CVE-2020-13953

In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an attacker can download files inside the WEB-INF folder of the WAR being run...

CVE-2020-21244

An issue was discovered in FrontAccounting 2.4.7. There is a Directory Traversal vulnerability that can empty folder via admin/instlang.php...

ActFax Privilege Control Vulnerability

ActFax is a fax server software of Austria ActiveFax, ActiveFax can make your computer into a virtual fax machine, realize the transmission of fax and Email in Windows and UNIX applications at will, suitable for all sizes of network and stand-alone use. A security vulnerability exists in ActFax...

CVE-2020-15843

ActFax Version 7.10 Build 0335 2020-05-25 is susceptible to a privilege escalation vulnerability due to insecure folder permissions on %PROGRAMFILES%\ActiveFax\Client, %PROGRAMFILES%\ActiveFax\Install\ and %PROGRAMFILES%\ActiveFax\Terminal. The folder permissions allow "Full Control" to...

CVE-2020-15843

ActFax Version 7.10 Build 0335 2020-05-25 is susceptible to a privilege escalation vulnerability due to insecure folder permissions on %PROGRAMFILES%\ActiveFax\Client, %PROGRAMFILES%\ActiveFax\Install\ and %PROGRAMFILES%\ActiveFax\Terminal. The folder permissions allow "Full Control" to...

Privilege escalation

ActFax Version 7.10 Build 0335 2020-05-25 is susceptible to a privilege escalation vulnerability due to insecure folder permissions on %PROGRAMFILES%\ActiveFax\Client, %PROGRAMFILES%\ActiveFax\Install\ and %PROGRAMFILES%\ActiveFax\Terminal. The folder permissions allow "Full Control" to...

CVE-2020-15843

ActFax Version 7.10 Build 0335 2020-05-25 is susceptible to a privilege escalation vulnerability due to insecure folder permissions on %PROGRAMFILES%\ActiveFax\Client, %PROGRAMFILES%\ActiveFax\Install\ and %PROGRAMFILES%\ActiveFax\Terminal. The folder permissions allow "Full Control" to...

CVE-2020-15843

ActFax Version 7.10 Build 0335 (2020-05-25) is affected by a privilege-escalation vulnerability caused by insecure folder permissions on %PROGRAMFILES%\ActiveFax\Client, %PROGRAMFILES%\ActiveFax\Install, and %PROGRAMFILES%\ActiveFax\Terminal. The permissions grant Full Control to Everyone, enabli...

Exploit for CVE-2020-1472

CVE-2020-1472 CVE 2020-1472 Script de validación Assumption:...

Coditor <= 1.1 - Arbitrary File Edition, Deletion and Internal Directory Listing in wp-content

The coditorprocessajax AJAX call is missing any CSRF and authorisation checks, allowing low privilege users subscriber+ to read and edit any files in the wp-content folder, as well as list its content. PoC The PoC will be displayed once the issue has been remediated...

WordPress JobMonster premium theme <= 4.6.6 - Directory Listing in Upload Folder vulnerability

Directory Listing in Upload Folder vulnerability found by Daniel Ruf in WordPress JobMonster premium theme versions = 4.6.6. Solution Update the WordPress JobMonster premium theme to the latest available version at least 4.6.6.1...

JobMonster < 4.6.6.1 - Directory Listing in Upload Folder

The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. This could expose personal data such as people's resumes. Although Directory Listing can be prevented by securely configuring the we...

SCADAPack Remote Connect Authorization Issues Vulnerability

SCADAPack is a Schneider-electric intelligent field controller that combines the monitoring and communication capabilities of a Remote Terminal Unit RTU with the processing and data logging capabilities of a Programmable Logic Controller PLC to provide superior functionality for remote processes...

McAfee MVISION Endpoint Access Control Error Vulnerability

McAfee MVISION Endpoint is a set of endpoint security protection software from the U.S. company McAfee McAfee. The software provides enhanced threat detection and correction for Windows systems. Access Control Error Vulnerability in Windows McAfee MVISION Endpoint before version 20.9. The...

McAfee Agent Elevation of Privilege Vulnerability

McAfee Agent MA is a set of client components from McAfee, Inc. that provides secure communications between ePolicy Orchestrator antivirus management platform and managed products. An elevation of privilege vulnerability exists in McAfee Agent. The vulnerability stems from an incorrect programmat...

CVE-2020-7324

Improper Access Control vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to bypass security mechanisms and deny access to the SYSTEM folder via incorrectly applied permissions...

CVE-2020-7324 Improper Access Control vulnerability in MVISION Endpoint

Improper Access Control vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to bypass security mechanisms and deny access to the SYSTEM folder via incorrectly applied permissions...

The vulnerability of the Work Folder Service in Windows operating systems allows a perpetrator to escalate their privileges.

The vulnerability of the Work Folder Service service in Windows operating systems is related to improper handling of file operations. Exploiting this vulnerability can allow an attacker to enhance their privileges through a specially created application...

BarracudaDrive v6.5 - Insecure Folder Permissions Vulnerability

Exploit Title: BarracudaDrive v6.5 - Insecure Folder Permissions Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Vendor Homepage: https://barracudaserver.com/ Software Link: https://download.cnet.com/BarracudaDrive/3001-185064-10723210.html Version: v6.5 Tested On: Windows 10 Pro CVSS Base...

GHSA-G9WF-393Q-4W38 Malicious Package in only-test-not-install

All versions of only-test-not-install contain malicious code. The package deletes the folder /test from the system as a postinstall script. Recommendation Remove the package from your environment. There are no further signs of compromise...