CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

exploitpack•added 2020/02/14 12:0 a.m.•42 views

HomeGuard Pro 9.3.1 - Insecure Folder Permissions

HomeGuard Pro 9.3.1 - Insecure Folder Permissions Exploit Title: HomeGuard Pro 9.3.1 - Insecure Folder Permissions Exploit Author: boku Date: 2020-02-13 Vendor Homepage: https://veridium.net Software Link: https://veridium.net/filesu/hg-pro/exe/HomeGuardPro-Setup.exe Version 9.3.1 Tested On:...

7.4AI score

Exploit DB•added 2020/02/14 12:0 a.m.•190 views

HomeGuard Pro 9.3.1 - Insecure Folder Permissions

7.4AI score

Packet Storm•added 2020/02/13 12:0 a.m.•115 views

OpenTFTP 1.66 Local Privilege Escalation

Exploit Title: OpenTFTP 1.66 - Local Privilege Escalation Exploit Author: boku Date: 2020-02-12 Vendor Homepage: https://sourceforge.net/projects/tftp-server/ Software Link: https://sourceforge.net/projects/tftp-server/files/tftp%20server%20single%20port/OpenTFTPServerSPInstallerV1.66.exe/downloa...

0.4AI score

exploitpack•added 2020/02/13 12:0 a.m.•37 views

OpenTFTP 1.66 - Local Privilege Escalation

OpenTFTP 1.66 - Local Privilege Escalation Exploit Title: OpenTFTP 1.66 - Local Privilege Escalation Exploit Author: boku Date: 2020-02-12 Vendor Homepage: https://sourceforge.net/projects/tftp-server/ Software Link:...

0.4AI score

Cvelist•added 2020/02/12 8:0 p.m.•25 views

CVE-2020-8950

The AUEPLauncher service in Radeon AMD User Experience Program Launcher through 1.0.0.1 on Windows allows elevation of privilege by placing a crafted file in %PROGRAMDATA%\AMD\PPC\upload and then creating a symbolic link in %PROGRAMDATA%\AMD\PPC\temp that points to an arbitrary folder with an...

7.7AI score0.00994EPSS

Exploits1References2

0day.today•added 2020/02/12 12:0 a.m.•58 views

MyVideoConverter Pro 3.14 - (Output Folder) Buffer Overflow Exploit

Exploit Title: MyVideoConverter Pro 3.14 - 'Output Folder' Buffer Overflow Exploit Author : ZwX Vendor Homepage : http://www.ivideogo.com/ Tested on OS: Windows 10 v1803 Social: twitter.com/ZwX2a Steps to Reproduce: 1. Run the python exploit script, it will create a new file with the name...

0.2AI score

FreeBSD•added 2020/02/12 12:0 a.m.•40 views

ansible - win_unzip path normalization

Borja Tarraso reports: A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the winunzip module as the extracted files are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by...

7.8CVSS4.1AI score0.00362EPSS

Exploits0References5

IBM Security Bulletins•added 2020/02/11 7:25 p.m.•10 views

Security Bulletin: WebSphere Dashboard Framework contains a vulnerability that allows file access and deletion.

Summary WebSphere Dashboard Framework contains a vulerability in a charting feature used to access and delete generated images in a temporary folder. A fix has been created that removes the vulnerability. Vulnerability Details WebSphere Dashboard Framework contains a vulnerability in a charting...

5.8CVSS0.9AI score0.0118EPSS

Exploits0Affected Software1

CNVD•added 2020/02/11 12:0 a.m.•2 views

Rumpus FTP Web File Manager Cross-Site Request Forgery Vulnerability (CNVD-2020-04662)

Rumpus FTP Web File Manager is a file transfer server. A cross-site request forgery vulnerability exists in the folder settings feature of Web File Manager in Rumpus FTP version 8.2.9.1. The vulnerability stems from the WEB application not adequately verifying that requests are coming from a...

6.5CVSS6.9AI score0.00435EPSS

Exploits0References1

Veeam•added 2020/02/11 12:0 a.m.•52 views

Manually moving backup files between Scale-Out Backup Repository extents

Extent Rebalance is Now Built-In to Veeam Backup & Replication This article was written prior to the release of Veeam Backup & Replication 12. While the procedure may still work in Veeam Backup & Replication 12 and higher, we strongly advise you to instead consider using the built-in rebalancing...

6.4AI score

Exploits0Affected Software2

NVD•added 2020/02/10 9:53 p.m.•26 views

CVE-2019-6744

This vulnerability allows local attackers to disclose sensitive information on affected installations of Samsung Knox 1.2.02.39 on Samsung Galaxy S9 build G9600ZHS3ARL1 Secure Folder. An attacker must first obtain physical access to the device in order to exploit this vulnerability. The specific...

4.3CVSS3.9AI score0.00364EPSS

OSV•added 2020/02/10 9:53 p.m.•5 views

CVE-2019-6744

4.3CVSS5.7AI score0.00364EPSS

Prion•added 2020/02/10 9:53 p.m.•16 views

Design/Logic Flaw

2.1CVSS3.9AI score0.00364EPSS

Cvelist•added 2020/02/10 7:15 p.m.•21 views

CVE-2019-6744

4.3CVSS3.9AI score0.00364EPSS

CVE•added 2020/02/10 7:15 p.m.•71 views

CVE-2019-6744

CVE-2019-6744 affects Samsung Knox 1.2.02.39 on Samsung Galaxy S9 (Secure Folder). Root cause: improper validation in the lock-screen handling that fails to confirm proper user authentication, allowing a local attacker to disclose contents of the secure container. Public coordinated disclosures r...

4.3CVSS3.9AI score0.00364EPSS

OSV•added 2020/02/10 4:15 p.m.•4 views

CVE-2019-19663

A CSRF vulnerability exists in the Folder Sets Settings of Web File Manager in Rumpus FTP 8.2.9.1. This allows an attacker to Create/Delete Folders after exploiting it at RAPR/FolderSetsSet.html...

6.5CVSS6.6AI score0.00435EPSS

Prion•added 2020/02/10 4:15 p.m.•16 views

Cross site request forgery (csrf)

A CSRF vulnerability exists in the Folder Sets Settings of Web File Manager in Rumpus FTP 8.2.9.1. This allows an attacker to Create/Delete Folders after exploiting it at RAPR/FolderSetsSet.html...

5.8CVSS6.4AI score0.00435EPSS

CVE•added 2020/02/10 3:54 p.m.•49 views

CVE-2019-19663

CVE-2019-19663 concerns the Web File Manager’s Folder Sets Settings in Rumpus FTP 8.2.9.1. The issue is a Cross-Site Request Forgery (CSRF) vulnerability in the Folder Sets Settings page (RAPR/FolderSetsSet.html) that enables an attacker to create or delete folders. The affected product is Rumpus...

6.5CVSS6.4AI score0.00435EPSS