CVE-2018-7884

An issue was discovered in DisplayLink Core Software Cleaner Application 8.2.1956. When the drivers are updated to a newer version, the product launches a process as SYSTEM to uninstall the old version: cl1956.exe is run as SYSTEM on the %systemroot%\Temp folder, where any user can write a DLL...

Information disclosure

An issue was discovered in DisplayLink Core Software Cleaner Application 8.2.1956. When the drivers are updated to a newer version, the product launches a process as SYSTEM to uninstall the old version: cl1956.exe is run as SYSTEM on the %systemroot%\Temp folder, where any user can write a DLL...

Clone 2 GO Video Converter 2.8.2 Unicode Buffer Overflow

!/usr/bin/python ---------------------------------------------------------------------------------------------------------------------- Exploit Title : Clone 2 GO Video converter 2.8.2 Unicode Buffer Overflow Remote Code Execution Exploit Author : Gokul Babu Organisation : Arridae Infosec P.V Ltd...

Authentication flaw

An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker sends a header of...

openSUSE Security Update : enigmail (openSUSE-2018-535)

This update for enigmail to version 2.0.6 fixes the following issues : Security issues fixed : - Replies to a partially encrypted message may have revealed protected information: no longer display PGP/MIME message part followed by unencrypted data boo1094781 - Signature could be spoofed via...

Security update for enigmail (moderate)

This update for enigmail to version 2.0.6 fixes the following issues: Security issues fixed: - Replies to a partially encrypted message may have revealed protected information: no longer display PGP/MIME message part followed by unencrypted data boo1094781 - Signature could be spoofed via...

TP-Link TL-WR840N/TL-WR841N - Authenticaton Bypass

Title: TP-Link Multiple RouterTL-WR840N and TL-WR841N Unauthenticated Router Access Vulnerability Author: BlackFog Team Date: 27 May 2018 Website: SecureLayer7.net Contact: [email protected] Version: 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n Hardware: TL-WR841N v13 00000013 Version : Firmwar...

Node.js third-party modules: [simplehttpserver] List any file in the folder by using path traversal.

I would like to report Path Traversal in simplehttpserver. It allows to list any file in another folder of web root. Module module name: simplehttpserver version: 0.1.1 npm page: https://www.npmjs.com/package/simplehttpserver Module Description 'simpehttpserver' is an simple imitation of python's...

Phabricator: The "Download Raw Diff" URL is viewable by everyone

mongoose This is similar to 213942, but less severe. Here is what you said in 213942: The change makes us write files with narrow permissions instead of broad permissions, write temporary files instead of permanent files and ... If I understand your comment correctly, suppose that an Administrato...

Joomla! Core cross-site scripting vulnerability (CNVD-2018-15238)

Joomla! is an open source content management system CMS. The system provides RSS feeds , site search and other features . Joomla! Core is a Joomla! core. A cross-site scripting vulnerability exists in Joomla! Core versions prior to 3.8.8, which stems from the program failing to properly filter fi...

CVE-2018-11342

A path traversal vulnerability in fileExplorer.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a path to a file on the system to create folders via the destfolder parameter...

ASUSTOR AS6202T ADM path traversal vulnerability (CNVD-2018-10308)

ASUSTOR AS6202T ADM is a dedicated operating system for ASUSTOR NAS storage devices from ASUSTOR. A path traversal vulnerability exists in the fileExplorer.cgi file in ASUSTOR AS6202T ADM version 3.1.0.RFQ3. An attacker can exploit this vulnerability to create arbitrary folders with the help of t...

Path traversal

Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal...

CVE-2018-1263

Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal...

CVE-2018-1261

Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z that holds path traversal filenames. So when the filename gets concatenated to th...

Cylance CylancePROTECT Privilege Extraction Vulnerability

Cylance CylancePROTECT is a suite of endpoint security protection software from Cylance USA. The software is capable of preventing ransomware, malware, and other attacks. A security vulnerability exists in Cylance CylancePROTECT versions prior to 1470, which stems from a user having...

CVE-2018-10722

In Cylance CylancePROTECT before 1470, an unprivileged local user can obtain SYSTEM privileges because users have Modify access to the %PROGRAMFILES%\Cylance\Desktop\log folder, the CyUpdate process grants users Modify access to new files created in this folder, and a new file can be a symlink...

Vaultize Enterprise File Sharing File Creation Vulnerability

Vaultize Enterprise File Sharing is an enterprise file sharing solution from Vaultize Technologies, USA. The solution includes features such as data retention management, versioning, secure data handling, data backup and recovery. A security vulnerability exists in Vaultize Enterprise File Sharin...

Input validation

Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host...

CVE-2016-9602

Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host...