows remote attackers to obtain sensitive system information via the dsmpath parameter...

CVE-2018-13297

Information exposure vulnerability in SYNO.SynologyDrive.Files in Synology Drive before 1.1.2-10562 allows remote attackers to obtain sensitive system information via the dsmpath parameter...

CVE-2018-13289

Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager SRM before 1.1.7-6941-2 allows remote attackers to obtain sensitive information via the 1 folderpath or 2 realpath parameter...

Information disclosure

Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager SRM before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the filepath parameter...

CVE-2018-13290

Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager SRM before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the filepath parameter...

CVE-2018-13288

Information exposure vulnerability in SYNO.FolderSharing.List in Synology File Station before 1.2.3-0252 and before 1.1.5-0125 allows remote attackers to obtain sensitive information via the 1 folderpath or 2 realpath parameter...

PT-2019-8962 · Synology · Synology Drive

Name of the Vulnerable Software and Affected Versions: Synology Drive versions prior to 1.1.2-10562 Description: The issue allows remote attackers to obtain sensitive system information. This is achieved via the dsm path parameter. Recommendations: For versions prior to 1.1.2-10562, update to...

CVE-2018-19934

SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting XSS in the Web management interface via URL path and HTTP POST parameter...

Path traversal

tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary image file jpg/jpeg/png via path traversal with the path parameter, through the saveimg action in ajaxcalls.php...

CVE-2019-7730

MyWebSQL 3.7 has a Cross-site request forgery CSRF vulnerability for deleting a database via the /?q=wrkfrm&type=databases URI...

GHSA-8P8G-F9VG-R7XR Directory Traversal vulnerability in Square Retrofit

Square Retrofit versions from including 2.0 to 2.5.0 excluding contain a Directory Traversal vulnerability in RequestBuilder class, method addPathParameter. By manipulating the URL an attacker could add or delete resources otherwise unavailable to her. This attack appears to be exploitable via an...

Directory traversal

Square Retrofit version versions from including 2.0 and 2.5.0 excluding contains a Directory Traversal vulnerability in RequestBuilder class, method addPathParameter that can result in By manipulating the URL an attacker could add or delete resources otherwise unavailable to her.. This attack...

ASUSTOR ADM path traversal vulnerability (CNVD-2018-25039)

ASUSTOR ADM is an operating system from ASUSTOR dedicated to ASUSTOR NAS storage devices. A directory traversal vulnerability exists in the upload.cgi file in ASUSTOR ADM version 3.1.1. An attacker can exploit this vulnerability by modifying the 'path' URL parameter to upload a file to an arbitra...

TerraMaster TOS Directory Traversal Vulnerability

TerraMaster TOS is a set of Linux-based storage server operating system developed by Terra Master. The system supports file sharing, cloud data synchronization, data backup and virtualization, etc. The explorer application is one of the file browsing applications. A directory traversal...

CVE-2018-13332

Directory Traversal in the explorer application in TerraMaster TOS version 3.1.03 allows attackers to upload files to arbitrary locations via the "path" URL parameter...

CVE-2018-13332

Directory Traversal in the explorer application in TerraMaster TOS version 3.1.03 allows attackers to upload files to arbitrary locations via the "path" URL parameter...

CVE-2018-13322

Directory traversal in listfolders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory contents via the "path" parameter...

CVE-2018-13322

Directory traversal in listfolders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory contents via the "path" parameter...