CVE-2019-10679

Thomson Reuters Eikon 4.0.42144 allows all local users to modify the service executable file because of weak %PROGRAMFILESX86%\Thomson Reuters\Eikon permissions...

BarracudaDrive v6.5 - Insecure Folder Permissions

Exploit Title: BarracudaDrive v6.5 - Insecure Folder Permissions Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec CVE ID: N/A Date: 2020-09-01 Vendor Homepage: https://barracudaserver.com/ Software Link: https://download.cnet.com/BarracudaDrive/3001-185064-10723210.html Version: v6.5 Tested...

GHSA-8HQ2-FCQM-39HQ Malicious Package in rimrafall

Version 1.0.0 of rimrafall contains malicious code as a preinstall script. The package attempts to remove all files in the system's root folder. Recommendation If you installed this package it is likely your machine was erased. If not, remove the package from your system and verify if any files...

CVE-2020-24955

SUPERAntiSyware Professional X Trial 10.0.1206 is vulnerable to local privilege escalation because it allows unprivileged users to restore a malicious DLL from quarantine into the system32 folder via an NTFS directory junction, as demonstrated by a crafted ualapi.dll file that is detected as...

CVE-2020-24559

A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute arbitrary code as roo...

CVE-2020-24557

A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function and attain privilege escalation. An attacker must first...

CVE-2020-24557

A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function and attain privilege escalation. An attacker must first...

Trend Micro Apex One elevation of privilege vulnerability (CNVD-2020-52195)

Trend Micro Apex One is an endpoint protection solution that offers the broadest range of protection capabilities, including high-accuracy machine learning and advanced ransomware protection. An elevation of privilege vulnerability exists in the logic that controls access to the Misc folder in th...

CVE-2020-12644

OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API...

CVE-2020-12644

OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API...

Server side request forgery (ssrf)

OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API...

CVE-2020-12644

CVE-2020-12644 affects OX App Suite 7.10.3 and earlier. The issue is a server-side request forgery (SSRF) related to the mail account API and the /folder/list endpoint, enabling network-access from the vulnerable system. CVSS data indicates a Network attack vector with Low complexity and Privileg...

CVE-2020-12644

OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API...

Trend Micro Apex One Improper Access Control Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the ApexOne...

Information Disclosure

jenkins-jira-plugin is vulnerable to information disclosure. The scope for per-folder Jira site definitions is not properly declared, allowing users to select and use credentials with System scope...

The vulnerability of the “Public Account Pictures” component in Windows operating systems allows a perpetrator to execute arbitrary code with elevated privileges.

The vulnerability of the “Public Account Pictures” component in Windows operating systems is related to errors in handling transitions between folders. Exploiting this vulnerability allows an attacker to execute arbitrary code with elevated privileges by running a specially created program...

The vulnerability of the Work Folder Service in Windows operating systems arises from improper handling of file operations, which allows attackers to exploit their privileges.

The vulnerability of the Work Folder Service in Windows operating systems is related to improper handling of file operations. Exploiting this vulnerability can allow a remote attacker to increase their privileges by running a specially created application...

jenkins-jira-plugin: plugin information disclosure

Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct folder scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope...

The vulnerability of Windows operating system’s folder service allows a hacker to increase their privileges.

The vulnerability of Windows operating system’s folder service is related to errors in file handling operations. Exploiting this vulnerability can allow an attacker to gain increased privileges...

Denial Of Service (DoS)

chrony is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writin...