Lucene search
K

69 matches found

CNNVD
CNNVD
added 2022/07/12 12:0 a.m.3 views

Druva 注入漏洞

Druva is a large-scale SaaS platform from US-based Druva, Inc. bringing the simplicity, scalability and security of the public cloud to enterprise data protection and management. A security vulnerability exists in Druva version 6.9.0 that stems from a URL injection vulnerability in the inSync...

7.8CVSS7.8AI score0.00563EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/07/11 3:6 p.m.22 views

CVE-2021-36668

URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to force a visit to an arbitrary url via the port parameter to the Electron App...

8AI score0.00563EPSS
Exploits1References2
CVE
CVE
added 2022/07/11 3:6 p.m.66 views

CVE-2021-36668

CVE-2021-36668 concerns a URL injection in Druva’s inSync Electron-based UI for macOS 6.9.0. The vulnerability allows a local attacker to force the app to navigate to an arbitrary URL by manipulating the port parameter, due to issues in the Electron wrapper. Affected software is Driva inSync 6.9....

7.8CVSS7.7AI score0.00563EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/07/11 3:6 p.m.32 views

CVE-2021-36667

Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allows attackers to execute arbitrary commands via crafted payload to the local HTTP server due to un-sanitized call to the python os.system library...

8.2AI score0.01817EPSS
Exploits1References2
CVE
CVE
added 2022/07/11 3:6 p.m.60 views

CVE-2021-36667

CVE-2021-36667 affects Druva inSync 6.9.0 for macOS. The vulnerability is a command injection via a crafted payload to the local HTTP server caused by an unsanitized call to Python’s os.system, enabling arbitrary commands executed with local privileges. The primary impact is execution of arbitrar...

7.8CVSS7.9AI score0.01817EPSS
Exploits1References3Affected Software1
Packet Storm
Packet Storm
added 2020/12/08 12:0 a.m.301 views

Druva inSync Windows Client 6.6.3 Privilege Escalation

Exploit Title: Druva inSync Windows Client 6.6.3 - Local Privilege Escalation PowerShell Date: 2020-12-03 Exploit Author: 1F98D Original Author: Matteo Malvica Vendor Homepage: druva.com Software Link: https://downloads.druva.com/downloads/inSync/Windows/6.6.3/inSync6.6.3r102156.msi Version: 6.6....

7.2CVSS1AI score0.08607EPSS
Exploits12
OSV
OSV
added 2020/12/07 1:15 p.m.2 views

CVE-2020-5798

inSync Client installer for macOS versions v6.8.0 and prior could allow an attacker to gain privileges of a root user from a lower privileged user due to improper integrity checks and directory permissions...

7.8CVSS7.1AI score0.00292EPSS
Exploits1References2
NVD
NVD
added 2020/12/07 1:15 p.m.18 views

CVE-2020-5798

inSync Client installer for macOS versions v6.8.0 and prior could allow an attacker to gain privileges of a root user from a lower privileged user due to improper integrity checks and directory permissions...

7.8CVSS7.6AI score0.00292EPSS
Exploits1References2
Cvelist
Cvelist
added 2020/12/07 12:44 p.m.27 views

CVE-2020-5798

inSync Client installer for macOS versions v6.8.0 and prior could allow an attacker to gain privileges of a root user from a lower privileged user due to improper integrity checks and directory permissions...

7.6AI score0.00292EPSS
Exploits1References2
CVE
CVE
added 2020/12/07 12:44 p.m.143 views

CVE-2020-5798

CVE-2020-5798 affects the inSync Client installer for macOS, version v6.8.0 and earlier. The root cause is improper integrity checks and directory permissions that could allow a lower-privileged user to gain root privileges. Documents consistently cite this impact and the affected component (macO...

7.8CVSS7.5AI score0.00292EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2020/12/07 12:0 a.m.7 views

Druva inSync Client Security Vulnerability

Druva inSync Client is a lightweight application from Druva USA that supports managing data backups and allows collaboration with other users. A security vulnerability exists in the inSync Client installer, which stems from incorrect integrity checking and directory permissions, and which the...

