EUVD-2020-17741

Malware in sbrugna...

Directus allows privilege escalation using Share feature

Summary When sharing an item, user can specify an arbitrary role. It allows user to use a higher-privileged role to see fields that otherwise the user should not be able to see. Details Specifying role on share should be available only for admins. The current flow has a security flaw. Each other...

GHSA-PMF4-V838-29HG Directus allows privilege escalation using Share feature

Summary When sharing an item, user can specify an arbitrary role. It allows user to use a higher-privileged role to see fields that otherwise the user should not be able to see. Details Specifying role on share should be available only for admins. The current flow has a security flaw. Each other...

CVE-2025-24353 Directus privilege escalation vulnerability using Share feature

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.2.0, when sharing an item, a typical user can specify an arbitrary role. It allows the user to use a higher-privileged role to see fields that otherwise the user should not be able to see. Instanc...

CVE-2025-24353 Directus privilege escalation vulnerability using Share feature

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.2.0, when sharing an item, a typical user can specify an arbitrary role. It allows the user to use a higher-privileged role to see fields that otherwise the user should not be able to see. Instanc...

CVE-2025-24353

Directus prior to version 11.2.0 is vulnerable to privilege escalation via the share feature. A user can specify an arbitrary role when sharing an item, enabling access to fields that should be restricted for their role. Affected instances are those using the share feature with a role hierarchy a...

Liquidfiles 跨站脚本漏洞

LiquidFiles is a virtual appliance that helps companies and organizations send, receive and share large files quickly and securely. A cross-site scripting vulnerability exists in the "Share" feature of LiquidFiles prior to version 3.3.19, which can be exploited by an attacker to execute commands ...

Huawei P30 Input Validation Error Vulnerability

Huawei P30 is a smartphone from Chinese company Huawei Huawei. An input validation error vulnerability exists in the Share feature in Huawei P30 version 9.1.0.193 C00E190R2P1. An attacker can exploit this vulnerability to cause the feature to be disabled by sending a specially crafted message to ...

Huawei P30 Access Control Error Vulnerability

Huawei P30 is a smartphone from Chinese company Huawei Huawei. An access control error vulnerability exists in the Share feature in Huawei P30 version 9.1.0.193 C00E190R2P1. An attacker can exploit the vulnerability to steal information from a P2P network by emulating a sender...

OwnCloud 8.1.8 Username Disclosure

OwnCloud version 8.1.8 stable are vulnerable to recovery all username login list. PoC: 1. Create an account in OwnCloud 2. Intercept connection with Burp 3. Share a file, typing anything --------------------------------------------------------- 4. Burp will capture this request GET...

Huawei Mate 20 X path traversal vulnerability

Huawei Mate 20 X is a smartphone from Chinese company Huawei Huawei. A path traversal vulnerability exists in the Share feature in Huawei Mate 20 X. The vulnerability stems from the failure of the software to properly verify the path of the transferred file during a transfer using Huawei share. A...