CVE-2019-16913

PC Protect Antivirus v4.14.31 installs by default to %PROGRAMFILESX86%\PCProtect with very weak folder permissions, granting any user full permission "Everyone: F" to the contents of the directory and its subfolders. In addition, the program installs a service called SecurityService that runs as...

Default credentials

PC Protect Antivirus v4.14.31 installs by default to %PROGRAMFILESX86%\PCProtect with very weak folder permissions, granting any user full permission "Everyone: F" to the contents of the directory and its subfolders. In addition, the program installs a service called SecurityService that runs as...

CVE-2019-16913

PC Protect Antivirus (v4.14.31) is installed to %PROGRAMFILES(X86)%\PCProtect with overly permissive folder ACLs (Everyone: (F)). The component also creates a service (SecurityService) that runs as LocalSystem. This combination enables privilege escalation to NT AUTHORITY\SYSTEM by replacing the ...

CVE-2019-16913

PC Protect Antivirus v4.14.31 installs by default to %PROGRAMFILESX86%\PCProtect with very weak folder permissions, granting any user full permission "Everyone: F" to the contents of the directory and its subfolders. In addition, the program installs a service called SecurityService that runs as...

CVE-2019-17203

TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder...

CVE-2019-17203

TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder...

CVE-2008-1291

ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder...

CVE-2007-6688

Unspecified vulnerability in the Installation application in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to "web-accessibility protection of the storage folder."...

CVE-2019-17040

contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bounds access because the level length is mishandled...

CVE-2019-11751

Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. This can be used to write a log file to an arbitrary location such as the Windows 'Startup' folder. Note: this issue...

Cross site scripting

TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. The crafted password is exploitable when viewing the change history of the item or tapping on the item...

CVE-2019-14252

An issue was discovered in the secure portal in Publisure 2.1.2. Once successfully authenticated as an administrator, one is able to inject arbitrary PHP code by using the adminCons.php form. The code is then stored in the E:\PUBLISURE\webservice\webpages\AdminDir\Templates\ folder even if remove...

Authentication flaw

An issue was discovered in servletcontroller in the secure portal in Publisure 2.1.2. One can bypass authentication and perform a query on PHP forms within the /AdminDir folder that should be restricted...

CVE-2019-14253

An issue was discovered in servletcontroller in the secure portal in Publisure 2.1.2. One can bypass authentication and perform a query on PHP forms within the /AdminDir folder that should be restricted...

CVE-2019-14252

An issue was discovered in the secure portal in Publisure 2.1.2. Once successfully authenticated as an administrator, one is able to inject arbitrary PHP code by using the adminCons.php form. The code is then stored in the E:\PUBLISURE\webservice\webpages\AdminDir\Templates\ folder even if remove...

Insecure Session Management

github.com/astaxie/beego uses an insecure session management. The excessive permissions configured on session files allows a local attacker to manipulate and modify session files before the application creates it in the world-accessible folder...

Spoofing

DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection MTP Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights...

CVE-2019-3646 McAfee Total Protection - Free Antivirus Trial: DLL Search Order Hijacking vulnerability

DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection MTP Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights...

Folder Lock 7.7.9 - Denial of Service

Exploit Title: Folder Lock v7.7.9 Denial of Service Exploit Date: 12.09.2019 Vendor Homepage:https://www.newsoftwares.net/folderlock/ Software Link: https://www.newsoftwares.net/download/folderlock7-en/folder-lock-en.exe Exploit Author: Achilles Tested Version: 7.7.9 Tested on: Windows 7 x64 1.-...

Folder Lock 7.7.9 - Denial of Service

Folder Lock 7.7.9 - Denial of Service Exploit Title: Folder Lock v7.7.9 Denial of Service Exploit Date: 12.09.2019 Vendor Homepage:https://www.newsoftwares.net/folderlock/ Software Link: https://www.newsoftwares.net/download/folderlock7-en/folder-lock-en.exe Exploit Author: Achilles Tested Versio...