Nextcloud Information Disclosure Vulnerability

Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. An information disclosure vulnerability exists in Nextcloud Server versions prior to 9.0.55 and 10.0.2. The vulnerabili...

Open-Xchange: Resend invitation to members by Read only user(Privilege Escalation)

Hi Team, Description : ViewerRead only user of any entityEx: Address book, Folder etc. doesn't have access to permission section. This user can't make any action in permission/Invite people section. But Resending invitation HTTP request is vulnerable and it doesn't check whether the user is Owner...

CVE-2017-0884

CVE-2017-0884 affects Nextcloud Server prior to versions 9.0.55 and 10.0.2 . A logical error in the file caching layer allows an authenticated attacker who has at least read-only permissions to create empty folders inside a shared folder, i.e., a creation of folders in read-only folders despite l...

CVE-2017-0884

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder. Note that this only affects...

Oracle VM VirtualBox 5.0.x < 5.0.34 / 5.1.x < 5.1.16 Shared Folder Implementation Information Disclosure

The version of Oracle VM VirtualBox installed on the remote host is 5.0.x prior to 5.0.34 or 5.1.x prior to 5.1.16. It is, therefore, affected by an information disclosure vulnerability within the shared folder implementation, specifically in the vbsfPathCheckRootEscape function, that permits...

The vulnerability of the Skype instant messaging program allows a hacker to execute arbitrary code.

The vulnerability of the Skype instant messaging program is related to the limitation on the download of external libraries. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted library named api-ms-win-core-winrt-string-l1-1-0.dll, which is...

Draft folder emails in Secure Mail not syncing with MS Exchange

Q: Users create drafts in Secure Mail but these do not get synced with MS Exchange and viewable in Outlook. After repeated attempts to amend and save the draft it will be deleted without being synced. Is this a known issue? A: With regard to the Draft folder syncing, there are limitation regardin...

Updated virtualbox packages fixes security vulnerabilities

This update provides virtualbox 5.1.18 maintenance release and resolves at least the following security issues: A vulnerability in the GUI subcomponent of virtualbox allows unauthenticated attacker unauthorized update, insert or delete access to some data as well as unauthorized read access to a...

Leakage Of File And Folder Information

hive-exec is vulnerable to the leakage of file and folder information. The file and folder information is being logged when a query is canceled and the thread is interrupted...

The Network Connections folder in Windows is empty

The "Network Connections" folder in Windows is empty...

VirtualBox - Cooperating VMs can Escape from Shared Folder Exploit

Exploit for linux platform in category local exploits Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1037 There is a security issue in the shared folder implementation that permits cooperating guests with write access to the same shared folder to gain access to the whole...

Oracle VM VirtualBox - Cooperating VMs can Escape from Shared Folder

Oracle VM VirtualBox - Cooperating VMs can Escape from Shared Folder Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1037 There is a security issue in the shared folder implementation that permits cooperating guests with write access to the same shared folder to gain access to t...

Oracle VM VirtualBox - Cooperating VMs can Escape from Shared Folder

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1037 There is a security issue in the shared folder implementation that permits cooperating guests with write access to the same shared folder to gain access to the whole filesystem of the host, at least on Linux hosts. The issue i...

cgPwn - Cyber Grand Pwnage Box

A lightweight VM for hardware hacking, RE fuzzing, symEx, exploiting etc and wargaming tasks. This is a Ubuntu VM tailored for hardware hacking, RE and Wargaming. Tools included Pwndbg Pwntools Binwalk Radare2 Capstone, Unicorn and Keystone Engines Qira Timeless Debugger AFL Valgrind , VGdb...

Local Buffer Overflow Vulnerability Exists in AuxCom

HelpEIM WinEIM is an enterprise instant messaging software. A local buffer overflow vulnerability exists in the folder handling in the WinEIM software client, which can lead to arbitrary code execution if an attacker disguises a malformed folder and tempts the user to parse it e.g., tricking the...

Memory Corruption Vulnerability in Auxiliary Communication

HelpEIM WinEIM is an enterprise instant messaging software. A memory corruption vulnerability exists in the handling of folder transfers within the WinEIM software client, which allows an attacker to cause a remote program to crash by constructing a malformed folder that, if successfully exploite...

Cybozu Garoon fails to restrict access permission in the mail function

Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in the mail function. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact A user may alter the order of the mail folders. Solution...

openSUSE Security Update : virtualbox (openSUSE-2017-203)

This update for virtualbox to version 5.1.14 fixes the following issues : These security issues were fixed : - CVE-2016-5545: Vulnerability in the GUI subcomponent of virtualbox allows unauthenticated attacker unauthorized update, insert or delete access to some data as well as unauthorized read...

openSUSE Security Update : virtualbox (openSUSE-2017-178)

This update for virtualbox to version 5.0.32 fixes the following issues : These security issues were fixed : - CVE-2016-5545: Vulnerability in the GUI subcomponent of virtualbox allows unauthenticated attacker unauthorized update, insert or delete access to some data as well as unauthorized read...

CVE-2017-3290

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Shared Folder. Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure wher...