WinGate 9.4.1.5998 - Insecure Folder Permissions

Exploit Title: WinGate 9.4.1.5998 - Insecure Folder Permissions Date: 2020-06-05 Exploit Author: hyp3rlinx Vendor Homepage: https://www.wingate.com Version: 9.4.1.5998 CVE: CVE-2020-13866 + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

June 9, 2020—KB4561666 (Monthly Rollup)

June 9, 2020—KB4561666 Monthly Rollup IMPORTANT We have been evaluating the public health situation, and we understand this is impacting our customers. In response to these challenges, we are prioritizing our focus on security updates. Starting in May 2020, we are pausing all optional non-securit...

June 9, 2020—KB4561621 (OS Build 17134.1550)

June 9, 2020—KB4561621 OS Build 17134.1550 IMPORTANT We have been evaluating the public health situation, and we understand this is impacting our customers. In response to these challenges, we are prioritizing our focus on security updates. Starting in May 2020, we are pausing all optional...

CVE-2020-13834

An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 with TEEGRIS software. Secure Folder does not properly restrict use of Android Debug Bridge adb for arbitrary installations. The Samsung ID is SVE-2020-17369 June 2020...

CVE-2020-13834

An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 with TEEGRIS software. Secure Folder does not properly restrict use of Android Debug Bridge adb for arbitrary installations. The Samsung ID is SVE-2020-17369 June 2020...

CVE-2020-13834

Technical details (affected product/version, root cause, impact, fixes) are not publicly available in the provided connected documents; monitor for updates.

Mail.ru: Private file read through file attachment

my.com MyMail application for Android could be tricked by malicious local application selected as a file picker by user to copy the file from application folder to insecure location...

Design/Logic Flaw

In SmartDraw 2020 27.0.0.0, the installer gives inherited write permissions to the Authenticated Users group on the SmartDraw 2020 installation folder. Additionally, when the product is installed, two scheduled tasks are created on the machine, SDMsgUpdate Local and SDMsgUpdate TE. The scheduled...

April 25, 2019—KB4493437 (OS Build 17134.753)

April 25, 2019—KB4493437 OS Build 17134.753 Reminder: March 12th and April 9th will be the last two Delta updates for Windows 10, version 1803. Security and quality updates will continue to be available via the express and full cumulative update packages. For more information on this change pleas...

CVE-2020-1132

An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles file and folder links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'...

CVE-2020-1132

An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles file and folder links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'...

Emerson OpenEnterprise Rights Mismanagement Vulnerability

Emerson Electric OpenEnterprise is a data acquisition and monitoring system SCADA from Emerson Electric, primarily for remote oil and gas applications. A security vulnerability exists in Emerson Electric OpenEnterprise 3.3.4 and prior versions, which arises from the program setting insecure...

Description of the Office 2010 update: September 13, 2011

Description of the Office 2010 update: September 13, 2011 INTRODUCTION Microsoft has released an update for Microsoft Office 2010. This update provides the latest fixes for the 32-bit and the 64-bit editions of Office 2010. Additionally, this update contains stability and performance improvements...

The vulnerability of the Work Folder Service in Windows operating systems allows a perpetrator to escalate their privileges.

The vulnerability of the Work Folder Service service in Windows operating systems is related to improper handling of file operations. Exploiting this vulnerability can allow an attacker to enhance their privileges through a specially created application...

HTTP Suspicious Linux Etc Paths (CVE-2020-13448)

Linux sub-directory etc is a folder which contain all your system configuration file. A remote attacker may create a malicious HTTP request to obtain sensitive information...

CVE-2020-5896

CVE-2020-5896 affects BIG-IP Edge Client for Windows. The Windows Installer Service’s temporary folder in versions 7.1.5–7.1.9 has weak file/folder permissions, enabling potential privilege escalation. Advisory details indicate that signed executables and MSI files could be executed from the temp...

CVE-2020-5896

On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Service's temporary folder has weak file and folder permissions...

[SECURITY] Fedora 30 Update: roundcubemail-1.4.4-1.fc30

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

[SECURITY] Fedora 32 Update: roundcubemail-1.4.4-1.fc32

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

CVE-2020-5343

Dell Client platforms restored using a Dell OS recovery image downloaded before December 20, 2019, may contain an insecure inherited permissions vulnerability. A local authenticated malicious user with low privileges could exploit this vulnerability to gain unauthorized access on the root folder...