98 matches found
CVE-2020-11707
An issue was discovered in ProVide formerly zFTPServer through 13.1. It doesn't enforce permission over Windows Symlinks or Junctions. As a result, a low-privileged user non-admin can craft a Junction Link in a directory he has full control of, breaking out of the sandbox...
Design/Logic Flaw
An issue was discovered in ProVide formerly zFTPServer through 13.1. It doesn't enforce permission over Windows Symlinks or Junctions. As a result, a low-privileged user non-admin can craft a Junction Link in a directory he has full control of, breaking out of the sandbox...
CVE-2020-11707
CVE-2020-11707 affects ProVide (formerly zFTPServer) up to version 13.1. The issue is that Windows Symlinks/Junctions permissions are not enforced, allowing a low-privilege user who has directory control to craft a Junction Link and break out of the sandbox. Exploitation details and impact are de...
CVE-2020-0858
An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from...
CVE-2020-0854
An elevation of privilege vulnerability exists when Windows Mobile Device Management MDM Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability'...
CVE-2020-0858
An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from...
Windows Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate...
Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Windows Mobile Device Management MDM Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to delete files. To exploit this vulnerability, an attacker would first hav...
CVE-2020-0733
An elevation of privilege vulnerability exists when the Windows Malicious Software Removal Tool MSRT improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Malicious Software Removal Tool Elevation of Privilege...
Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows Malicious Software Removal Tool MSRT improperly handles junctions. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to...
CVE-2020-8095
A vulnerability in the improper handling of junctions before deletion in Bitdefender Total Security 2020 can allow an attacker to to trigger a denial of service on the affected device...
Design/Logic Flaw
A vulnerability in the improper handling of junctions before deletion in Bitdefender Total Security 2020 can allow an attacker to to trigger a denial of service on the affected device...
CVE-2020-8095
CVE-2020-8095 affects Bitdefender Total Security 2020, where the vulnerability lies in the incorrect handling of junctions. A local attacker with low privileges can exploit the flaw by creating a junction, abusing the service to delete arbitrary files, and causing a denial-of-service condition on...
Trend Micro Maximum Security Link Resolution Information Disclosure And Denial-of-Service Vulnerability
This vulnerability allows local attackers to disclose sensitive information or to create a denial-of-service condition on affected installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...
Privilege escalation
An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from...
Windows Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges...
CVE-2019-1303
An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from...
Privilege escalation
An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from...
CVE-2019-1253
An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from...
CVE-2019-1303
An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from...