56 matches found
EUVD-2023-36446
Malicious code in bioql PyPI...
EUVD-2022-28085
Malicious code in bioql PyPI...
EUVD-2024-28298
Malicious code in bioql PyPI...
EUVD-2023-49466
Malicious code in bioql PyPI...
EUVD-2022-6934
Malicious code in bioql PyPI...
EUVD-2023-32491
Malicious code in bioql PyPI...
EUVD-2022-41268
Malicious code in bioql PyPI...
tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter
Summary [email protected] is vulnerable to an Arbitrary temporary file / directory write via symbolic link dir parameter. Details According to the documentation there are some conditions that must be held: // https://github.com/raszi/node-tmp/blob/v0.2.3/README.md?plain=1L41-L50 Other breaking changes,...
Exploit for Incorrect Permission Assignment for Critical Resource in Facebook Below
CVE-2025-27591 description Basically below tool allow f...
Avast Cleanup Premium TuneupSvc Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast...
GHSA-WJ44-9VCG-WJQ7 Gogs allows deletion of internal files which leads to remote command execution
Summary Due to the insufficient patch for the CVE-2024-39931, it's still possible to delete files under the .git directory and achieve remote command execution. Details In the patch for CVE-2024-39931, the following check is added:...
CVE-2024-53921
An issue was discovered in the installer in Samsung Magician 8.1.0 on Windows. An attacker can create arbitrary folders in the system permission directory via a symbolic link during the installation process...
CVE-2023-28869
Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers read the contents of arbitrary files on the operating system by creating a symbolic link...
CVE-2022-32450
AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user can write to their own %APPDATA% folder used for ad.trace and chat but the product runs as SYSTEM when writing chat-room data there...
CVE-2020-8950
The AUEPLauncher service in Radeon AMD User Experience Program Launcher through 1.0.0.1 on Windows allows elevation of privilege by placing a crafted file in %PROGRAMDATA%\AMD\PPC\upload and then creating a symbolic link in %PROGRAMDATA%\AMD\PPC\temp that points to an arbitrary folder with an...
CVE-2019-8656
This was addressed with additional checks by Gatekeeper on files mounted through a network share. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. Extracting a zip file containing a symbolic link to an endpoint in an NFS mount tha...
CVE-2025-31334
Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic link specially crafted by an attacker is opened on the affected product, arbitrary code may be execut...
CVE-2020-26312
Dotmesh is a git-like command-line interface for capturing, organizing and sharing application states. In versions 0.8.1 and prior, the unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target folder...
Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Technical...
CVE-2024-47515 Pagure: generate_archive() follows symbolic links in temporary clones
A vulnerability was found in Pagure. Support of symbolic links during repository archiving of repositories allows the disclosure of local files. This flaw allows a malicious user to take advantage of the Pagure instance...