Information disclosure

Intent redirection vulnerability in Secure Folder prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action...

CVE-2021-25391

Intent redirection vulnerability in Secure Folder prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action...

CVE-2021-25391

CVE-2021-25391 is an Intent redirection vulnerability in Samsung Secure Folder prior to SMR MAY-2021 Release 1. The issue allows an attacker to execute a privileged action through intent redirection. Affected: Secure Folder component on Samsung devices; impact per CVSSv3.1: base score 4.0 (MEDIUM...

Samsung SMR 安全漏洞

Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung mobile applications. A security vulnerability exists in SMR MAY-2021 Release 1, which stems from a redirection vulnerability in the application's secure folder that allows an attacker to perform a...

CVE-2021-31839 Incorrect permissions on McAfee Agent for Windows event folder

Improper privilege management vulnerability in McAfee Agent for Windows prior to 5.7.3 allows a local user to modify event information in the MA event folder. This allows a local user to either add false events or remove events from the event logs prior to them being sent to the ePO server...

CVE-2021-23022

On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and folder permissions. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

Design/Logic Flaw

On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and folder permissions. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2021-23022

CVE-2021-23022 affects the BIG-IP Edge Client for Windows: the Windows Installer Service temporary folder has weak permissions, enabling local privilege escalation. Affected versions are 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1; non-vulnerable/End of Technical Support versions are...

PT-2021-19541 · Mcafee · Mcafee Agent For Windows

Name of the Vulnerable Software and Affected Versions: McAfee Agent for Windows versions prior to 5.7.3 Description: The issue is related to improper privilege management, allowing a local user to modify event information in the MA event folder. This enables the user to add false events or remove...

Advantech WebAccess Node has a Logic Flaw Vulnerability

Advantech WebAccess Node is a software for monitoring PLCs and other devices from Advantech in Taiwan, China. The product can realize real-time control of equipment status by monitoring PLC and other devices. A logic flaw vulnerability exists in Advantech WebAccess Node. An attacker can exploit...

CVE-2020-9452

An issue was discovered in Acronis True Image 2020 24.5.22510. antiransomwareservice.exe includes functionality to quarantine files by copying a suspected ransomware file from one directory to another using SYSTEM privileges. Because unprivileged users have write permissions in the quarantine...

FusionPBX Path Traversal Vulnerability (CNVD-2021-36593)

FusionPBX is a scalable, multi-threaded communications platform. The platform can be used as a call center server, fax server, VOIP server, voicemail server, conference server and voice application server. FusionPBX 4.5.7 suffers from a path traversal vulnerability that allows remote malicious...

Directory traversal

Directory Traversal vulnerability exists in FusionPBX 4.5.7, which allows a remote malicious user to create folders via the folder variale to app\edit\foldernew.php...

Directory traversal

A Directory Traversal vulnerability exists in FusionPBX 4.5.7 allows malicoius users to rename any file of the system.via the 1 folder, 2 filename, and 3 newfilename variables in app\edit\filerename.php...

CVE-2020-21057

Directory Traversal vulnerability in FusionPBX 4.5.7, which allows a remote malicious user to delete folders on the system via the folder variable to app/edit/folderdelete.php...

FusionPBX 路径遍历漏洞

FusionPBX is a scalable, multi-threaded communications platform. The platform can be used as a call center server, fax server, VOIP server, voicemail server, conference server and voice application server. A security vulnerability exists in FusionPBX 4.5.7 that allows a remote malicious user to...

openSUSE Security Update : syncthing (openSUSE-2021-688)

"This update for syncthing fixes the following issues : Update to 1.15.0/1.15.1 - This release fixes a vulnerability where Syncthing and the relay server can crash due to malformed relay protocol messages CVE-2021-21404 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

CVE-2021-28649

An incorrect permission vulnerability in the product installer for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a...

Ivanti Avalanche目录遍历漏洞

SSD Advisory – Ivanti Avalanche Directory Traversal May 11, 2021 SSD Disclosure / Technical Lead Uncategorized TL;DR Find out how a directory traversal vulnerability in Ivanti Avalanche allows remote unauthenticated user to access files that reside outside the ‘image’ folder. Vulnerability Summar...

CVE-2021-27613

SAP Business One Chef cookbook (versions 9.2, 9.3, 10.0) contains an information-disclosure vulnerability related to an insecure temporary folder used for payroll data. The issue could allow access to restricted information, impacting confidentiality, integrity, and availability. The connected do...