Exploit for Path Traversal in Rarlab Winrar

CVE-2018-20250-WinRAR-ACE Proof of concept code in C to explo...

Warning: Critical WinRAR Flaw Affects All Versions Released In Last 19 Years

Beware Windows users... a new dangerous remote code execution vulnerability has been discovered in the WinRAR software, affecting hundreds of millions of users worldwide. Cybersecurity researchers at Check Point have disclosed technical details of a critical vulnerability in WinRAR—a popular...

Input validation

Improper folder permissions in IntelR Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2019-0109

Improper folder permissions in IntelR Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2019-0109

Improper folder permissions in IntelR Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2019-0109

Intel Data Center Manager SDK prior to version 5.0.2 is affected by CVE-2019-0109, described as improper folder permissions that may allow an authenticated user to escalate privileges via local access. The vulnerability is listed with CVSS v3 base score 7.8 (LOCAL, LOW ATTACK). Affected product: ...

CVE-2019-7692

install/install.php in CIM 0.9.3 allows remote attackers to execute arbitrary PHP code via a crafted prefix value because of configuration file mishandling in the N=83 case, as demonstrated by a call to the PHP fputs function that creates a .php file in the public folder...

CVE-2019-7692

install/install.php in CIM 0.9.3 allows remote attackers to execute arbitrary PHP code via a crafted prefix value because of configuration file mishandling in the N=83 case, as demonstrated by a call to the PHP fputs function that creates a .php file in the public folder...

Cross-Site Scripting in html-pages

All versions of html-pages are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize folder names, allowing attackers to execute arbitrary JavaScript in the victim's browser through folders with names containing malicious code. Recommendation No fix is currently available. Conside...

GHSA-5P26-HW7F-3CPR Cross-Site Scripting in html-pages

All versions of html-pages are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize folder names, allowing attackers to execute arbitrary JavaScript in the victim's browser through folders with names containing malicious code. Recommendation No fix is currently available. Conside...

Trend Micro Security’s 2019 Release Protects You Better Than Ever Against Ransomware, Coin-mining, Banking, and E-Commerce Threats

2019 has barely gotten started, but by Q4 of 2018 Trend Micro had already seen a 956% increase in coin-mining malware detections for the year-to-date—right alongside the persistent threat of ransomware and online banking and e-commerce hacks designed to steal your identity or your money. Folks ca...

Code injection

An issue was discovered in PHPMyWind 5.5. It allows remote attackers to delete arbitrary folders via an admin/databasebackup.php?action=import&dopost=deldir&tbname=../ URI...

CVE-2019-7403

An issue was discovered in PHPMyWind 5.5. It allows remote attackers to delete arbitrary folders via an admin/databasebackup.php?action=import&dopost=deldir&tbname=../ URI...

CVE-2019-7403

An issue was discovered in PHPMyWind 5.5. It allows remote attackers to delete arbitrary folders via an admin/databasebackup.php?action=import&dopost=deldir&tbname=../ URI...

Keybase: macOS privilege escalation

Short description We can add an arbitrary folder to the default $PATH environment variable, so we can exploit this to run arbitrary code as the targeted user. Steps to reproduce 1. In the example I will use the low privileged nobody account could be any other account and I will target the u3mur4...

CVE-2018-16484

A XSS vulnerability was found in module m-server 1.4.2 that allows malicious Javascript code or HTML to be executed, due to the lack of escaping for special characters in folder names...

CVE-2018-16484

A XSS vulnerability was found in module m-server 1.4.2 that allows malicious Javascript code or HTML to be executed, due to the lack of escaping for special characters in folder names...

Cross site scripting

A XSS vulnerability was found in module m-server 1.4.2 that allows malicious Javascript code or HTML to be executed, due to the lack of escaping for special characters in folder names...

CVE-2018-16484

A XSS vulnerability was found in module m-server 1.4.2 that allows malicious Javascript code or HTML to be executed, due to the lack of escaping for special characters in folder names...

CVE-2018-16480

A XSS vulnerability was found in module public 0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before rendering...