CVE-2022-45452

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Agent Windows before build 30430, Acronis Cyber Protect 15 Windows before build 30984...

Privilege escalation

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Agent Windows before build 30430, Acronis Cyber Protect 15 Windows before build 30984...

CVE-2022-45452

CVE-2022-45452 affects Acronis Agent (Windows) before build 30430 and Acronis Cyber Protect 15 (Windows) before build 30984. The root cause is insecure folder permissions enabling local privilege escalation. The issue is documented with explicit vulnerable products/versions and remediation guidan...

CVE-2022-45452

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Agent Windows before build 30430, Acronis Cyber Protect 15 Windows before build 30984...

CVE-2022-45452

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Agent Windows before build 30430, Acronis Cyber Protect 15 Windows before build 30984...

Acronis Agent和Acronis Cyber Protect 安全漏洞

Acronis Agent and Acronis Cyber Protect are both products of Acronis Singapore.Acronis Agent is an agent software.Acronis Cyber Protect is an all-in-one cyber protection solution for business and enterprise. Combining backup, anti-malware, network security, and endpoint management capabilities su...

Delta Electronics InfraSuite Device Master Incorrect Permission Assignment Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Delta Electronics InfraSuite Device Master. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

Ghost Directory Traversal Vulnerability

Ghost is an open source content management system . Ghost suffers from a directory traversal vulnerability that stems from a lack of validity checking of paths in frontend/web/middleware/static-theme.js when processing directory requests, which can be exploited by an attacker to read arbitrary...

Schweitzer Engineering Laboratories Real Time Automation Controller 路径遍历漏洞

Schweitzer Engineering Laboratories Real Time Automation Controller SEL RTAC is a powerful and versatile automation platform from Schweitzer Engineering Laboratories. A path traversal vulnerability exists in the Schweitzer Engineering Laboratories Real Time Automation Controller, which stems from...

PT-2023-20355 · Teampass · Teampass

Name of the Vulnerable Software and Affected Versions: teampass versions prior to 3.0.7 Description: The issue is related to improper neutralization of input during web page generation, also known as cross-site scripting. In the GitHub repository nilsteampassnet/teampass, if two users have the sa...

Stored XSS on items in Folder in nilsteampassnet/teampass lead to ATO

Description Stored XSS on items in Folder in nilsteampassnet/teampass lead to ATO Proof of Concept POC on my Drive video: https://drive.google.com/file/d/1OsksHJxcaNNABIoabLAwAKCu37S2VyT/view?usp=sharing...

Stored HTML injection in folderName affecting Admin

Description Here FolderName field is vulnerable to HTML injection, a malicious user could potentially rename a folder with a payload containing malicious code. This could result in an attack on the admin who edits the folder, as the payload could execute upon the admin's interaction with the...

Stored HTML Injection in Item Label

Description If two users have the same folder access, malicious users can create an item where its label field is vulnerable to HTML injection. When other users see that item, it may force them to redirect to the attacker's website or capture their data using a form. Proof of Concept...

Cross Site Scripting in nilsteampassnet/teampass

nilsteampassnet/teampass prior to version 3.0.7 is vulnerable to cross site scripting XSS from item names within a folder...

CVE-2023-28068

Dell Command Monitor, versions 10.9 and prior, contains an improper folder permission vulnerability. A local authenticated malicious user can potentially exploit this vulnerability leading to privilege escalation by writing to a protected directory when Dell Command Monitor is installed to a...

CVE-2023-28068

Dell Command Monitor, versions 10.9 and prior, contains an improper folder permission vulnerability. A local authenticated malicious user can potentially exploit this vulnerability leading to privilege escalation by writing to a protected directory when Dell Command Monitor is installed to a...

Design/Logic Flaw

Dell Command Monitor, versions 10.9 and prior, contains an improper folder permission vulnerability. A local authenticated malicious user can potentially exploit this vulnerability leading to privilege escalation by writing to a protected directory when Dell Command Monitor is installed to a...

CVE-2023-28068

Dell Command Monitor, versions 10.9 and prior, contains an improper folder permission vulnerability. A local authenticated malicious user can potentially exploit this vulnerability leading to privilege escalation by writing to a protected directory when Dell Command Monitor is installed to a...

CVE-2023-28068

Dell Command Monitor (Dell Command Monitor) vulnerability CVE-2023-28068 affects version 10.9 and earlier. The root cause is improper folder permission management, which can allow a local authenticated attacker to escalate privileges by writing to a protected directory when the software is instal...

CVE-2023-28068

Dell Command Monitor, versions 10.9 and prior, contains an improper folder permission vulnerability. A local authenticated malicious user can potentially exploit this vulnerability leading to privilege escalation by writing to a protected directory when Dell Command Monitor is installed to a...