EUVD-2021-32217

Malicious code in bioql PyPI...

Cross-site Scripting (XSS)

Overview concrete5/concrete5 is a concrete5 open source CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Home Folder process on the Members Dashboard page. An attacker can execute arbitrary scripts in the context of another user's session by setting up a...

CVE-2025-8573

Concrete CMS versions 9 through 9.4.2 are vulnerable to Stored XSS from Home Folder on Members Dashboard page. Version 8 was not affected. A rogue admin could set up a malicious folder containing XSS to which users could be directed upon login. The Concrete CMS security team gave this...

PT-2025-31998 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS versions 9 through 9.4.2 Description: Concrete CMS versions 9 through 9.4.2 are susceptible to Stored Cross-Site Scripting XSS originating from the Home Folder on the Members Dashboard page. A malicious administrator could...

Linux : Session closes immediately while getting gray screen for 10 seconds

When launch connection on linux vda from cloud, for a user the connection closes after a grey windows on vda user home folder is not created but other users may login fine...

How to remove a user from a shared Mac

There will be times when you need to remove a user from a device. In this article well show you how to remove a user from a Mac. For a better understanding its good to understand the difference between an actual user of the device and a "sharing only user." On a Mac, you can use Sharing Only User...

Desktop APP XSS to RCE

🔒️ Requirements The user must load the malicious configuration and click on the buttons. 📝 Description This exploitation relies on several issues which chained together lead to an RCE. In the following subsection, I will try to explain it as best I can. 💉 Not sanitized HTML injection In the...

CVE-2021-45446

A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located inside the directory...

Directory traversal

A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located inside the directory...

Path Traversal

onionsharecli is vulnerable to path traversal. The vulnerability exists in the common.py as it does not properly validate the access permissions, which allows an attacker to access sensitive information in the user's home folder...

Design/Logic Flaw

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions an adversary with a primitive that allows for filesystem access from the context of the Onionshare process can access sensitive...

CVE-2022-21693 Path traversal in Onionshare

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions an adversary with a primitive that allows for filesystem access from the context of the Onionshare process can access sensitive...

CVE-2022-21693

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions an adversary with a primitive that allows for filesystem access from the context of the Onionshare process can access sensitive...

SUSE SLES12 Security Update : samba (SUSE-SU-2020:2721-1)

"This update for samba fixes the following issues : ZeroLogon: An elevation of privilege was possible with some configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol MS-NRPC CVE-2020-1472, bsc1176579...

CVE-2020-9986

A file access issue existed with certain home folder files. This was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.7. A malicious application may be able to read sensitive location information...

CVE-2020-9986

A file access issue existed with certain home folder files. This was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.7. A malicious application may be able to read sensitive location information...

Design/Logic Flaw

A file access issue existed with certain home folder files. This was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.7. A malicious application may be able to read sensitive location information...

CVE-2020-9986

CVE-2020-9986 affects macOS Find My / Offline Finding in Catalina. The root issue is a file access vulnerability where cached rolling advertisement keys and related location data could be exposed via a malicious macOS application reading home-folder files. Threat research described two flaws: (1)...

WhatBreach - OSINT Tool To Find Breached Emails And Databases

WhatBreach is a tool to search for breached emails and their corresponding database. It takes either a single email or a list of emails and searches them leveraging haveibeenpwned.com's API, from there if there are any breaches it will search for the query link on Dehashed pertaining to the...

CVE-2017-13851

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "DesktopServices" component. It allows local users to bypass intended access restrictions on home folder files...