CVE-2021-26557

When Octopus Tentacle is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access...

CVE-2021-26556

When Octopus Server is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access...

CVE-2021-26557

When Octopus Tentacle is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access...

Design/Logic Flaw

When Octopus Tentacle is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access...

Design/Logic Flaw

When Octopus Server is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access...

CVE-2021-26557

CVE-2021-26557 affects Octopus Tentacle when installed to a custom folder where folder ACLs are not set correctly. This misconfiguration can allow an unprivileged user to use DLL side-loading to gain privileged access, resulting in a local privilege escalation. The NVD data cites local attack vec...

CVE-2021-26556

When Octopus Server is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access...

CVE-2021-26556

CVE-2021-26556 affects Octopus Server when installed in a custom folder location. The root cause is improper ACL configuration on the installation folder, enabling a DLL side-loading path for an unprivileged user to escalate to privileged access. The connected sources confirm the presence of a lo...

Octopus Tentacle 代码问题漏洞

Octopus Server is an automated deployment platform. Octopus Tentacle has a security vulnerability that could result in unprivileged users gaining privileged access when Octopus Tentacle is installed using a custom folder location...

Octopus Server 代码问题漏洞

Octopus Server is an automated deployment platform. Octopus Server has a security vulnerability that could result in non-privileged users gaining privileged access when Octopus Server is installed using a custom folder location...

CVE-2021-34413

All versions of the Zoom Plugin for Microsoft Outlook for MacOS before 5.3.52553.0918 contain a Time-of-check Time-of-use TOC/TOU vulnerability during the plugin installation process. This could allow a standard user to write their own malicious application to the plugin directory, allowing the...

Asus Rog Armory Crate 代码问题漏洞

Asus Rog Armory Crate is a one-stop application from Asus China Inc. for connecting, configuring and controlling a vast array of Rog gaming products. A security vulnerability exists in Asus Rog Armory Crate Lite versions prior to 4.2.10, which stems from the software previously allowing local use...

McAfee Endpoint Security 后置链接漏洞

Mcafee McAfee Endpoint Security ENS is a set of U.S. McAfee Mcafee company to provide intelligent collaboration and advanced threat defense framework. The framework supports control of the entire threat defense lifecycle for real-time communications and actionable threat forensics, among other...

Improper access control

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'TemplatePath' parameter in the component 'jfinalcms/admin/folder/list'...

CVE-2020-19146

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'TemplatePath' parameter in the component 'jfinalcms/admin/folder/list'...

Jfinal CMS 路径遍历漏洞

Jfinal CMS is a powerful information consulting website developed in java, using the simple and powerful JFinal as a web framework, template engine with beetl, database with mysql, front-end bootstrap framework. jfinal CMS 4.7.1 and earlier versions have improper access control vulnerabilities. A...

openSUSE 15 Security Update : nextcloud (openSUSE-SU-2021:1255-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1255-1 advisory. - Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server. In affected versions the Nextcloud...

Nextcloud: Folder architecture and Filesizes of private file drop shares can be getten

Steps To Reproduce: 1. Create a new Folder "TestABC" 2. Share a password protected link of this folder 3. Create a file "README.md" and a file "README.md" in the Subfolder "Subfolder". == curl -H "OCS-APIREQUEST: true" "http://localhost/ocs/v2.php/apps/text/public/workspace?shareToken=ABCDE12345"...

Nextcloud has an unspecified vulnerability (CNVD-2022-18419)

Nextcloud Text is an open source self-hosted file synchronization and sharing communication application platform from the German company Nextcloud. Nextcloud Text has a security vulnerability that could be exploited by attackers to enumerate folders in such shares...

CVE-2021-32766

Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server. In affected versions the Nextcloud Text application returned different error messages depending on whether a folder existed in a public link share. This is problematic in case the public link sha...