270 matches found
Amazon WorkSpaces 参数注入漏洞
Amazon WorkSpaces, a fully managed persistent desktop virtualization service from Amazon, lets your users access the data, applications, and resources they need from any supported device, anytime, anywhere. In Amazon AWS WorkSpaces clients prior to version 3.1.9 on Windows, parameter injection in...
CVE-2021-0481
In onActivityResult of EditUserPhotoController.java, there is a possible access of unauthorized files due to an unexpected URI handler. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:...
CVE-2021-0481
In onActivityResult of EditUserPhotoController.java, there is a possible access of unauthorized files due to an unexpected URI handler. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:...
ASB-A-172939189
In onActivityResult of EditUserPhotoController.java, there is a possible access of unauthorized files due to an unexpected URI handler. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...
TeamViewer Unquoted URI Handler SMB Redirect
This module exploits an unquoted parameter call within the Teamviewer URI handler to create an SMB connection to an attacker controlled IP. TeamViewer use auxiliary/server/teamviewerurismbredirect msf auxiliaryteamviewerurismbredirect show actions ...actions... msf auxiliaryteamviewerurismbredire...
TeamViewer Flaw in Windows App Allows Password-Cracking
Popular remote-support software TeamViewer has patched a high-severity flaw in its desktop app for Windows. If exploited, the flaw could allow remote, unauthenticated attackers to execute code on users’ systems or crack their TeamViewer passwords. TeamViewer is a proprietary software application...
CVE-2020-14049
Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication request, and either relay the request or capture the hash for offline password cracking. NOTE: this...
CVE-2020-14049
Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication request, and either relay the request or capture the hash for offline password cracking. NOTE: this...
Cross site request forgery (csrf)
Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication request, and either relay the request or capture the hash for offline password cracking. NOTE: this...
CVE-2020-14049
Viber for Windows up to 13.2.0.39 is affected by an issue in its custom URI handler due to improper quoting, connected to an incomplete fix for CVE-2019-12569. A malicious site could launch Viber with arbitrary parameters, forcing a victim to initiate an NTLM authentication request, potentially r...
mIRC URI Handler Remote Code Execution (CVE-2019-6453)
A remote code execution vulnerability exists in mIRC. The vulnerability is due to improper sanitization of user-supplied data which may be passed to the application as an option. Successful exploitation could result in code execution on the target machine in the context of the application...
CVE-2019-14422
An issue was discovered in in TortoiseSVN 1.12.1. The Tsvncmd: URI handler allows a customised diff operation on Excel workbooks, which could be used to open remote workbooks without protection from macro security settings to execute arbitrary code. A tsvncmd:command:diff?path:file1?path2:file2 U...
Open redirect
An issue was discovered in in TortoiseSVN 1.12.1. The Tsvncmd: URI handler allows a customised diff operation on Excel workbooks, which could be used to open remote workbooks without protection from macro security settings to execute arbitrary code. A tsvncmd:command:diff?path:file1?path2:file2 U...
TortoiseSVN 1.12.1 - Remote Code Execution
Document Title: =============== TortoiseSVN v1.12.1 - Remote Code Execution Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2188 Product:...
TortoiseSVN v1.12.1 - Remote Code Execution Vulnerability
Document Title: =============== TortoiseSVN v1.12.1 - Remote Code Execution Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2188 Product:...
TortoiseSVN v1.12.1 - Remote Code Execution Vulnerability
Document Title: =============== TortoiseSVN v1.12.1 - Remote Code Execution Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2188 Product:...
CVE-2019-13475
In MobaXterm 11.1, the mobaxterm: URI handler has an argument injection vulnerability that allows remote attackers to execute arbitrary commands when the user visits a specially crafted URL. Based on the available command-line arguments of the software, one can simply inject -exec to execute...
CVE-2019-13475
In MobaXterm 11.1, the mobaxterm: URI handler has an argument injection vulnerability that allows remote attackers to execute arbitrary commands when the user visits a specially crafted URL. Based on the available command-line arguments of the software, one can simply inject -exec to execute...
Design/Logic Flaw
In MobaXterm 11.1, the mobaxterm: URI handler has an argument injection vulnerability that allows remote attackers to execute arbitrary commands when the user visits a specially crafted URL. Based on the available command-line arguments of the software, one can simply inject -exec to execute...
Mobatek MobaXterm v11.1 - Code Execution Vulnerability
Document Title: =============== Mobatek MobaXterm v11.1 - Code Execution Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2186 Video: https://www.youtube.com/watch?v=Oz0rCBuRKrY Refernces:...