Lucene search
K

69 matches found

NVD
NVD
added 2020/05/21 3:15 p.m.20 views

CVE-2020-5752

Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges...

7.8CVSS8AI score0.08607EPSS
Exploits12References3
OSV
OSV
added 2020/05/21 3:15 p.m.4 views

CVE-2020-5752

Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges...

7.8CVSS7.3AI score0.08607EPSS
Exploits12References3
Prion
Prion
added 2020/05/21 3:15 p.m.26 views

Path traversal

Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges...

7.2CVSS7.9AI score0.08607EPSS
Exploits12References3Affected Software1
CVE
CVE
added 2020/05/21 2:3 p.m.211 views

CVE-2020-5752

CVE-2020-5752: Druva inSync Windows Client contains a path traversal vulnerability in the inSyncCPHwnet64 RPC service (port 6064) that can be exploited locally to run commands as SYSTEM on Windows 10 (x64) with inSync Client 6.6.3 and below. The RPC type 5 handling flaw enables command injection ...

7.8CVSS8AI score0.08607EPSS
Exploits12References3Affected Software1
Cvelist
Cvelist
added 2020/05/21 2:3 p.m.48 views

CVE-2020-5752

Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges...

8AI score0.08607EPSS
Exploits12References3
Positive Technologies
Positive Technologies
added 2020/05/21 12:0 a.m.4 views

PT-2020-18673 · Druva · Druva Insync Windows Client

Name of the Vulnerable Software and Affected Versions: Druva inSync Windows Client version 6.6.3 Description: The issue allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges due to a relative path traversal vulnerability. Recommendations: F...

7.8CVSS8AI score0.08607EPSS
Exploits12References8
Packet Storm
Packet Storm
added 2020/05/12 12:0 a.m.187 views

Druva inSync inSyncCPHwnet64.exe RPC Type 5 Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Druva inSync inSyncCPHwnet64.exe RPC Type 5 Privilege Escalation', 'Description' = %q Druva inSync client for Windows exposes a network service o...

7.2CVSS1AI score0.08566EPSS
Exploits7
0day.today
0day.today
added 2020/05/12 12:0 a.m.45 views

Druva inSync inSyncCPHwnet64.exe RPC Type 5 Privilege Escalation Exploit

Druva inSync client for Windows exposes a network service on TCP port 6064 on the local network interface. inSync versions 6.5.2 and prior do not validate user-supplied program paths in RPC type 5 messages, allowing execution of arbitrary commands as SYSTEM. This Metasploit module has been tested...

7.8CVSS0.5AI score0.08566EPSS
Exploits7
Metasploit
Metasploit
added 2020/05/06 2:9 p.m.406 views

Druva inSync inSyncCPHwnet64.exe RPC Type 5 Privilege Escalation

Druva inSync client for Windows exposes a network service on TCP port 6064 on the local network interface. inSync versions 6.6.3 and prior do not properly validate user-supplied program paths in RPC type 5 messages, allowing execution of arbitrary commands as SYSTEM. This module has been tested...

7.8CVSS7.9AI score0.08607EPSS
Exploits18
0day.today
0day.today
added 2020/04/30 12:0 a.m.75 views

Druva inSync Windows Client 6.5.2 - Local Privilege Escalation Exploit

Exploit Title: Druva inSync Windows Client 6.5.2 - Local Privilege Escalation Exploit Author: Chris Lyne Vendor Homepage: druva.com Software Link: https://downloads.druva.com/downloads/inSync/Windows/6.5.2/inSync6.5.2r99097.msi Version: 6.5.2 Tested on: Windows 10 CVE : CVE-2019-3999 See also:...

7.8CVSS0.6AI score0.08566EPSS
Exploits7
Exploit DB
Exploit DB
added 2020/04/29 12:0 a.m.123 views

Druva inSync Windows Client 6.5.2 - Local Privilege Escalation

Exploit Title: Druva inSync Windows Client 6.5.2 - Local Privilege Escalation Date: 2020-04-28 Exploit Author: Chris Lyne Vendor Homepage: druva.com Software Link: https://downloads.druva.com/downloads/inSync/Windows/6.5.2/inSync6.5.2r99097.msi Version: 6.5.2 Tested on: Windows 10 CVE :...

