Nextcloud: Share owner has no possibility to list all existing derived shares

Hi, I found a bug where a shared link of particular file can disclose all files of that folder. Steps to reproduce + Make a group http:///nextcloud/index.php/settings/users and a standard user in it. + Now goto any folder and change it to gallery view F99993 + Invite that group which u made in st...

Riot Games League of Legends - Insecure File Permissions Privilege Escalation

Exploit for windows platform in category local exploits ------------------------------------------------------------------------------------ Exploit Title: Riot Games League of Legends Insecure File Permissions Privilege Escalation Date: 03/06/16 Exploit Author: Cyril Vallicari i give credit also...

mod fancy tag cloud,1.017,Other

mod fancy tag cloud comofflajninstaller,1.017,Other resolution: update to version 1.020 update notice: http://fancytagcloud.demo.offlajn.com/index.php/security-update existing users may also need to fix folder permissions, please contact the developer for further information...

VirIT Explorer Lite / Pro 8.1.68 Privilege Escalation

/ Full title: VirIT Explorer Lite & Pro v.8.1.68 Local Privilege Escalation System/Arbitrary Code Execution Exploit Author: Paolo Stagno - [email protected] Vendor Homepage: http://www.tgsoft.it Version: VirIT Explorer Lite & Pro v.8.1.68 Tested on: Windows 7 CVE: TBD CVSS v2: 6.8...

LebiShop Mall Backend Catalog Traversal Vulnerability

LebiShop mall system is an online mall system using ASP.NET language. The system is widely used in small and medium-sized e-commerce enterprises. The mall system's management background provides a system template management function , the function in the system template to browse files related to...

[SECURITY] Fedora 24 Update: roundcubemail-1.1.5-1.fc24

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

SSL Validation Defaults to False

Overview Affected versions of electron-packager configure the generated application to disable SSL certificate verification by default. This could allow an attacker with a privileged network position to launch a Man In The Middle MITM attack on the install process, intercepting the step where...

MS16-044: Security update for Windows OLE: April 12, 2016

MS16-044: Security update for Windows OLE: April 12, 2016 Summary This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Apache Jetspeed before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the title parameter when adding a 1 link, 2 page, or 3 folder resource...

CVE-2016-0711

Multiple cross-site scripting XSS vulnerabilities in Apache Jetspeed before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the title parameter when adding a 1 link, 2 page, or 3 folder resource...

Folder Player - Dangerous filesystem permissions, External URLs, SD-card access vulnerabilities

HackApp vulnerability scanner discovered that application Folder Player published at the 'play' market has multiple vulnerabilities...

Music Folder Player Free - Customized SSL, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application Music Folder Player Free published at the 'play' market has multiple vulnerabilities...

Siemens APOGEE Insight Information Disclosure Vulnerability

Siemens APOGEE Insight is a building automation control system from Siemens, Germany. A security vulnerability exists in Siemens APOGEE Insight, which originates when the program assigns weak privileges to the application folder. A local attacker could exploit the vulnerability to obtain sensitiv...

WordPress CIP4 Folder Download 1.10 本地文件包含漏洞

No description provided by source...

Xero: stored xss issue in folder name on go.xero.com/Docs/Folders

A client-side validation bypass issue was reported, which allowed XSS characters to be used for naming folders in https://go.xero.com. This provided a XSS attack vector against users of an Organization. A malicious, authenticated insider within an organisation may have used this attack vector to...

openSUSE Security Update : MozillaThunderbird (openSUSE-2016-222)

This update Mozilla Thunderbird 38.6.0 fixes the following issuesboo963520 : - CVE-2016-1930: Miscellaneous memory safety hazards boo963632 - CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation boo963635 The following upstream fixes are included : - Filters ran on a different...

CVE-2016-0955

Cross-site scripting XSS vulnerability in Adobe Experience Manager AEM 6.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a folder title field that is mishandled in the Deletion popup dialog...

Cross site scripting

Cross-site scripting XSS vulnerability in Adobe Experience Manager AEM 6.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a folder title field that is mishandled in the Deletion popup dialog...

FTPShell Client 5.24 - (Create NewFolder) Local Buffer Overflow

Exploit for windows platform in category local exploits ++++++++++++++++++++++++ + Exploit Title: FTPShell Client Add New Folder Local Buffer Overflow + Date: 2/2/2016 +Exploit Author: Arash Khazaei + Vendor Homepage: www.ftpshell.com +Software Link: http://www.ftpshell.com/download.htm + Version...

OpenXchange User Enumeration

Hi@all, there is an information disclosure in OpenXchange prior 7.8. An authenticated user can enumerate all imap user folders. If you browse the PoC you get an permission denied error, but the folder’s name is reflected into the page in json format. About Open Xchange: Open-Xchange2 develops,...