CVE-2019-13069

extenua SilverSHielD 6.x fails to secure its ProgramData folder, leading to a Local Privilege Escalation to SYSTEM. The attacker must replace SilverShield.config.sqlite with a version containing an additional user account, and then use SSH and port forwarding to reach a 127.0.0.1 service...

Privilege escalation

extenua SilverSHielD 6.x fails to secure its ProgramData folder, leading to a Local Privilege Escalation to SYSTEM. The attacker must replace SilverShield.config.sqlite with a version containing an additional user account, and then use SSH and port forwarding to reach a 127.0.0.1 service...

CVE-2019-13069

CVE-2019-13069 affects Extenua SilverSHielD 6.x. Local Privilege Escalation occurs by exploiting unsecured ProgramData folder; attacker must replace SilverShield.config.sqlite with a version including an extra user account, then use SSH and port forwarding to reach a 127.0.0.1 service, enabling S...

CVE-2019-13069

extenua SilverSHielD 6.x fails to secure its ProgramData folder, leading to a Local Privilege Escalation to SYSTEM. The attacker must replace SilverShield.config.sqlite with a version containing an additional user account, and then use SSH and port forwarding to reach a 127.0.0.1 service...

Microsoft Windows 10 AppXSvc Deployment Service - Arbitrary File Deletion

Microsoft Windows 10 AppXSvc Deployment Service - Arbitrary File Deletion / Author : Abdelhamid Naceri Discovered On : 13/08/2019 Description : An Elevation Of Privileges Exist when the microsoft AppXSvc Deployment Service Cannot Properly Handle The Folder Junction lead to an arbitrary file...

KDE KDesktopFile Command Injection

A command injection vulnerability exists in KDesktopFile class. A remote attacker could exploit this vulnerability by sending a crafted compressed folder to an affected client...

CVE-2019-14794

The Meta Box plugin before 4.16.2 for WordPress mishandles the uploading of files to custom folders...

CVE-2019-7925

An insecure direct object reference IDOR vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an administrator with limited privileges to delete the downloadable products folder...

CVE-2019-7925

An insecure direct object reference IDOR vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an administrator with limited privileges to delete the downloadable products folder...

Design/Logic Flaw

An insecure direct object reference IDOR vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an administrator with limited privileges to delete the downloadable products folder...

The vulnerability of the Windows Shell component in operating systems allows attackers to increase their privileges.

The vulnerability of the Windows Shell component in operating systems is related to deficiencies in the checking of folder shortcuts. Exploiting this vulnerability can allow an attacker to increase their privileges...

CVE-2019-5444

Path traversal vulnerability in version up to v1.1.3 in serve-here.js npm module allows attackers to list any file in arbitrary folder...

CVE-2019-5444

Path traversal vulnerability in version up to v1.1.3 in serve-here.js npm module allows attackers to list any file in arbitrary folder...

Malicious Package

Overview All versions of malicious-do-not-install contain malicious code. The package copies the contents of /etc/passwd and /etc/shadow to files in the local /tmp/ folder. Recommendation Remove the package from your environment and rotate affected credentials. References GitHub Advisory...

Moderate: Red Hat Security Advisory: python-novajoin security and bug fix update

An update for python-novajoin is now available for Red Hat OpenStack Platform 13.0 Queens. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2019-13142

The RzSurroundVADStreamingService RzSurroundVADStreamingService.exe in Razer Surround 1.1.63.0 runs as the SYSTEM user using an executable located in %PROGRAMDATA%\Razer\Synapse\Devices\Razer Surround\Driver. The DACL on this folder allows any user to overwrite contents of files in this folder,...

CVE-2019-13142

The RzSurroundVADStreamingService RzSurroundVADStreamingService.exe in Razer Surround 1.1.63.0 runs as the SYSTEM user using an executable located in %PROGRAMDATA%\Razer\Synapse\Devices\Razer Surround\Driver. The DACL on this folder allows any user to overwrite contents of files in this folder,...

Insecure Access Controls

nuget package manager uses insecure access controls. An authenticated attacker is able to tamper and modify contents of the intermediate build folder obj...

PT-2019-6133 · Docker · Docker Desktop Community Edition +1

Name of the Vulnerable Software and Affected Versions: Docker Desktop Community Edition versions prior to 2.1.0.1 Description: The issue is related to incorrect permission assignment for the docker-credential-wincred.exe file in the %PROGRAMDATA%DockerDesktopversion-bin folder. This could allow a...

CVE-2017-8404

An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the POST parameters passed in this request to test if email credentials and hostname sent to the device work...