CVE-2017-3538

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Shared Folder. Supported versions that are affected are Prior to 5.0.34 and Prior to 5.1.16. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle V...

Design/Logic Flaw

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Shared Folder. Supported versions that are affected are Prior to 5.0.34 and Prior to 5.1.16. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle V...

UBUNTU-CVE-2017-3538

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Shared Folder. Supported versions that are affected are Prior to 5.0.34 and Prior to 5.1.16. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle V...

CVE-2017-3538

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Shared Folder. Supported versions that are affected are Prior to 5.0.34 and Prior to 5.1.16. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle V...

UBUNTU-CVE-2017-3587

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Shared Folder. Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle V...

CVE-2017-3538

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Shared Folder. Supported versions that are affected are Prior to 5.0.34 and Prior to 5.1.16. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle V...

CVE-2017-3538

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Shared Folder. Supported versions that are affected are Prior to 5.0.34 and Prior to 5.1.16. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle V...

CVE-2017-3587

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Shared Folder. Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle V...

Debian DSA-3832-1 : icedove - security update

Multiple security issues have been found in Thunderbird, which may may lead to the execution of arbitrary code or information leaks. With this update, the Icedove packages are de-branded back to the official Mozilla branding. With the removing of the Debian branding the packages are also renamed...

[SECURITY] [DSA 3832-1] icedove security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3832-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 20, 2017 https://www.debian.org/security/faq -...

Oracle VM VirtualBox 5.0.x < 5.0.38 / 5.1.x < 5.1.20 (April 2017 CPU)

The version of Oracle VM VirtualBox installed on the remote host is 5.0.x prior to 5.0.38 or 5.1.x prior to 5.1.20. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Core component that allows a local attacker to disclose potentially sensitive informatio...

Debian: Security Advisory (DSA-3832-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

VirtualBox: cooperating VMs can escape from shared folder (CVE-2017-3538)

There is a security issue in the shared folder implementation that permits cooperating guests with write access to the same shared folder to gain access to the whole filesystem of the host, at least on Linux hosts. The issue is that, when the host checks whether a given path escapes the root...

For cross-browser local file disclosure vulnerability analysis-vulnerability warning-the black bar safety net

Foreword You know? You can easily turn ordinary file selector into a folder picker, to do this, simply drag the attribute“webkitdirectory”added to the type ='file'in the given input element on the line. Of course, with the folder selector is different, eventually you will load a given folder all...

Mozilla Firefox webkitdirectory local files disclosure (CVE-2017-5414)

I have reported three different bugs to Mozilla in the webkitdirectory feature. Luckily the folder picker was only implement in Mozilla's Nightly browser, which is meant to test out new features before landing in the stable version. Bug 1295914 - webkitdirectory could be used to trick users into...

Open-Xchange: Critical : View/Edit access to private appointments of calendar folder by read only user (Vertical privilege escalation)

Hi Team, Description : Read only user of calendar folder shouldn't be able access any private appointments. I have found a move calendar folder request which is working for read only user. Once Attacker moves the appointment to his folder , then he can Access private appointments. Vulnerable HTTP...

Open-Xchange: Unauthorized access to attachments details of Private Calendar appointments (Access control issue)

Hi Team, Description : In calendar folder there is a permission settings where user can be assigned as read only user of it's own objects . User with this permission shouldn't be able to view private appointments and it's attachments . There is request of getting attachment details from server...

Solaris x86 / SPARC EXTREMEPARR dtappgather Privilege Escalation

!/bin/ksh Exploit PoC reverse engineered from EXTREMEPARR which provides local root on Solaris 7 - 11 x86 & SPARC. Uses a environment variable of setuid binary dtappgather to manipulate file permissions and create a user owned directory anywhere on the system as root. Can then add a shared object...

Solaris 7 &lt; 11 (SPARC/x86) - &#039;EXTREMEPARR&#039; dtappgather Privilege Escalation

!/bin/ksh Exploit PoC reverse engineered from EXTREMEPARR which provides local root on Solaris 7 - 11 x86 & SPARC. Uses a environment variable of setuid binary dtappgather to manipulate file permissions and create a user owned directory anywhere on the system as root. Can then add a shared object...

Nextcloud Unauthorized Folder Creation Vulnerability

Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. An out-of-authority folder creation vulnerability exists in Nextcloud Server versions prior to 9.0.55 and prior to...