54 matches found
Exploit for Path Traversal in Druva Insync_Client
CVE-2020-5752: Druva inSync Local Privilege Escalation A C-ba...
EUVD-2019-13608
Malware in sbrugna...
EUVD-2021-23263
Malware in sbrugna...
EUVD-2019-13607
Malware in sbrugna...
CVE-2021-36667
Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allows attackers to execute arbitrary commands via crafted payload to the local HTTP server due to un-sanitized call to the python os.system library...
CVE-2020-5752
Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges...
CVE-2019-4001
Improper input validation in Druva inSync Client 6.5.0 allows a local, authenticated attacker to execute arbitrary NodeJS code...
CVE-2019-3999
Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges...
CVE-2019-4000
Improper neutralization of directives in dynamically evaluated code in Druva inSync Mac OS Client 6.5.0 allows a local, authenticated attacker to execute arbitrary Python expressions with root privileges...
CVE-2021-36667
Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allows attackers to execute arbitrary commands via crafted payload to the local HTTP server due to un-sanitized call to the python os.system library...
CVE-2021-36667
Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allows attackers to execute arbitrary commands via crafted payload to the local HTTP server due to un-sanitized call to the python os.system library...
Command injection
Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allows attackers to execute arbitrary commands via crafted payload to the local HTTP server due to un-sanitized call to the python os.system library...
CVE-2021-36667
CVE-2021-36667 affects Druva inSync 6.9.0 for macOS. The vulnerability is a command injection via a crafted payload to the local HTTP server caused by an unsanitized call to Python’s os.system, enabling arbitrary commands executed with local privileges. The primary impact is execution of arbitrar...
CVE-2021-36667
Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allows attackers to execute arbitrary commands via crafted payload to the local HTTP server due to un-sanitized call to the python os.system library...
Druva inSync Windows Client 6.6.3 Privilege Escalation
Exploit Title: Druva inSync Windows Client 6.6.3 - Local Privilege Escalation PowerShell Date: 2020-12-03 Exploit Author: 1F98D Original Author: Matteo Malvica Vendor Homepage: druva.com Software Link: https://downloads.druva.com/downloads/inSync/Windows/6.6.3/inSync6.6.3r102156.msi Version: 6.6....
Druva inSync Windows Client 6.6.3 - Local Privilege Escalation (PowerShell)
Exploit Title: Druva inSync Windows Client 6.6.3 - Local Privilege Escalation PowerShell Date: 2020-12-03 Exploit Author: 1F98D Original Author: Matteo Malvica Vendor Homepage: druva.com Software Link: https://downloads.druva.com/downloads/inSync/Windows/6.6.3/inSync6.6.3r102156.msi Version: 6.6....
Druva inSync Client Security Vulnerability
Druva inSync Client is a lightweight application from Druva USA that supports managing data backups and allows collaboration with other users. A security vulnerability exists in the inSync Client installer, which stems from incorrect integrity checking and directory permissions, and which the...
Druva inSync Windows Client 6.6.3 - Local Privilege Escalation (PowerShell) Exploit
Exploit Title: Druva inSync Windows Client 6.6.3 - Local Privilege Escalation PowerShell Exploit Author: 1F98D Original Author: Matteo Malvica Vendor Homepage: druva.com Software Link: https://downloads.druva.com/downloads/inSync/Windows/6.6.3/inSync6.6.3r102156.msi Version: 6.6.3 Tested on:...
Druva inSync Client Installed (Windows)
Binary data druvainsyncclientwininstalled.nbin...
Druva inSync Windows Client < 6.6.4 Privilege Escalation
The Windows Druva inSync Client Service inSyncCPHwnet64.exe contains a path traversal vulnerability that can be exploited by a local, unauthenticated attacker to execute OS commands with SYSTEM privileges. When processing RPC type 5 requests over TCP port 6064, inSyncCPHwnet64.exe does not proper...