EUVD-2019-13483

Malware in sbrugna...

EUVD-2024-52652

Malicious code in bioql PyPI...

CVE-2024-54681

Multiple bash files were present in the application's private directory. Bash files can be used on their own, by an attacker that has already full access to the mobile platform to compromise the translations for the application...

CVE-2017-16661

Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd with a Log Path under /etc to read /etc/passwd...

CVE-2024-54681

Multiple bash files were present in the application's private directory. Bash files can be used on their own, by an attacker that has already full access to the mobile platform to compromise the translations for the application...

CVE-2024-54681

CVE-2024-54681 affects Ossur Mobile Logic Application. Connected sources confirm the root cause is the presence of multiple bash files in the application’s private directory, which an attacker with full access on the mobile platform can use to compromise translations. Public mentions (e.g., Red H...

OESA-2023-1756 samba security update

Samba is a suite of programs for Linux and Unix to interoperate with Windows. Security Fixes: A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB...

OESA-2023-1757 samba security update

Samba is a suite of programs for Linux and Unix to interoperate with Windows. Security Fixes: A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB...

Improper validation of intent data received in TextViewerActivity allows opening of arbitrary files in hamza417/inure

Description Tested on Build89 of the Inure application. It was discovered that the application had an exported activity .activities.association.TextViewerActivity which accepted intent data via the file scheme + text/ mime type and opened the associated files from provided URI data string. The...

CVE-2023-36612

Directory traversal can occur in the Basecamp com.basecamp.bc3 application before 4.2.1 for Android, which may allow an attacker to write arbitrary files in the application's private directory. Additionally, by using a malicious intent, the attacker may redirect the server's responses containing...

CVE-2023-36612

Directory traversal can occur in the Basecamp com.basecamp.bc3 application before 4.2.1 for Android, which may allow an attacker to write arbitrary files in the application's private directory. Additionally, by using a malicious intent, the attacker may redirect the server's responses containing...

Wordfence 7.10.0 Released!

Wordfence remains the number one security plugin of choice for website owners serious about protecting their investment and their customers. Our Threat Intelligence team and engineering team stay abreast of the newest threats and ensure that Wordfence is able to protect against them. But keeping ...

SUSE CVE-2011-1835

The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps...

CVE-2020-1945

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build...

CVE-2011-2726

An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent node is denied...

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack snap-confine in snapd before 2.38 incorrectly set the ownership of a snap application to the uid and gid of the first calling user. Consequently, that user had unintended access to a private /tmp directory. Remediation...

CVE-2019-11502

snap-confine in snapd before 2.38 incorrectly set the ownership of a snap application to the uid and gid of the first calling user. Consequently, that user had unintended access to a private /tmp directory...

AZL-45057 CVE-2019-3870 affecting package samba for versions less than 4.18.3-1

A vulnerability was found in Samba from version including 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner root only access. However in some...

PT-2019-4610 · Samba +1 · Samba +1

Name of the Vulnerable Software and Affected Versions: Samba versions 4.9 through 4.9.5 Samba versions 4.10.0 through 4.10.1 Description: A vulnerability was found in Samba related to the creation of a new Samba AD DC. During this process, files are created in a private subdirectory of the instal...

Design/Logic Flaw

Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd with a Log Path under /etc to read /etc/passwd...