CVE-2021-34422 Path traversal of file names in Keybase Client for Windows

The Keybase Client for Windows before version 5.7.0 contains a path traversal vulnerability when checking the name of a file uploaded to a team folder. A malicious user could upload a file to a shared folder with a specially crafted file name which could allow a user to execute an application whi...

openSUSE Security Update : virtualbox (openSUSE-2021-165)

This update for virtualbox fixes the following issues : Version update to 6.1.18 released January 19 2021 This is a maintenance release. The following items were fixed and/or added : - Nested VM: Fixed hangs when executing SMP nested-guests under certain conditions on Intel hosts bug 19315, 19561...

Security update for virtualbox (important)

openSUSE Security Update: Security update for virtualbox Announcement ID: openSUSE-SU-2021:0165-1 Rating: important References: 1181197 1181198 Cross-References: CVE-2021-2074 CVE-2021-2129 Affected Products: openSUSE Leap 15.2 An update that fixes two vulnerabilities is now available. Descriptio...

Event 55 when you copy an encrypted folder to EFS shared folder in Windows

Event 55 when you copy an encrypted folder to EFS shared folder in Windows Symptoms Assume that you enable Encryption File System EFS on a shared folder on a computer that is running Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7 Service Pack 1 SP1, Windows Server...

RICOH SP C250DN Trust Management Issues Vulnerability

The RICOH SP C250DN is a printer from the Japanese company Ricoh RICOH. A security vulnerability exists in the Ricoh SP C250DN version 1.05, which originates from the presence of hard-coded FTP service credentials in the printer firmware. The vulnerability can be exploited by an attacker to acces...

Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2018-1321)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-5195

Reflected XSS through an IMG element in Cerberus FTP Server prior to versions 11.0.1 and 10.0.17 allows a remote attacker to execute arbitrary JavaScript or HTML via a crafted public folder URL. This occurs because of the folderup.png IMG element not properly sanitizing user-inserted directory...

openSUSE Security Update : virtualbox (openSUSE-2019-1547)

This update for virtualbox to version 5.2.24 fixes the following issues : Multiple security issues fixed : CVE-2019-2500, CVE-2019-2524, CVE-2019-2552, CVE-2018-3309, CVE-2019-2520 CVE-2019-2521, CVE-2019-2522, CVE-2019-2523, CVE-2019-2526, CVE-2019-2548 CVE-2018-11763, CVE-2019-2511,...

January 15, 2019—KB4480967 (OS Build 16299.936)

January 15, 2019—KB4480967 OS Build 16299.936 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses an issue in Microsoft Edge that fails to trigger the focusin event if the focus even...

TerraMaster TOS Cross-Site Scripting Vulnerability (CNVD-2018-26657)

TerraMaster TOS is a set of storage server special operating system based on Linux platform developed by Terra Master. The system supports file sharing, cloud data synchronization, data backup and virtualization. A cross-site scripting vulnerability exists in Control Panel in TerraMaster TOS...

CVE-2018-13335

Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing shared folders via their descriptions...

DEBIAN-CVE-2017-7471

Quick Emulator Qemu built with the VirtFS, host directory sharing via Plan 9 File System 9pfs support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to access host file system...

Input validation

Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host...

CVE-2016-9602

Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host...

Windows NTLM Auth Hash Disclosure / Denial Of Service Vulnerabilities

Under certain circumstances a shared folder on Windows can be abused remotely to obtain the user credentials and to freeze the machine. Hello, I want to share some information with the people on the list. On May 24, I found a problem with NTLM auth on Windows. Under certain circumstances a shared...

Windows NTLM Auth Hash Disclosure / Denial Of Service

Hello, I want to share some information with the people on the list. On May 24, I found a problem with NTLM auth on Windows. Under certain circumstances a shared folder on Windows can be abused remotely to obtain the user credentials and to freeze the machine. This was already reported to MSRC on...

PT-2017-18855 · Owncloud · Owncloud Server

Name of the Vulnerable Software and Affected Versions: ownCloud Server versions prior to 10.0.2 Description: An attacker with normal user privileges can potentially delete shared folders in ownCloud Server. Recommendations: For versions prior to 10.0.2, update to version 10.0.2 or later to resolv...

ownCloud Remote Elevation of Privilege Vulnerability

ownCloud is a free and open source personal cloud storage solution from the German company ownCloud, which provides file management, music storage, calendaring and other features. ownCloud server is a server version. There is a security vulnerability in ownCloud Server. An attacker can utilize th...

Parallels Desktop - Virtual Machine Escape

Parallels Desktop - Virtual Machine Escape + Title: Parallels Desktop - Virtual Machine Escape + Product: Parallels + Vendor: http://www.parallels.com/products/desktop/ + Affected Versions: All Version Author : Mohammad Reza Espargham Linkedin : https://ir.linkedin.com/in/rezasp...

Parallels Desktop - Virtual Machine Escape Vulnerability

Exploit for windows platform in category local exploits + Title: Parallels Desktop - Virtual Machine Escape + Product: Parallels + Vendor: http://www.parallels.com/products/desktop/ + Affected Versions: All Version Author : Mohammad Reza Espargham Linkedin : https://ir.linkedin.com/in/rezasp E-Ma...