Lucene search
+L

388 matches found

Tenable Nessus
Tenable Nessus
added 2019/08/20 12:0 a.m.25 views

SUSE SLES12 Security Update : nodejs6 (SUSE-SU-2019:2181-1)

This update for nodejs6 fixes the following issues : CVE-2019-13173: Fixed a potential file overwrite via hardlink in fstream.DirWriter bsc1140290. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to...

7.5CVSS7.9AI score0.02416EPSS
Exploits0References4
OSV
OSV
added 2019/08/07 9:38 a.m.4 views

SUSE-SU-2019:2078-1 Security update for nodejs4

This update for nodejs4 fixes the following issues: - CVE-2019-13173: Fixed a potential file overwrite via hardlink in fstream.DirWriter bsc1140290...

7.5CVSS7.5AI score0.02416EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2019/07/02 7:26 p.m.44 views

CVE-2019-13173

fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter function is...

7.5CVSS7.5AI score0.02416EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2019/07/02 12:0 a.m.23 views

CVE-2019-13173

fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter function is...

7.5CVSS7.1AI score0.02416EPSS
Exploits0References5
0day.today
0day.today
added 2019/05/29 12:0 a.m.330 views

Microsoft Windows - AppX Deployment Service Local Privilege Escalation (2) Exploit

Exploit for windows platform in category local exploits Microsoft Windows - AppX Deployment Service Local Privilege Escalation 2 Exploit There is still a vuln in the code triggered by CVE-2019-0841 The bug that this guy found:...

7.2CVSS6.8AI score0.414EPSS
Exploits19
exploitpack
exploitpack
added 2019/05/23 12:0 a.m.87 views

Microsoft Windows - AppX Deployment Service Local Privilege Escalation (2)

Microsoft Windows - AppX Deployment Service Local Privilege Escalation 2 There is still a vuln in the code triggered by CVE-2019-0841 The bug that this guy found: https://krbtgt.pw/dacl-permissions-overwrite-privilege-escalation-cve-2019-0841/ If you create the following: GetFavDirectory gets the...

7.2CVSS0.5AI score0.414EPSS
Exploits19
Exploit DB
Exploit DB
added 2019/05/23 12:0 a.m.86 views

Microsoft Windows - AppX Deployment Service Local Privilege Escalation (2)

There is still a vuln in the code triggered by CVE-2019-0841 The bug that this guy found: https://krbtgt.pw/dacl-permissions-overwrite-privilege-escalation-cve-2019-0841/ If you create the following: GetFavDirectory gets the local appdata folder, fyi CreateDirectoryGetFavDirectory +...

7.8CVSS6.9AI score0.414EPSS
Exploits19
exploitpack
exploitpack
added 2019/05/22 12:0 a.m.61 views

Microsoft Windows (x86) - Task Scheduler .job Import Arbitrary Discretionary Access Control List Write Local Privilege Escalation

Microsoft Windows x86 - Task Scheduler .job Import Arbitrary Discretionary Access Control List Write Local Privilege Escalation Task Scheduler .job import arbitrary DACL write Tested on: Windows 10 32-bit Bug information: There are two folders for tasks. c:\windows\tasks c:\windows\system32\tasks...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2019/05/22 12:0 a.m.37 views

Microsoft Windows (x84x64) - Error Reporting Discretionary Access Control List Local Privilege Escalation

Microsoft Windows x84x64 - Error Reporting Discretionary Access Control List Local Privilege Escalation EDIT: Apparently this was patched earlier this month.. so whatever. Windows Error Reporting Arbitrary DACL write It can take upwards of 15 minutes for the bug to trigger. If it takes too long,...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2019/05/22 12:0 a.m.134 views

Microsoft Windows (x86) - Task Scheduler' .job' Import Arbitrary Discretionary Access Control List Write / Local Privilege Escalation

Task Scheduler .job import arbitrary DACL write Tested on: Windows 10 32-bit Bug information: There are two folders for tasks. c:\windows\tasks c:\windows\system32\tasks The first one is only there for legacy purposes. The second one gets used by the task scheduler. In the old days i.e windows xp...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/05/22 12:0 a.m.85 views

Microsoft Windows (x86/x64) - 'Error Reporting' Discretionary Access Control List / Local Privilege Escalation

EDIT: Apparently this was patched earlier this month.. so whatever. Windows Error Reporting Arbitrary DACL write It can take upwards of 15 minutes for the bug to trigger. If it takes too long, closing the program, cleaning out the reportarchive folder in programdata it may mess up the timing if...

7.4AI score
Exploits0
Veracode
Veracode
added 2019/05/16 12:34 a.m.23 views

Arbitrary File Overwrite

fstream is vulnerable to arbitrary file overwrite. The vulnerability exists as fstream allows overwriting an existing file on the system through extracting a hardlink...

7.5CVSS7.5AI score0.02416EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/05/13 12:0 a.m.35 views

EulerOS Virtualization 3.0.1.0 : libarchive (EulerOS-SA-2019-1470)

According to the versions of the libarchive package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in libarchive. A specially crafted MTREE file could cause a small out-of-bounds read, potentially...

8.8CVSS7.5AI score0.11992EPSS
Exploits13References25
Veracode
Veracode
added 2019/05/02 2:32 a.m.22 views

Arbitrary File Overwrite

tar-fs is vulnerable to arbitrary file overwrite attacks. The attack is possible because it does not restrict the target of tarball containing hardlink from overwriting an existing file with an identical name as the hardlink, allowing arbitrary file overwrite attacks if an attacker gets control...

7.5CVSS7.4AI score0.02106EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2019/05/01 6:37 p.m.5 views

GHSA-J44M-QM6P-HP7M Arbitrary File Overwrite in tar

Versions of tar prior to 4.4.2 for 4.x and 2.2.2 for 2.x are vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink will overwrite the system's file with the contents of the extracted file...

7.5CVSS7.1AI score0.03145EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2019/05/01 6:37 p.m.49 views

Improper Input Validation in tar-fs

A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the...

7.5CVSS1.5AI score0.02106EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2019/04/30 7:29 p.m.17 views

CVE-2018-20835

A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the...

7.5CVSS7.4AI score0.02106EPSS
Exploits1References3
OSV
OSV
added 2019/04/30 7:29 p.m.2 views

DEBIAN-CVE-2018-20834

A vulnerability was found in node-tar before version 4.4.2 excluding version 2.2.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This...

7.5CVSS7.4AI score0.03145EPSS
Exploits1References1
Prion
Prion
added 2019/04/30 7:29 p.m.19 views

Design/Logic Flaw

A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the...

6.4CVSS7.4AI score0.02106EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2019/04/30 6:2 p.m.21 views

CVE-2018-20835

A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the...

7.5CVSS7.4AI score0.02106EPSS
Exploits1
Rows per page
Query Builder