CVE-2017-8411

An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the POST parameters passed in this request to test if email credentials and hostname sent to the device work...

Command injection

An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the POST parameters passed in this request to test if email credentials and hostname sent to the device work...

Command injection

An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the POST parameters passed in this request to test if email credentials and hostname sent to the device work...

CVE-2017-8404

An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the POST parameters passed in this request to test if email credentials and hostname sent to the device work...

CVE-2017-8411

An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the POST parameters passed in this request to test if email credentials and hostname sent to the device work...

CVE-2017-8408

An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the GET parameters passed in this request to test if SMB credentials and hostname sent to the device work proper...

CVE-2017-8408

An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the GET parameters passed in this request to test if SMB credentials and hostname sent to the device work proper...

Insert or Embed Articulate Content into WordPress plugin <= 4.2999 - Authenticated Arbitrary Folder Deletion and Rename

Authenticated Arbitrary Folder Deletion and Rename vulnerability found in Insert or Embed Articulate Content into WordPress plugin versions = 4.2999. Solution Update the Insert or Embed Articulate Content into WordPress plugin to the latest available version at least 4.29991...

Insert or Embed Articulate Content into WordPress <= 4.2999 - Authenticated Arbitrary Folder Deletion and Rename

The lack of CSRF, Authorisation and Path Traversal checks in wpajaxdeldir and wpajaxrenamedir AJAX methods in functions.php make it possible for an authenticated user with a role as low as subscriber to delete and rename arbitrary folders. CSRF attacks against such authenticated users is also...

PT-2019-8631 · D Link · D-Link Dcs-1130

Name of the Vulnerable Software and Affected Versions: D-Link DCS-1130 devices affected versions not specified Description: An issue was discovered on D-Link DCS-1130 devices, where the device provides a user with the capability of setting a SMB folder for the video clippings recorded by the...

PRODSECBUG-2343: Insecure Direct Object Reference (IDOR) vulnerability can lead to deletion of downloadable products folder

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

CVE-2019-12938

The Roundcube component of Analogic Poste.io 2.1.6 uses .htaccess to protect the logs/ folder, which is effective with the Apache HTTP Server but is ineffective with nginx. Attackers can read logs via the webmail/logs/sendmail URI...

WhatBreach - OSINT Tool To Find Breached Emails And Databases

WhatBreach is a tool to search for breached emails and their corresponding database. It takes either a single email or a list of emails and searches them leveraging haveibeenpwned.com's API, from there if there are any breaches it will search for the query link on Dehashed pertaining to the...

Cross-Site Scripting

Overview All versions of html-pages are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize folder names, allowing attackers to execute arbitrary JavaScript in the victim's browser through folders with names containing malicious code. Recommendation No fix is currently available...

CVE-2019-12133

Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon syst...

Directory traversal

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a script file called "getfile.sh" which allows a user to retrieve any file stored in the "cmh-ext" folder on the device. However, the "filename" parameter is not validated correctly and this allows a...

CVE-2019-1053

An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts. An attacker who successfully exploited the vulnerability could elevate privileges by escaping a sandbox. To exploit this vulnerability, an attacker would require unprivileged execution on the...

openSUSE Security Update : virtualbox (openSUSE-2019-1547)

This update for virtualbox to version 5.2.24 fixes the following issues : Multiple security issues fixed : CVE-2019-2500, CVE-2019-2524, CVE-2019-2552, CVE-2018-3309, CVE-2019-2520 CVE-2019-2521, CVE-2019-2522, CVE-2019-2523, CVE-2019-2526, CVE-2019-2548 CVE-2018-11763, CVE-2019-2511,...

Windows Shell Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts. An attacker who successfully exploited the vulnerability could elevate privileges by escaping a sandbox. To exploit this vulnerability, an attacker would require unprivileged execution on the...

DEBIAN-CVE-2019-9858

Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the HordeFormTypeimage method onSubmit is called on uploads, it invokes the functions getImage and getUpload, which uses...