5020 matches found
GOG Galaxy Games changeFolderPermissionsAtPath privilege escalation vulnerability
Summary An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy’s Games, version 1.2.47 for macOS. An attacker can globally adjust folder permissions leading to execution of arbitrary code with elevated privileges. Tested Versions Gog Galaxy 1.2....
Workspace Web: Managing Folder Permissions
Using Citrix Workspace to set folder permissions provides admins with the ability to set the following permissions and alerts for users:Permission / Alert| Description ---|--- View permission| Granting a user view permission allows them to view a document without downloading it. A user must be...
Directory Traversal
serve is vulnerable to directory traversal. The vulnerability exists because it gives an easy interface to list directory contents and traverse into sub-folder just by submitting a URL with dot-slash before the file name, e.g. http://127.0.0.1:6060/dir/./file.txt...
Default configuration
KioWare Server version 4.9.6 and older installs by default to "C:\kiowarecom" with weak folder permissions granting any user full permission "Everyone: F" to the contents of the directory and it's sub-folders. In addition, the program installs a service called "KWSService" which runs as...
CVE-2018-18435
KioWare Server version 4.9.6 and older installs by default to "C:\kiowarecom" with weak folder permissions granting any user full permission "Everyone: F" to the contents of the directory and it's sub-folders. In addition, the program installs a service called "KWSService" which runs as...
CVE-2018-18435
KioWare Server
August 30, 2018—KB4343893 (OS Build 16299.637)
August 30, 2018—KB4343893 OS Build 16299.637 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses an issue in Microsoft Foundation Class MFC applications that may cause applications t...
NuGet Package Manager Tampering Vulnerability
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure. An attacker who successfully exploited this vulnerability could potentially modify files and folders that are unpackaged on a...
September 20, 2018—KB4457127 (OS Build 14393.2515)
September 20, 2018—KB4457127 OS Build 14393.2515 Windows 10, version 1607, reached end of service on April 10, 2018. Devices running Windows 10 Home or Pro editions will no longer receive monthly security and quality updates that contain protection from the latest security threats.To continue...
Design/Logic Flaw
GdkPixBuf aka gdk-pixbuf, possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service stack corruption or possibly have unspecified other impact via a crafted file folder...
CVE-2017-12447
GdkPixBuf aka gdk-pixbuf, possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service stack corruption or possibly have unspecified other impact via a crafted file folder...
CVE-2017-12447
GdkPixBuf aka gdk-pixbuf, possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service stack corruption or possibly have unspecified other impact via a crafted file folder...
UBUNTU-CVE-2017-12447
GdkPixBuf aka gdk-pixbuf, possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service stack corruption or possibly have unspecified other impact via a crafted file folder...
QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'base64' class MetasploitModule 'QNAP TS-431 QTS %q This module creates a virtual web server and uploads the php payload into it. Admin privileges cannot access a...
QNAP TS-431 QTS Remote Command Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'base64' class MetasploitModule 'QNAP TS-431 QTS %q This module creates a virtual web server and uploads the php payload into it. Admin privileges cannot access a...
Critical WinRAR Flaw Found Actively Being Exploited
A critical 19-year-old WinRAR vulnerability disclosed last week has now been spotted actively being exploited in a spam campaign spreading malware. The campaign, discovered by researchers with 360 Threat Intelligence Center, takes advantage of a path-traversal WinRAR vulnerability, which could...
Latest WinRAR Flaw Being Exploited in the Wild to Hack Windows Computers
It's not just the critical Drupal vulnerability that is being exploited by in the wild cybercriminals to attack vulnerable websites that have not yet applied patches already available by its developers, but hackers are also exploiting a critical WinRAR vulnerability that was also revealed last...
CVE-2019-9116
DLL hijacking is possible in Sublime Text 3 version 3.1.1 build 3176 on 32-bit Windows platforms because a Trojan horse api-ms-win-core-fibers-l1-1-1.dll or api-ms-win-core-localization-l1-2-1.dll file may be loaded if a victim uses sublimetext.exe to open a .txt file within an attacker's...
Code injection
DISPUTED DLL hijacking is possible in Sublime Text 3 version 3.1.1 build 3176 on 32-bit Windows platforms because a Trojan horse api-ms-win-core-fibers-l1-1-1.dll or api-ms-win-core-localization-l1-2-1.dll file may be loaded if a victim uses sublimetext.exe to open a .txt file within an attacker'...
CVE-2019-9116
DLL hijacking is possible in Sublime Text 3 version 3.1.1 build 3176 on 32-bit Windows platforms because a Trojan horse api-ms-win-core-fibers-l1-1-1.dll or api-ms-win-core-localization-l1-2-1.dll file may be loaded if a victim uses sublimetext.exe to open a .txt file within an attacker's...