CVE-2021-25382

An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release 1 allows unauthorized access to contents in Secure Folder via debugging command...

CVE-2021-25364

A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information...

CVE-2021-24919

The Wicked Folders WordPress plugin before 2.8.10 does not sanitise and escape the folderid parameter before using it in a SQL statement in the wickedfolderssavesortorder AJAX action, available to any authenticated user. leading to an SQL injection...

CVE-2020-29189

Incorrect Access Control vulnerability in TerraMaster TOS = 4.2.06 allows remote authenticated attackers to bypass read-only restriction and obtain full access to any folder within the NAS...

CVE-2020-5195

Reflected XSS through an IMG element in Cerberus FTP Server prior to versions 11.0.1 and 10.0.17 allows a remote attacker to execute arbitrary JavaScript or HTML via a crafted public folder URL. This occurs because of the folderup.png IMG element not properly sanitizing user-inserted directory...

CVE-2020-18070

Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the "dodel" method of the component "database.admincp.php"...

CVE-2020-6954

An issue was discovered on Cayin SMP-PRO4 devices. A user can discover a saved password by viewing the URL after a Connection String Test. This password is shown in the webpass parameter of a mediafolder.cgi?applymode=pingserver URI...

CVE-2020-11595

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the upload folder path that includes the hostname in a UNC path...

CVE-2020-11613

Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulnerability due to default and insecure permissions being set for the installation folder. By default, the Authenticated Users group has Modify permissions to the installation folder. Because of this, any user on the system can...

CVE-2020-0864

An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0777, CVE-2020-0797, CVE-2020-0800, CVE-2020-0865, CVE-2020-0866,...

CVE-2020-0800

An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0777, CVE-2020-0797, CVE-2020-0864, CVE-2020-0865, CVE-2020-0866,...

CVE-2020-5896

On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Service's temporary folder has weak file and folder permissions...

CVE-2020-1094

An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'...

CVE-2020-9280

In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x. This module is...

CVE-2020-3961

VMware Horizon Client for Windows prior to 5.4.3 contains a privilege escalation vulnerability due to folder permission configuration and unsafe loading of libraries. A local user on the system where the software is installed may exploit this issue to run commands as any user...

CVE-2020-23864

An issue exits in IOBit Malware Fighter version 8.0.2.547. Local escalation of privileges is possible by dropping a malicious DLL file into the WindowsApps folder...

CVE-2020-25873

A directory traversal vulnerability in the component system/manager/class/web/database.php was discovered in Baijiacms V4 which allows attackers to arbitrarily delete folders on the server via the "id" parameter...

CVE-2020-26606

An issue was discovered on Samsung mobile devices with O8.x, P9.0, Q10.0, and R11.0 software. An attacker can access certain Secure Folder content via a debugging command. The Samsung ID is SVE-2020-18673 October 2020...

CVE-2020-11601

An issue was discovered on Samsung mobile devices with P9.0 and Q10.0 software. There is unauthorized access to applications in the Secure Folder via floating icons. The Samsung ID is SVE-2019-16195 April 2020...

CVE-2020-11606

An issue was discovered on Samsung mobile devices with Q10.0 software. Information about application preview in the Secure Folder leaks on a locked device. The Samsung ID is SVE-2019-16463 April 2020...