CVE-2018-20090

An issue was discovered in Cloudera Data Science Workbench CDSW 1.4.0 through 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder...

CVE-2018-20090

An issue was discovered in Cloudera Data Science Workbench CDSW 1.4.0 through 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder...

CVE-2011-3355

evolution-data-server3 3.0.3 through 3.2.1 used insecure non-SSL connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim...

CVE-2011-3355

evolution-data-server3 3.0.3 through 3.2.1 used insecure non-SSL connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim...

PT-2019-4454 · Jenkins · Jenkins Jira Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins JIRA Plugin versions 3.0.10 and earlier Description: The issue is related to the incorrect declaration of the scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope. This can lead to...

Directory Traversal

rack-cors is vulnerable to directory traversal. The vulnerability exists as it does not escape nor resolve the path before evaluating the resource rules, allowing access to files outside the /public folder...

Nextcloud 17 - Cross-Site Request Forgery Vulnerability

Exploit for php platform in category web applications Exploit Title: Nextcloud 17 - Cross-Site Request Forgery Exploit Author: Ozer Goker Vendor Homepage: https://nextcloud.com Software Link: https://nextcloud.com/install/instructions-server Version: 17 CVE: N/A Nextcloud offers the...

Nextcloud 17 - Cross-Site Request Forgery

Nextcloud 17 - Cross-Site Request Forgery Exploit Title: Nextcloud 17 - Cross-Site Request Forgery Date: 08.11.2019 Exploit Author: Ozer Goker Vendor Homepage: https://nextcloud.com Software Link: https://nextcloud.com/install/instructions-server Version: 17 CVE: N/A Nextcloud offers the...

Nextcloud 17 - Cross-Site Request Forgery

Exploit Title: Nextcloud 17 - Cross-Site Request Forgery Date: 08.11.2019 Exploit Author: Ozer Goker Vendor Homepage: https://nextcloud.com Software Link: https://nextcloud.com/install/instructions-server Version: 17 CVE: N/A Nextcloud offers the industry-leading, on-premises content collaboratio...

Design/Logic Flaw

Viber through 11.7.0.5 allows a remote attacker who can capture a victim's internet traffic to steal their Viber account, because not all Viber protocol traffic is encrypted. TCP data packet 9 on port 4244 from the victim's device contains cleartext information such as the device model and OS...

ownCloud 10.3.0 Stable Cross Site Request Forgery

Exploit Title: ownCloud 10.3.0 stable - Cross-Site Request Forgery Date: 2019-10-31 Exploit Author: Ozer Goker Vendor Homepage: https://owncloud.org Software Link: https://owncloud.org/download/ Version: 10.3 CVE: N/A Introduction Your personal cloud collaboration platform With over 50 million...

ownCloud 10.3.0 stable - Cross-Site Request Forgery Vulnerability

Exploit for linux platform in category web applications Exploit Title: ownCloud 10.3.0 stable - Cross-Site Request Forgery Exploit Author: Ozer Goker Vendor Homepage: https://owncloud.org Software Link: https://owncloud.org/download/ Version: 10.3 CVE: N/A Introduction Your personal cloud...

CVE-2019-18188

Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution RCE. The remote process execution is bound to the IUSR...

CVE-2019-17189

totemodata 3.0.0b936 has XSS via a folder name...

CVE-2019-17189

totemodata 3.0.0b936 has XSS via a folder name...

Cross site scripting

totemodata 3.0.0b936 has XSS via a folder name...

CVE-2019-17189

totemodata 3.0.0b936 has XSS via a folder name...

CVE-2019-17189

Totemo totemodata 3.0.0_b936 is affected by a Cross-Site Scripting (XSS) vulnerability in the WEB application, caused by a lack of proper validation of client-side data in a folder name. The issue is documented across multiple sources (CNVD, NVD, Red Hat context) as CVE-2019-17189. Exploitation d...

Persistence – Time Providers

Windows operating systems are utilizing the time provider architecture in order to obtain accurate time stamps from other network devices or clients in the network. Time providers are implemented in the form of a DLL file which resides in System32 folder. The service W32Time initiates during the...

ZipperDown Vulnerability

react-native-code-push is susceptible to zipperdown vulnerability. The vulnerability exists because it does not validate the folder of the zip file before performing the extraction of files and directly writing the content to arbitrary folder...