7.8CVSS7.7AI score0.08566EPSS
Exploits7
Packet Storm
Packet Storm
added 2020/04/29 12:0 a.m.100 views

Druva inSync Windows Client 6.5.2 Privilege Escalation

Exploit Title: Druva inSync Windows Client 6.5.2 - Local Privilege Escalation Date: 2020-04-28 Exploit Author: Chris Lyne Vendor Homepage: druva.com Software Link: https://downloads.druva.com/downloads/inSync/Windows/6.5.2/inSync6.5.2r99097.msi Version: 6.5.2 Tested on: Windows 10 CVE :...

7.2CVSS1.1AI score0.08566EPSS
Exploits7
CNVD
CNVD
added 2020/03/25 12:0 a.m.2 views

Druva inSync Client Arbitrary NodeJS Code Execution Vulnerability

Druva inSync Client is a lightweight application for managing data backups and allowing collaboration with other users. An arbitrary NodeJS code execution vulnerability exists in Druva inSync Client 6.5.0. The vulnerability stems from improper input validation. A locally authenticated attacker ca...

7.8CVSS7.8AI score0.00566EPSS
Exploits1References1
NVD
NVD
added 2020/03/24 10:15 p.m.26 views

CVE-2019-4001

Improper input validation in Druva inSync Client 6.5.0 allows a local, authenticated attacker to execute arbitrary NodeJS code...

7.8CVSS7.8AI score0.00566EPSS
Exploits1References1
OSV
OSV
added 2020/03/24 10:15 p.m.2 views

CVE-2019-4001

Improper input validation in Druva inSync Client 6.5.0 allows a local, authenticated attacker to execute arbitrary NodeJS code...

7.8CVSS7.3AI score0.00566EPSS
Exploits1References1
Prion
Prion
added 2020/03/24 10:15 p.m.12 views

Input validation

Improper input validation in Druva inSync Client 6.5.0 allows a local, authenticated attacker to execute arbitrary NodeJS code...

4.6CVSS7.7AI score0.00566EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/03/24 9:4 p.m.29 views

CVE-2019-4001

Improper input validation in Druva inSync Client 6.5.0 allows a local, authenticated attacker to execute arbitrary NodeJS code...

7.8AI score0.00566EPSS
Exploits1References1
CVE
CVE
added 2020/03/24 9:4 p.m.50 views

CVE-2019-4001

CVE-2019-4001 affects Druva inSync Client 6.5.0. The issue is an improper input validation vulnerability that allows a local, authenticated attacker to execute arbitrary NodeJS code. Root cause and detailed exploit steps are not provided in the connected documents. The CVSS metrics indicate a loc...

7.8CVSS7.7AI score0.00566EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2020/02/26 12:0 a.m.3 views

Druva inSync Mac OS Client Code Instruction Improper Neutralization Vulnerability

Druva inSync Client is a lightweight application for managing data backups and allowing collaboration with other users.Druva inSync Mac OS Client is the Mac OS version. Druva inSync Mac OS Client 6.5.0 suffers from an improperly neutralized instruction vulnerability in dynamic evaluation code. A...

7.8CVSS7.2AI score0.00733EPSS
Exploits1References1
CNVD
CNVD
added 2020/02/26 12:0 a.m.4 views

Druva inSync Windows Client Arbitrary OS Command Execution Vulnerability

Druva inSync Client is a lightweight application that manages data backups and allows collaboration with other users.Druva inSync Windows Client is for Windows. An arbitrary operating system command execution vulnerability exists in Druva inSync Windows Client 6.5.0. The vulnerability stems from...

7.8CVSS7.8AI score0.08566EPSS
Exploits7References1
Rows per page
Query Builder