Lucene search
K

5 matches found

0day.today
0day.today
added 2019/05/27 12:0 a.m.446 views

Typora 0.9.9.24.6 - Directory Traversal Vulnerability

Exploit Title: Code execution via path traversal Exploit Author: Dhiraj Mishra Vendor Homepage: http://typora.io Software Link: https://typora.io/download/Typora.dmg Version: 0.9.9.24.6 Tested on: macOS Mojave v10.14.4 CVE: CVE-2019-12137 References: https://nvd.nist.gov/vuln/detail/CVE-2019-1213...

7.8CVSS0.4AI score0.06451EPSS
Exploits5
exploitpack
exploitpack
added 2019/05/27 12:0 a.m.71 views

Typora 0.9.9.24.6 - Directory Traversal

Typora 0.9.9.24.6 - Directory Traversal Exploit Title: Code execution via path traversal Date: 17-05-2019 Exploit Author: Dhiraj Mishra Vendor Homepage: http://typora.io Software Link: https://typora.io/download/Typora.dmg Version: 0.9.9.24.6 Tested on: macOS Mojave v10.14.4 CVE: CVE-2019-12137...

6.8CVSS0.3AI score0.06451EPSS
Exploits5
Packet Storm
Packet Storm
added 2019/05/27 12:0 a.m.76 views

Typora 0.9.9.24.6 Directory Traversal

Exploit Title: Code execution via path traversal Date: 17-05-2019 Exploit Author: Dhiraj Mishra Vendor Homepage: http://typora.io Software Link: https://typora.io/download/Typora.dmg Version: 0.9.9.24.6 Tested on: macOS Mojave v10.14.4 CVE: CVE-2019-12137 References:...

6.8CVSS0.2AI score0.06451EPSS
Exploits5
Prion
Prion
added 2019/05/17 11:29 p.m.11 views

Code injection

Typora 0.9.9.21.1 1913 allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137...

6.8CVSS7.7AI score0.06451EPSS
Exploits6References1Affected Software1
CVE
CVE
added 2019/05/16 1:20 p.m.103 views

CVE-2019-12137

Typora 0.9.9.24.6 on macOS is affected by CVE-2019-12137 (directory traversal) that allows execution of arbitrary programs via crafted file:/// or ../ substrings in a shared note. Root cause is path traversal through URI handling, enabling local code execution. Publicly documented impact is arbit...

7.8CVSS7.4AI score0.06451EPSS
Exploits5References3Affected Software1
Rows per page
Query Builder