Micro Focus Operations Bridge Manager Local Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Micro Focus Operations Bridge Manager Local Privilege Escalation', 'Description' = %q This module exploits an incorrectly permissioned folder in...

CVE-2020-28392

A vulnerability has been identified in SIMARIS configuration All versions V4.0.1. During installation to default target folder, incorrect permissions are configured for the application folder and subfolders which could allow an attacker to gain persistence or potentially escalate privileges shoul...

Default configuration

A vulnerability has been identified in SIMARIS configuration All versions V4.0.1. During installation to default target folder, incorrect permissions are configured for the application folder and subfolders which could allow an attacker to gain persistence or potentially escalate privileges shoul...

CVE-2021-3394

Millennium Millewin also known as "Cartella clinica" 13.39.028, 13.39.28.3342, and 13.39.146.1 has insecure folder permissions allowing a malicious user for a local privilege escalation...

CVE-2021-3394

Millennium Millewin also known as "Cartella clinica" 13.39.028, 13.39.28.3342, and 13.39.146.1 has insecure folder permissions allowing a malicious user for a local privilege escalation...

Privilege escalation

Millennium Millewin also known as "Cartella clinica" 13.39.028, 13.39.28.3342, and 13.39.146.1 has insecure folder permissions allowing a malicious user for a local privilege escalation...

CVE-2021-3394

Millennium Millewin also known as "Cartella clinica" 13.39.028, 13.39.28.3342, and 13.39.146.1 has insecure folder permissions allowing a malicious user for a local privilege escalation...

CVE-2021-3394

CVE-2021-3394 affects Millennium Millewin (Cartella clinica) versions 13.39.028, 13.39.28.3342 and 13.39.146.1. The issue is caused by insecure folder permissions, enabling a local attacker to escalate privileges, with the related risk class corroborated by unquoted service path conditions noted ...

Owncloud 安全漏洞

Owncloud ownCloud is a set of personal cloud storage solutions from the American company ownCloud Owncloud. A security vulnerability exists in versions of OwnCloud prior to 0.15.2, which originates when a user creates a public link to a folder where an anonymous user uploads a file, and another...

Digital Publications by Supsystic < 1.6.12 - Authenticated Path Traversal

The "Folder" tab under "Publications" is vulnerable to path traversal and exposes limited information, for example, the user can gain information regarding images stored in outside of the WordPress blog, ie, home directories. Enter the following payload into the "Folder" input field of a...

Digital Publications by Supsystic < 1.6.12 - Authenticated Path Traversal

The "Folder" tab under "Publications" is vulnerable to path traversal and exposes limited information, for example, the user can gain information regarding images stored in outside of the WordPress blog, ie, home directories. PoC Enter the following payload into the "Folder" input field of a...

Trojan-Spy.Win32.WebCenter.a Information Disclosure

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/e3cf225a94c6be5a26fc21a1ec83f418.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Spy.Win32.WebCenter.a Vulnerability: Information Disclosure Description: The trojan creates a...

Millewin 13.39.146.1 - Local Privilege Escalation Vulnerability

Exploit Title: Millewin 13.39.146.1 - Local Privilege Escalation Author: Andrea Intilangelo Vendor Homepage: https://www.millewin.it Software Homepage: https://www.millewin.it/index.php/prodotti/millewin Software Link: https://download.millewin.it/files/Millewin/setup/InstMilleDemo13.392019PS.exe...

Luxion KeyShot 路径遍历漏洞

Luxion KeyShot is a software for designing photos of 3D scenes from Luxion USA. The software enables a real-time 3D rendering workflow that displays results immediately and reduces the time required to create photorealistic product photos. A path traversal vulnerability exists in the Luxion KeySh...

CVE-2020-29582

In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions...

Code injection

In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions...

CVE-2020-29582

In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions...

CVE-2020-29582

CVE-2020-29582 : In JetBrains Kotlin prior to 1.4.21, a vulnerable Java API was used for temporary file and folder creation, enabling an attacker to read data from those files and list directories due to insecure permissions. Affected product: Kotlin/JetBrains Kotlin (pre-1.4.21). Root cause: ins...

CVE-2020-29582

In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions...

(0Day) Microsoft Windows PowerShell Shell Handler Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the shell handle...