Open-Xchange: IDOR to view other user folder name

TESTED ACCOUNT: ================= [email protected] STEP TO REPRODUCE ==================== there is IDOR in viewing other user folder name GET...

CVE-2017-13851

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "DesktopServices" component. It allows local users to bypass intended access restrictions on home folder files...

Design/Logic Flaw

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "DesktopServices" component. It allows local users to bypass intended access restrictions on home folder files...

CVE-2017-13851

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "DesktopServices" component. It allows local users to bypass intended access restrictions on home folder files...

Samsung Mobile Device Design Vulnerabilities

Samsung mobile devices are smart mobile devices released by Samsung in South Korea.Android N is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. A security vulnerability exists in Samsung mobile devices using the Android N 7.x version, whi...

CVE-2018-9142

On Samsung mobile devices with N7.x software, attackers can install an arbitrary APK in the Secure Folder SD Card area because of faulty validation of a package signature and package name, aka SVE-2017-10932...

CVE-2018-9142

On Samsung mobile devices with N7.x software, attackers can install an arbitrary APK in the Secure Folder SD Card area because of faulty validation of a package signature and package name, aka SVE-2017-10932...

Design/Logic Flaw

On Samsung mobile devices with N7.x software, attackers can install an arbitrary APK in the Secure Folder SD Card area because of faulty validation of a package signature and package name, aka SVE-2017-10932...

CVE-2018-9142

On Samsung mobile devices with N7.x software, attackers can install an arbitrary APK in the Secure Folder SD Card area because of faulty validation of a package signature and package name, aka SVE-2017-10932...

CVE-2018-9142

CVE-2018-9142 affects Samsung mobile devices running Android N (7.x). The vulnerability arises from faulty validation of a package signature and package name, enabling attackers to install an arbitrary APK in the Secure Folder SD Card area. Connected sources corroborate the issue but do not provi...

D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router Authentication Bypass Vulnerability

D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router is a wireless router product from AUO D-Link. An authentication bypass vulnerability exists in the D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router. The vulnerability can be exploited to bypass the SharePort Web Access...

CVE-2018-9032

An authentication bypass vulnerability on D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router Hardware Version : A1, B1; Firmware Version : 1.02-2.06 devices potentially allows attackers to bypass SharePort Web Access Portal by directly visiting /categoryview.php or /folderview.php...

CVE-2018-9032

An authentication bypass vulnerability on D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router Hardware Version : A1, B1; Firmware Version : 1.02-2.06 devices potentially allows attackers to bypass SharePort Web Access Portal by directly visiting /categoryview.php or /folderview.php...

LabF nfsAxe 3.7 - Privilege Escalation

Exploit Author: bzyo Twitter: @bzyo Exploit Title: LabF nfsAxe 3.7 - Privilege Escalation Date: 03-24-2018 Vulnerable Software: LabF nfsAxe 3.7 Vendor Homepage: http://www.labf.com/ Version: 3.7 Software Link: http://www.labf.com/download/nfsaxe.exe Tested On: Windows 7 x86 and x64 Requires Windo...

CVE-2018-4844

Siemens SIMATIC WinCC OA UI for Android and iOS (versions before 3.15.10) contains an improper access control vulnerability. Insufficient limitation of CONTROL script capabilities allows read/write access from one HMI project cache folder to other HMI project cache folders within the app’s sandbo...

Microsoft Windows - Desktop Bridge VFS Privilege Escalation Exploit

Exploit for windows platform in category local exploits Windows: Windows: Desktop Bridge VFS EoP Platform: Windows 1709 not tested earlier version Class: Elevation of Privilege Summary: The handling of the VFS for desktop bridge applications can allow an application to create virtual files in...

Researchers Show How Popular Text Editors Can Be Attacked Via Third-Party Plugins

Security risks in popular extensible text editors allow hackers to abuse plugins and escalate privileges on targeted systems, according to new research from SafeBreach. Inadequate separation of regular and elevated access modes used in editors and a lack of folder permissions integrity allow...

Arbitrary Folder Deletion Vulnerability in HYBBS Community Forum System Version 2.1.3

HYBBS is a MVC-structured program based on HYPHP framework. HYBBS Community Forum System version 2.1.3 has an arbitrary folder deletion vulnerability. An attacker can exploit this vulnerability to delete arbitrary folders, resulting in a system crash...

Microsoft SQL Database Attacking Tool: MSDAT

MSDAT M icro s oft SQL D atabase A ttacking T ool is an open source penetration testing tool that tests the security of Microsoft SQL Databases remotely. Usage examples of MSDAT: You have a Microsoft database listening remotely and you want to find valid credentials in order to connect to the...

CVE-2018-6397

Directory Traversal exists in the Picture Calendar 3.1.4 component for Joomla! via the list.php folder parameter...