CVE-2020-11601

An issue was discovered on Samsung mobile devices with P9.0 and Q10.0 software. There is unauthorized access to applications in the Secure Folder via floating icons. The Samsung ID is SVE-2019-16195 April 2020...

CVE-2020-11606

An issue was discovered on Samsung mobile devices with Q10.0 software. Information about application preview in the Secure Folder leaks on a locked device. The Samsung ID is SVE-2019-16463 April 2020...

CVE-2020-11606

An issue was discovered on Samsung mobile devices with Q10.0 software. Information about application preview in the Secure Folder leaks on a locked device. The Samsung ID is SVE-2019-16463 April 2020...

CVE-2020-11601

An issue was discovered on Samsung mobile devices with P9.0 and Q10.0 software. There is unauthorized access to applications in the Secure Folder via floating icons. The Samsung ID is SVE-2019-16195 April 2020...

Code injection

An issue was discovered on Samsung mobile devices with P9.0 and Q10.0 software. There is unauthorized access to applications in the Secure Folder via floating icons. The Samsung ID is SVE-2019-16195 April 2020...

Information disclosure

An issue was discovered on Samsung mobile devices with Q10.0 software. Information about application preview in the Secure Folder leaks on a locked device. The Samsung ID is SVE-2019-16463 April 2020...

Secdo: Privilege escalation via hardcoded script path

Secdo tries to execute a script at a hardcoded path if present, which allows a local authenticated user with 'create folders or append data' access to the root of the OS disk C:\ to gain system privileges if the path does not already exist or is writable. This issue affects all versions of Secdo...

CVE-2020-11606

An issue was discovered on Samsung mobile devices with Q10.0 software. Information about application preview in the Secure Folder leaks on a locked device. The Samsung ID is SVE-2019-16463 April 2020...

CVE-2020-11606

The CVE-2020-11606 entry concerns Samsung mobile devices running Q (10.0). Affected component is information exposure within the Secure Folder’s application preview on a locked device, leading to partial confidentiality impact. The root cause and exact vulnerable code path are not detailed in the...

CVE-2020-11601

An issue was discovered on Samsung mobile devices with P9.0 and Q10.0 software. There is unauthorized access to applications in the Secure Folder via floating icons. The Samsung ID is SVE-2019-16195 April 2020...

CVE-2020-11601

CVE-2020-11601 affects Samsung mobile devices running P (9.0) and Q (10.0). The issue enables unauthorized access to applications in the Secure Folder via floating icons. Connected sources corroborate the Secure Folder access problem (Samsung ID SVE-2019-16195). No concrete root cause, affected c...

CVE-2020-1984

Secdo tries to execute a script at a hardcoded path if present, which allows a local authenticated user with ‘create folders or append data’ access to the root of the OS disk C: to gain system privileges if the path does not already exist or is writable. This issue affects all versions of Secdo f...

CVE-2020-7613

clamscan through 1.2.0 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the isclamavbinary function located within Index.js. It should be noted that this vulnerability requires a pre-requisite that a folder should be created with the same command that wil...

Unspecified vulnerability in CIPPlanner CIPAce (CNVD-2020-21817)

CIPPlanner CIPAce is a suite of business process automation and application development platforms from the US-based CIPPlanner. A security vulnerability exists in CIPPlanner CIPAce version 9.1 Build 2019092801. An attacker can exploit the vulnerability by sending an API request to obtain the uplo...

CVE-2020-11595

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the upload folder path that includes the hostname in a UNC path...

Path traversal

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the upload folder path that includes the hostname in a UNC path...

CVE-2020-11595

An unauthenticated attacker can invoke the CIPPlanner CIPAce 9.1 Build 2019092801 API and obtain an upload folder path that reveals the hostname in a UNC path, indicating information disclosure via the API endpoint handling uploads. Affected product: CIPPlanner CIPAce (9.1, build 2019092801). Roo...

CVE-2020-11595

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the upload folder path that includes the hostname in a UNC path...

Memu Play 7.1.3 Insecure Folder Permissions

Exploit Title: Memu Play 7.1.3 - Insecure Folder Permissions Discovery by: chuyreds Discovery Date: 2020-03-08 Vendor Homepage: https://www.memuplay.com/ Software Link : https://www.memuplay.com/download-en.php?filename=Memu-Setup&from=officialrelease Tested Version: 7.1.3 Vulnerability Type: Loc...

CVE-2020-11450

Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. An attacker could use this vulnerability to learn more about the environment the application is running in. This issue has been...