5019 matches found
From the JS files found in the"authentication bypass"vulnerability-vulnerability warning-the black bar safety net
This article content originating from a private vulnerability Bounty program. In this vulnerability the plan, accept the vulnerability range is limited to target sites of a few public functions. Based on early discovery of issues when I was invited into this plan, the other person Total submitted...
CVE-2017-5081
Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to modify extensions by modifying extension files...
Parallels Desktop - Virtual Machine Escape Vulnerability
Exploit for windows platform in category local exploits + Title: Parallels Desktop - Virtual Machine Escape + Product: Parallels + Vendor: http://www.parallels.com/products/desktop/ + Affected Versions: All Version Author : Mohammad Reza Espargham Linkedin : https://ir.linkedin.com/in/rezasp E-Ma...
Parallels Desktop - Virtual Machine Escape
Parallels Desktop - Virtual Machine Escape + Title: Parallels Desktop - Virtual Machine Escape + Product: Parallels + Vendor: http://www.parallels.com/products/desktop/ + Affected Versions: All Version Author : Mohammad Reza Espargham Linkedin : https://ir.linkedin.com/in/rezasp...
Parallels Desktop - Virtual Machine Escape
Title: Parallels Desktop - Virtual Machine Escape + Product: Parallels + Vendor: http://www.parallels.com/products/desktop/ + Affected Versions: All Version Author : Mohammad Reza Espargham Linkedin : https://ir.linkedin.com/in/rezasp E-Mail : meatrezadotes , reza.esparghamatgmaildotcom Website :...
Parallels Desktop 12.2.0 Virtual Machine Escape
Title:A Parallels Desktop - Virtual Machine Escape + Product: Parallels + Vendor: http://www.parallels.com/products/desktop/ + Affected Versions: All Version Author : Mohammad Reza Espargham Linkedin : https://ir.linkedin.com/in/rezasp E-Mail : meatrezadotes , reza.esparghamatgmaildotcom Website...
Sandboxie Denial of Service Vulnerability
Sandboxie is a sandbox environment that allows running a browser or other application in that environment. Sandboxie suffers from a denial of service vulnerability. A local denial of service exists due to an overflow when passing an extremely long string as a container folder name...
Normal user can somehow make admin to delete shared folders - ownCloud
A Attacker is logged in as a normal user and can somehow make admin to delete shared folders Affected Software ownCloud Server 10.0.2 CVE-2017-9340 Action Taken Adjust privileges Acknowledgements The ownCloud team thanks the following people for their research and responsible disclosure of the...
Sandboxie 5.18 - Local Denial of Service
Sandboxie 5.18 - Local Denial of Service author = ''' Created: ScrR1pTK1dd13 Name: Greg Priest Mail: [email protected] Exploit Title: Sandboxie version 5.18 local Dos Exploit Date: 2017.05.25 Exploit Author: Greg Priest Version: Sandboxie version 5.18 ... Released on 13 April 2017...
HP SimplePass 8.x Local Privilege Escalation
Vulnerability Title: HP SimplePass Local Privilege Escalation Advisory Release Date: 05/18/2017 Credit: Discovered By Rehan Ahmed Contact: [email protected] Severity Level: Medium Type: Local Tested Platform: Windows 8 & 10 x64 Vendor: HP Inc. Vendor Site: http://www.hp.com Download Link:...
The vulnerability of the Oracle VM VirtualBox virtual machine, which allows a hacker to trigger a service failure
The vulnerability of the Oracle VM VirtualBox virtual machine’s Shared Folder sub-component is related to access control deficiencies. Exploiting this vulnerability can allow an attacker, operating locally, to cause the system to freeze or crash by accessing infrastructure resources...
CVE-2017-8868
acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. The risk might be limited to requests submitted through CSRF...
MGASA-2017-0135 Updated virtualbox packages fixes security vulnerabilities
This update provides virtualbox 5.1.22 maintenance release and resolves at least the following security issues: A vulnerability in the core subcomponent of virtualbox allows high privilegied attacker unauthorized read access to a subset of VirtualBox accessible data CVE-2017-3513. A vulnerability...
Craft CMS Information Disclosure Vulnerability
Craft CMS is a content management system CMS for developers and content managers. A security vulnerability exists in Craft CMS versions prior to 2.6.2976, which stems from the program failing to properly restrict viewing of the contents of the craft/app/folder. An attacker could exploit this...
CVE-2017-2095
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors...
Oracle VM VirtualBox Remote Vulnerability (CNVD-2017-06471)
Oracle Virtualization is a set of virtualization solutions from Oracle Corporation, of which Oracle VM VirtualBox is a virtual machine component. A security vulnerability exists in the Shared Folder subcomponent of the Oracle VM VirtualBox component of Oracle Virtualization. An attacker could...
Oracle VirtualBox Security Bypass Vulnerability - 01 (Apr 2017) - Windows
Oracle VirtualBox is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Oracle VirtualBox Security Bypass Vulnerability - 01 (Apr 2017) - Mac OS X
Oracle VirtualBox is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Oracle VirtualBox Guest Additions 5.1.18 - Unprivileged Windows User-Mode Guest Code Double-Free
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1227 We have discovered a heap double-free vulnerability in the latest version of VirtualBox 5.1.18, with Guest Additions and more specifically shared folders enabled in the guest operating system. The heap memory corruption take...
CVE-2017-3587
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Shared Folder. Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle V...