Microsoft Windows UAC Privilege Escalation

Hi @ll, Microsoft still ships Windows with and lets it create user-writable directories below the "Windows" directory %SystemRoot%\ -- despite that, with exception of %SystemRoot%\Temp, they are all used to store DATA and SHOULD have been placed below %ProgramData% alias %SystemDrive%\ProgramData...

UBUNTU-CVE-2020-36326

PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in...

Directory Traversal

unrar is vulnerable to directory traversal. The vulnerability exists through RAR v2 archives as parsing of pathnames of the form ../filename are unpacked into the upper directory...

NewStart CGSL CORE 5.04 / MAIN 5.04 : samba Multiple Vulnerabilities (NS-SA-2020-0072)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has samba packages installed that are affected by multiple vulnerabilities: - A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set i...

PT-2020-17212 · Awstats +3 · Awstats +3

Name of the Vulnerable Software and Affected Versions: AWStats versions prior to 7.8 Description: The issue allows an absolute pathname to be accepted by the cgi-bin/awstats.pl endpoint, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. This is due to an...

Insecure Validation

neomutt does not perform secure validation. The newsrc.c does not properly restrict '/ characters, which could result in unsafe interaction with cache pathnames...

Ivanti Endpoint Manager Unauthorized Access Vulnerability

Ivanti Endpoint Manager EPM is a suite of endpoint security managers from Ivanti, USA. An unauthorized access vulnerability exists in Ivanti Endpoint Manager version 2020.1.1 and prior versions, which originates in /ldclient/ldprov.cgi, and can be exploited by an attacker to disclose information...

CVE-2020-13772

In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no authentication required...

CVE-2020-13772

In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no authentication required...

Authentication flaw

In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no authentication required...

CVE-2020-13772

In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no authentication required...

CyberArk Software CyberArk Privileged Session Manager Code Issue Vulnerability

CyberArk Software CyberArk Privileged Session Manager PSM is a software application for privileged session management from CyberArk Software, Israel. The software is a centralized portal that protects privileged users and accounts from accessing target systems, and it is a single solution for...

CVE-2020-25374

CyberArk Privileged Session Manager PSM 10.9.0.15 allows attackers to discover internal pathnames by reading an error popup message after two hours of idle time...

CVE-2020-25374

CyberArk Privileged Session Manager PSM 10.9.0.15 allows attackers to discover internal pathnames by reading an error popup message after two hours of idle time...

CVE-2020-25374

CyberArk Privileged Session Manager PSM 10.9.0.15 allows attackers to discover internal pathnames by reading an error popup message after two hours of idle time...

unoconv: mishandling of pathname leads to SSRF and local file inclusion

The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion...

Debian DLA-2307-1 : ruby-zip security update

rubyzip gem version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via if a site allows uploading of .zip files, an attacker can upload a malicious file that...

Medium: samba

Issue Overview: A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker...

CVE-2019-9944

In Open Microscopy Environment OMERO.server 5.0.0 through 5.6.0, the reading of files from imported image filesets may circumvent OMERO permissions restrictions. This occurs because the Bio-Formats feature allows an image file to have embedded pathnames...

CVE-2019-9944

In Open Microscopy Environment OMERO.server 5.0.0 through 5.6.0, the reading of files from imported image filesets may circumvent OMERO permissions restrictions. This occurs because the Bio-Formats feature allows an image file to have embedded pathnames...