8 matches found
CVE-2023-27133
TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILESX86%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remot...
Privilege escalation
TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILESX86%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remot...
CVE-2023-27133
The CVE-2023-27133 entry affects TSplus Remote Work 16.0.0.0, reporting weak permissions for .exe, .js, and .html files under %PROGRAMFILES(X86)%\TSplus-RemoteWork\Clients\www. These permissions could allow privilege escalation if a different local user modifies a file. Red Hat and PTSecurity sou...
CVE-2023-31068
TSplus Remote Access up to 16.0.2.14 has overly permissive ACLs: Full Control for Everyone on directories under %PROGRAMFILES(X86)%\TSplus\UserDesktop\themes. CVSSv3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (base 9.8). Root cause is insecure directory permissions; no remediation details are provide...
CVE-2023-31068
An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILESX86%\TSplus\UserDesktop\themes...
TSPlus 16.0.0.0 Insecure Permissions
Exploit Title: TSplus 16.0.0.0 - Remote Work Insecure Files and Folders Permissions Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://tsplus.net/ Version: Up to 16.0.0.0 Tested on: Windows CVE : CVE-2023-31068 With TSPlus Remote Work v...
TSplus 16.0.0.0 - Remote Work Insecure Files and Folders Vulnerability
Exploit Title: TSplus 16.0.0.0 - Remote Work Insecure Files and Folders Permissions Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://tsplus.net/ Version: Up to 16.0.0.0 Tested on: Windows CVE : CVE-2023-31068 With TSPlus Remote Work v. 16.0.0.0 you can crea...
TSplus 16.0.0.0 - Remote Work Insecure Files and Folders
Exploit Title: TSplus 16.0.0.0 - Remote Work Insecure Files and Folders Permissions Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://tsplus.net/ Version: Up to 16.0.0.0 Tested on: Windows CVE : CVE-2023-31068 With TSPlus Remote Work v...