CVE-2023-31403 Improper Access Control vulnerability in SAP Business One product installation

SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder. As a result, any malicious user can read and write to the SMB shared folder. Additionally, the files in the folder can be executed or be used by the installation...

Microsoft Windows Compressed Folder Security Vulnerability

Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A security vulnerability exists in Microsoft Windows Compressed Folder. An attacker could exploit this vulnerability to remotely execute code. The following products and versions are...

PT-2023-23298 · Sap · Sap Business One

Name of the Vulnerable Software and Affected Versions: SAP Business One version 10.0 Description: The SAP Business One installation does not perform proper authentication and authorization checks for SMB shared folders. This allows any malicious user to read and write to the SMB shared folder...

Nextcloud: Can download files by zipping the folder

A vulnerability was identified where files could be downloaded without proper permissions by zipping and downloading a folder, despite not having direct download access. This allowed circumvention of view-only restrictions...

Fedora: Security Advisory (FEDORA-2023-735ee6d4e1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The software for remote control of computers with Intel vPro processors is vulnerable due to a misconfiguration in the link that is accessed before accessing the file. This allows a malicious user to delete any folder they choose.

The vulnerability of the software for remote control of computers with Intel vPro processors in Dell Command Intel vPro Out of Band mode is related to an incorrect definition of the link before accessing the file. Exploiting this vulnerability could allow a malicious individual to delete any...

CVE-2023-37243

The C:\Windows\Temp\Agent.Package.Availability\Agent.Package.Availability.exe file is automatically launched as SYSTEM when the system reboots. Since the C:\Windows\Temp\Agent.Package.Availability folder inherits permissions from C:\Windows\Temp and Agent.Package.Availability.exe is susceptible t...

CVE-2023-37243

The C:\Windows\Temp\Agent.Package.Availability\Agent.Package.Availability.exe file is automatically launched as SYSTEM when the system reboots. Since the C:\Windows\Temp\Agent.Package.Availability folder inherits permissions from C:\Windows\Temp and Agent.Package.Availability.exe is susceptible t...

CVE-2023-37243

The vulnerability CVE-2023-37243 concerns the Windows Atera Agent Package Availability (Agent.Package.Availability.exe). The executable is launched with SYSTEM privileges at reboot, and its folder (C:\Windows\Temp\Agent.Package.Availability) inherits permissions from C:\Windows\Temp; this enables...

Dropbox Folder Share <= 1.9.7 - Unauthenticated Remote Code Execution via LFI

Description The plugin does not validate the path and name of a file before including it, allowing unauthenticated visitors to include and execute arbitrary php files on the server, leading to remote code execution...

Design/Logic Flaw

Zscaler Client Connector Installer on Windows before version 3.4.0.124 improperly handled directory junctions during uninstallation. A local adversary may be able to delete folders in an elevated context...

CVE-2021-26734 Junction Delete leading to elevation of privilege

Zscaler Client Connector Installer on Windows before version 3.4.0.124 improperly handled directory junctions during uninstallation. A local adversary may be able to delete folders in an elevated context...

Zscaler Client Connector Backlink Vulnerability

Zscaler Client Connector is an application from zscaler. An application that is installed on a device to ensure that Internet traffic and access to an organization's internal applications are secure and in compliance with the organization's policies, even when not on the corporate network. A...

PT-2023-21973 · Zscaler · Zscaler Client Connector For Windows

Name of the Vulnerable Software and Affected Versions: Zscaler Client Connector for Windows versions prior to 4.1 Description: The issue allows a malicious user to execute code as a privileged user by replacing a folder where the Zscaler Client Connector for Windows writes or deletes a...

OESA-2023-1744 libcue security update

Libcue is intended for parsing a so-called cue sheet from a char string or a file pointer. For handling of the parsed data a convenient API is available. Security Fixes: libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bound...

CVE-2023-4488

The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. Thi...

Design/Logic Flaw

The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. Thi...

CVE-2023-4488 Dropbox Folder Share <= 1.9.7 - Unauthenticated Local File Inclusion

The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. Thi...

CVE-2023-4488 Dropbox Folder Share <= 1.9.7 - Unauthenticated Local File Inclusion

The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. Thi...

CVE-2023-4488

CVE-2023-4488 refers to the Dropbox Folder Share for WordPress. Connected sources confirm an unauthenticated Local File Inclusion (LFI) via editor-view.php affecting versions up to and including 1.9.7, enabling attackers to include/execute arbitrary PHP files on the server. Impact statements indi...