NCH IVM Attendant 代码问题漏洞

NCH IVM Attendant is a complete voicemail, call attendant, and IVR solution for Windows.A security vulnerability exists in NCH IVM Attendant, which stems from the fact that if the pathname of a ZIP element is set to the Windows startup folder, a file with a built-in Out-Going Message function, or...

SUSE-SU-2021:2458-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 78.12 fixed: Sending an email containing HTML links with spaces in the URL sometimes resulted in broken links fixed: Folder Pane display theme fixes for macOS fixed: Chat account settings did not always save as...

Security update for MozillaThunderbird (important)

openSUSE Security Update: Security update for MozillaThunderbird Announcement ID: openSUSE-SU-2021:2458-1 Rating: important References: 1188275 Cross-References: CVE-2021-29969 CVE-2021-29970 CVE-2021-29976 CVE-2021-30547 CVSS scores: CVE-2021-29969 SUSE: 7.5...

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description In this directory "https://demo.dolibarr.org/ecm/index.php?mainmenu=ecm&leftmenu=ecm&idmenu=167162" The attacker Can Perform a CSRF attack to Remove any folders. In this Directory application take a parameter named "token" and I set "token" parameter value to nothings like...

CVE-2020-25593

Acronis True Image through 2021 on macOS allows local privilege escalation from admin to root due to insecure folder permissions...

CVE-2020-25593

Acronis True Image through 2021 on macOS allows local privilege escalation from admin to root due to insecure folder permissions...

Privilege escalation

Acronis True Image through 2021 on macOS allows local privilege escalation from admin to root due to insecure folder permissions...

CVE-2020-15496

Acronis True Image for Mac before 2021 Update 4 allowed local privilege escalation due to insecure folder permissions...

Privilege escalation

Acronis True Image for Mac before 2021 Update 4 allowed local privilege escalation due to insecure folder permissions...

CVE-2020-25593

Acronis True Image through 2021 on macOS allows local privilege escalation from admin to root due to insecure folder permissions...

CVE-2020-15496

Acronis True Image for Mac before 2021 Update 4 allowed local privilege escalation due to insecure folder permissions...

CVE-2020-15496

Affected product: Acronis True Image for Mac prior to 2021 Update 4. Issue: local privilege escalation caused by insecure folder permissions in the product. Root cause: insecure permissions enabling a local attacker with low privileges to elevate to higher privileges. Impact: per CVSS metrics, hi...

MagicMotion Flamingo 安全漏洞

MagicMotion Flamingo is a wearable vibrator from the Chinese company MagicMotion. The MagicMotion Flamingo 2 suffers from a security vulnerability that originates when the MagicMotion Flamingo 2 app for Android stores data on the sdcard under com.vt.magicmotion/files/Pictures. An attacker can...

Acronis True Image 安全漏洞

Acronis True Image is a famous data backup and restore software from Acronis Singapore. The software can be used to create drive and disk images and can restore the image when a clean system is needed. Acronis True Image suffers from a security vulnerability that stems from insecure folder...

Injector - Complete Arsenal Of Memory Injection And Other Techniques For Red-Teaming In Windows

Complete Arsenal of Memory injection and other techniques for red-teaming in Windows What does Injector do? Process injection support for shellcode located at remote server as well as local storage. Just specify the shellcode file and it will do the rest. It will by default inject into notepad.ex...

CVE-2021-30117

The API call /InstallTab/exportFldr.asp is vulnerable to a semi-authenticated boolean-based blind SQL injection in the parameter fldrId. Detailed description --- Given the following request: GET /InstallTab/exportFldr.asp?fldrId=1’ HTTP/1.1 Host: 192.168.1.194 User-Agent: Mozilla/5.0 Macintosh;...

WordPress Media File Organizer plugin directory traversal vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A directory traversal vulnerability exists in version 1.0.1 of the Media File Organizer plugin for...

MDT AutoSave 信息泄露漏洞

MDT AutoSave is a software application. It provides an automated change management function. An information disclosure vulnerability exists in MDT AutoSave, which stems from the lack of security restrictions on the working directory, and allows an attacker to obtain information about a temporary...

CVE-2020-24143

Directory traversal in the Video Downloader for TikTok aka downloader-tiktok plugin 1.3 for WordPress lets an attacker get access to files that are stored outside the web root folder via the njt-tk-download-video parameter...

CVE-2020-24144

Directory traversal in the Media File Organizer aka media-file-organizer plugin 1.0.1 for WordPress lets an attacker get access to files that are stored outside the web root folder via the items parameter in a move operation...