7.8CVSS7.1AI score0.00292EPSS
Exploits1References3
0day.today
0day.today
added 2020/12/07 12:0 a.m.234 views

Druva inSync Windows Client 6.6.3 - Local Privilege Escalation (PowerShell) Exploit

Exploit Title: Druva inSync Windows Client 6.6.3 - Local Privilege Escalation PowerShell Exploit Author: 1F98D Original Author: Matteo Malvica Vendor Homepage: druva.com Software Link: https://downloads.druva.com/downloads/inSync/Windows/6.6.3/inSync6.6.3r102156.msi Version: 6.6.3 Tested on:...

7.8CVSS7.8AI score0.08607EPSS
Exploits12
Exploit DB
Exploit DB
added 2020/12/07 12:0 a.m.614 views

Druva inSync Windows Client 6.6.3 - Local Privilege Escalation (PowerShell)

Exploit Title: Druva inSync Windows Client 6.6.3 - Local Privilege Escalation PowerShell Date: 2020-12-03 Exploit Author: 1F98D Original Author: Matteo Malvica Vendor Homepage: druva.com Software Link: https://downloads.druva.com/downloads/inSync/Windows/6.6.3/inSync6.6.3r102156.msi Version: 6.6....

7.8CVSS7.8AI score0.08607EPSS
Exploits12
Tenable Nessus
Tenable Nessus
added 2020/05/27 12:0 a.m.11 views

Druva inSync Client Installed (Windows)

Binary data druvainsyncclientwininstalled.nbin...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/05/27 12:0 a.m.45 views

Druva inSync Windows Client < 6.6.4 Privilege Escalation

The Windows Druva inSync Client Service inSyncCPHwnet64.exe contains a path traversal vulnerability that can be exploited by a local, unauthenticated attacker to execute OS commands with SYSTEM privileges. When processing RPC type 5 requests over TCP port 6064, inSyncCPHwnet64.exe does not proper...

7.8CVSS7.6AI score0.08607EPSS
Exploits12References3
0daydb
0daydb
added 2020/05/25 2:7 p.m.175 views

Druva inSync Windows Client 6.6.3 CVE-2020-5752 - Local Privilege Escalation

Druva inSync Windows Client version 6.6.3 suffers from a local privilege escalation vulnerability. Exploit Title: Druva inSync Windows Client 6.6.3 - Local Privilege Escalation Date: 2020-05-21 Exploit Author: Matteo Malvica Credits: Chris Lyne for previous version's exploit Vendor Homepage:...

7.2CVSS0.6AI score0.08607EPSS
Exploits12
CNVD
CNVD
added 2020/05/22 12:0 a.m.4 views

Druva inSync Windows Client Path Traversal Vulnerability

Druva inSync Windows Client is a Windows client application for the Druva inSync endpoint data protection solution from Druva USA. A path traversal vulnerability exists in Druva inSync Windows Client version 6.6.3. A local attacker can exploit this vulnerability to gain SYSTEM privileges and...

7.8CVSS7.9AI score0.08607EPSS
Exploits12References1
0day.today
0day.today
added 2020/05/22 12:0 a.m.172 views

Druva inSync Windows Client 6.6.3 - Local Privilege Escalation Exploit

Exploit Title: Druva inSync Windows Client 6.6.3 - Local Privilege Escalation Exploit Author: Matteo Malvica Credits: Chris Lyne for previous version's exploit Vendor Homepage: druva.com Software Link: https://downloads.druva.com/downloads/inSync/Windows/6.6.3/inSync6.6.3r102156.msi Version: 6.6....

7.8CVSS0.4AI score0.08607EPSS
Exploits12
Packet Storm
Packet Storm
added 2020/05/22 12:0 a.m.241 views

Druva inSync Windows Client 6.6.3 Local Privilege Escalation

Exploit Title: Druva inSync Windows Client 6.6.3 - Local Privilege Escalation Date: 2020-05-21 Exploit Author: Matteo Malvica Credits: Chris Lyne for previous version's exploit Vendor Homepage: druva.com Software Link:...

7.2CVSS0.7AI score0.08607EPSS
Exploits12
Exploit DB
Exploit DB
added 2020/05/22 12:0 a.m.491 views

Druva inSync Windows Client 6.6.3 - Local Privilege Escalation

Exploit Title: Druva inSync Windows Client 6.6.3 - Local Privilege Escalation Date: 2020-05-21 Exploit Author: Matteo Malvica Credits: Chris Lyne for previous version's exploit Vendor Homepage: druva.com Software Link:...

7.8CVSS8AI score0.08607EPSS
Exploits12
Rows per page
Query Builder