Microsoft IIS Tilde Character Short File/Folder Name Disclosure

Microsoft Internet Information Server IIS suffers from a vulnerability which allows the detection of short names of files and directories which have en equivalent in the 8.3 version of the file naming scheme. By crafting specific requests containing the tilde '' character, an attacker could...

CVE-2020-3961

VMware Horizon Client for Windows prior to 5.4.3 contains a privilege escalation vulnerability due to folder permission configuration and unsafe loading of libraries. A local user on the system where the software is installed may exploit this issue to run commands as any user...

CVE-2020-3961

VMware Horizon Client for Windows prior to 5.4.3 contains a privilege escalation vulnerability due to folder permission configuration and unsafe loading of libraries. A local user on the system where the software is installed may exploit this issue to run commands as any user...

Privilege escalation

VMware Horizon Client for Windows prior to 5.4.3 contains a privilege escalation vulnerability due to folder permission configuration and unsafe loading of libraries. A local user on the system where the software is installed may exploit this issue to run commands as any user...

CVE-2020-3961

CVE-2020-3961 affects VMware Horizon Client for Windows (before 5.4.3). The root cause is a privilege-escalation flaw caused by folder permission configuration and unsafe loading of libraries, enabling a local user to execute commands with higher privileges. Multiple sources confirm the vulnerabl...

Cross-Site Scripting(XSS)

WordPress is vulnerable to cross-site scripting XSS. The vulnerability exists due to the failure to sanitize the name of the theme folder in /wp-admin on the themes page when the admin uploads the theme...

May 29, 2019—KB4497935 (OS Build 18362.145)

May 29, 2019—KB4497935 OS Build 18362.145 Improvements and fixes This update includes quality improvements. Key changes include: Addresses an issue in which Device-S4 may be applied unexpectedly while the system is using AC power. For more information, see Device-S4 may be applied unexpectedly...

CVE-2020-4049

In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. This does require an admin to upload the theme, and is low severity self-XSS. This has been patched in version...

CVE-2020-4049

In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. This does require an admin to upload the theme, and is low severity self-XSS. This has been patched in version...

Artica Pandora FMS Code Issue Vulnerability (CNVD-2020-32914)

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A code issue vulnerability exists in the File Manager feature in Artica Pandora FMS version 7.44. An attacker can exploit...

SmarterMail 16 - Arbitrary File Upload Exploit

Exploit for multiple platform in category web applications Exploit Title: SmarterMail 16 - Arbitrary File Upload Google Dork: inurl:/interface/root Exploit Author: vvhack.org Vendor Homepage: https://www.smartertools.com Software Link: https://www.smartertools.com Version: 16.x Tested on: Windows...

CVE-2020-11613

Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulnerability due to default and insecure permissions being set for the installation folder. By default, the Authenticated Users group has Modify permissions to the installation folder. Because of this, any user on the system can...

Privilege escalation

Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulnerability due to default and insecure permissions being set for the installation folder. By default, the Authenticated Users group has Modify permissions to the installation folder. Because of this, any user on the system can...

CVE-2020-13850

Artica Pandora FMS 7.44 has inadequate access controls on a web folder...

CVE-2020-13850

Artica Pandora FMS 7.44 has inadequate access controls on a web folder...

Design/Logic Flaw

Artica Pandora FMS 7.44 has inadequate access controls on a web folder...

CVE-2020-13850

Pandora FMS (Artica Pandora FMS) 7.44 contains an inadequate access control flaw in the Pandora Console web folder (CVE-2020-13850) that enables directory listing and exposure of sensitive files (e.g., logs and uploaded content) via direct URLs such as /pandora_console/*. The CoreLabs advisory do...

Spoofing

DLL Search Order Hijacking Vulnerability in the installer component of McAfee Host Intrusion Prevention System Host IPS for Windows prior to 8.0.0 Patch 15 Update allows attackers with local access to execute arbitrary code via execution from a compromised folder...

CVE-2020-7279 DLL search order hijacking in Host IPS

DLL Search Order Hijacking Vulnerability in the installer component of McAfee Host Intrusion Prevention System Host IPS for Windows prior to 8.0.0 Patch 15 Update allows attackers with local access to execute arbitrary code via execution from a compromised folder...

CVE-2019-3613

DLL Search Order Hijacking vulnerability in McAfee Agent MA prior to 5.6.4 allows attackers with local access to execute arbitrary code via execution from a compromised folder...