CVE-2019-18194

TotalAV 2020 4.14.31 has a quarantine flaw that allows privilege escalation. Exploitation uses an NTFS directory junction to restore a malicious DLL from quarantine into the system32 folder...

CVE-2019-18194

TotalAV 2020 4.14.31 is affected by CVE-2019-18194, a privilege-escalation vulnerability where exploitation uses an NTFS directory junction to restore a malicious DLL from quarantine into the system32 folder. The vulnerability is supported by multiple sources (Red Hat advisory, CNVD, CVE records,...

GHSA-769F-539V-F5JG PrestaShop gamification module ZIP archives were vulnerable from CVE-2017-9841

Impact We have identified that some gamification module ZIP archives have been built with phpunit dev dependencies. PHPUnit contains a php script that would allow, on a webserver, an attacker to perform a RCE. This vulnerability impacts - phpunit before 4.8.28 and 5.x before 5.6.3 as reported in...

BuddyPress < 5.1.1 - Denial of Service

A denied of service was fixed that could allow a logged in user to remove another user’s avatar and also any empty folder...

CVE-2019-16444

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a binary planting default folder privilege escalation vulnerability. Successful exploitation could lead t...

CVE-2019-18996

Path settings in HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier accept DLLs outside of the program directory, potentially allowing an attacker with access to the local file system the execution of code in the application’s context...

ABB PB610 HMIStudio accepts malicious DLL file in an application

Path settings in HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier accept DLLs outside of the program directory, potentially allowing an attacker with access to the local file system the execution of code in the application’s context...

CVE-2019-19731

Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A remote attacker can write uploaded files to arbitrary locations via the RENAMEFILE action. This can be leveraged for code execution by uploading a specially crafted Windows shortcut file and writing the file to the Startup folder...

CVE-2019-19731

Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A remote attacker can write uploaded files to arbitrary locations via the RENAMEFILE action. This can be leveraged for code execution by uploading a specially crafted Windows shortcut file and writing the file to the Startup folder...

Path traversal

Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A remote attacker can write uploaded files to arbitrary locations via the RENAMEFILE action. This can be leveraged for code execution by uploading a specially crafted Windows shortcut file and writing the file to the Startup folder...

CVE-2019-19731

Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A remote attacker can write uploaded files to arbitrary locations via the RENAMEFILE action. This can be leveraged for code execution by uploading a specially crafted Windows shortcut file and writing the file to the Startup folder...

DEBIAN-CVE-2019-19783

An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed 3.x or certain non-default sieve options are enabled 2.x, a user with a mail account on the service can use a sieve script containing a fileinto directive to...

UBUNTU-CVE-2019-19783

An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed 3.x or certain non-default sieve options are enabled 2.x, a user with a mail account on the service can use a sieve script containing a fileinto directive to...

CVE-2019-19783

An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed 3.x or certain non-default sieve options are enabled 2.x, a user with a mail account on the service can use a sieve script containing a fileinto directive to...

CVE-2019-19490

LiteManager 4.5.0 has weak permissions Everyone: Full Control in the "LiteManagerFree - Server" folder, as demonstrated by ROMFUSClient.exe...

CVE-2019-19490

LiteManager 4.5.0 has weak permissions Everyone: Full Control in the "LiteManagerFree - Server" folder, as demonstrated by ROMFUSClient.exe...

Design/Logic Flaw

LiteManager 4.5.0 has weak permissions Everyone: Full Control in the "LiteManagerFree - Server" folder, as demonstrated by ROMFUSClient.exe...

CVE-2019-19490

LiteManager 4.5.0 has weak permissions Everyone: Full Control in the "LiteManagerFree - Server" folder, as demonstrated by ROMFUSClient.exe...

XSS vulnerability in X5music V2.0 frontend user folder do.php

X5music Music Management System is a music management system and video management system compiled with php+mysql. X5music V2.0 has an XSS vulnerability in the front user folder do.php, which can be exploited by attackers to obtain cookie information...

Directory Traversal

iobroker.admin is vulnerable to directory traversal. The vulnerability exists as it allows reading of files that exists outside the public folder by adding %2e%2e/ in the requested file path...