69 matches found
Druva 注入漏洞
Druva is a large-scale SaaS platform from US-based Druva, Inc. bringing the simplicity, scalability and security of the public cloud to enterprise data protection and management. A security vulnerability exists in Druva version 6.9.0 that stems from a URL injection vulnerability in the inSync...
CVE-2021-36668
URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to force a visit to an arbitrary url via the port parameter to the Electron App...
CVE-2021-36668
CVE-2021-36668 concerns a URL injection in Druva’s inSync Electron-based UI for macOS 6.9.0. The vulnerability allows a local attacker to force the app to navigate to an arbitrary URL by manipulating the port parameter, due to issues in the Electron wrapper. Affected software is Driva inSync 6.9....
CVE-2021-36667
Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allows attackers to execute arbitrary commands via crafted payload to the local HTTP server due to un-sanitized call to the python os.system library...
CVE-2021-36667
CVE-2021-36667 affects Druva inSync 6.9.0 for macOS. The vulnerability is a command injection via a crafted payload to the local HTTP server caused by an unsanitized call to Python’s os.system, enabling arbitrary commands executed with local privileges. The primary impact is execution of arbitrar...
Druva inSync Windows Client 6.6.3 Privilege Escalation
Exploit Title: Druva inSync Windows Client 6.6.3 - Local Privilege Escalation PowerShell Date: 2020-12-03 Exploit Author: 1F98D Original Author: Matteo Malvica Vendor Homepage: druva.com Software Link: https://downloads.druva.com/downloads/inSync/Windows/6.6.3/inSync6.6.3r102156.msi Version: 6.6....
CVE-2020-5798
inSync Client installer for macOS versions v6.8.0 and prior could allow an attacker to gain privileges of a root user from a lower privileged user due to improper integrity checks and directory permissions...
CVE-2020-5798
inSync Client installer for macOS versions v6.8.0 and prior could allow an attacker to gain privileges of a root user from a lower privileged user due to improper integrity checks and directory permissions...
CVE-2020-5798
inSync Client installer for macOS versions v6.8.0 and prior could allow an attacker to gain privileges of a root user from a lower privileged user due to improper integrity checks and directory permissions...
CVE-2020-5798
CVE-2020-5798 affects the inSync Client installer for macOS, version v6.8.0 and earlier. The root cause is improper integrity checks and directory permissions that could allow a lower-privileged user to gain root privileges. Documents consistently cite this impact and the affected component (macO...
Druva inSync Client Security Vulnerability
Druva inSync Client is a lightweight application from Druva USA that supports managing data backups and allows collaboration with other users. A security vulnerability exists in the inSync Client installer, which stems from incorrect integrity checking and directory permissions, and which the...
Druva inSync Windows Client 6.6.3 - Local Privilege Escalation (PowerShell) Exploit
Exploit Title: Druva inSync Windows Client 6.6.3 - Local Privilege Escalation PowerShell Exploit Author: 1F98D Original Author: Matteo Malvica Vendor Homepage: druva.com Software Link: https://downloads.druva.com/downloads/inSync/Windows/6.6.3/inSync6.6.3r102156.msi Version: 6.6.3 Tested on:...
Druva inSync Windows Client 6.6.3 - Local Privilege Escalation (PowerShell)
Exploit Title: Druva inSync Windows Client 6.6.3 - Local Privilege Escalation PowerShell Date: 2020-12-03 Exploit Author: 1F98D Original Author: Matteo Malvica Vendor Homepage: druva.com Software Link: https://downloads.druva.com/downloads/inSync/Windows/6.6.3/inSync6.6.3r102156.msi Version: 6.6....
Druva inSync Client Installed (Windows)
Binary data druvainsyncclientwininstalled.nbin...
Druva inSync Windows Client < 6.6.4 Privilege Escalation
The Windows Druva inSync Client Service inSyncCPHwnet64.exe contains a path traversal vulnerability that can be exploited by a local, unauthenticated attacker to execute OS commands with SYSTEM privileges. When processing RPC type 5 requests over TCP port 6064, inSyncCPHwnet64.exe does not proper...
Druva inSync Windows Client 6.6.3 CVE-2020-5752 - Local Privilege Escalation
Druva inSync Windows Client version 6.6.3 suffers from a local privilege escalation vulnerability. Exploit Title: Druva inSync Windows Client 6.6.3 - Local Privilege Escalation Date: 2020-05-21 Exploit Author: Matteo Malvica Credits: Chris Lyne for previous version's exploit Vendor Homepage:...
Druva inSync Windows Client Path Traversal Vulnerability
Druva inSync Windows Client is a Windows client application for the Druva inSync endpoint data protection solution from Druva USA. A path traversal vulnerability exists in Druva inSync Windows Client version 6.6.3. A local attacker can exploit this vulnerability to gain SYSTEM privileges and...
Druva inSync Windows Client 6.6.3 - Local Privilege Escalation Exploit
Exploit Title: Druva inSync Windows Client 6.6.3 - Local Privilege Escalation Exploit Author: Matteo Malvica Credits: Chris Lyne for previous version's exploit Vendor Homepage: druva.com Software Link: https://downloads.druva.com/downloads/inSync/Windows/6.6.3/inSync6.6.3r102156.msi Version: 6.6....
Druva inSync Windows Client 6.6.3 Local Privilege Escalation
Exploit Title: Druva inSync Windows Client 6.6.3 - Local Privilege Escalation Date: 2020-05-21 Exploit Author: Matteo Malvica Credits: Chris Lyne for previous version's exploit Vendor Homepage: druva.com Software Link:...
Druva inSync Windows Client 6.6.3 - Local Privilege Escalation
Exploit Title: Druva inSync Windows Client 6.6.3 - Local Privilege Escalation Date: 2020-05-21 Exploit Author: Matteo Malvica Credits: Chris Lyne for previous version's exploit Vendor Homepage: druva.com Software Link:...