UBUNTU-CVE-2023-2861

A flaw was found in the 9p passthrough filesystem 9pfs implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder...

GHSA-H5G9-2P35-54C7 nilsteampassnet/teampass vulnerable to cross-site scripting

Cross-site Scripting XSS - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. This enables an attacker to inject malicious code into a shared folder, which can then be executed by other users who have access to the folder...

nilsteampassnet/teampass vulnerable to cross-site scripting

Cross-site Scripting XSS - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. This enables an attacker to inject malicious code into a shared folder, which can then be executed by other users who have access to the folder...

PT-2023-20355 · Teampass · Teampass

Name of the Vulnerable Software and Affected Versions: teampass versions prior to 3.0.7 Description: The issue is related to improper neutralization of input during web page generation, also known as cross-site scripting. In the GitHub repository nilsteampassnet/teampass, if two users have the sa...

Stored XSS on items in Folder

Description first create two user accounts and grant them permission to access a same folder. In one of the accounts, generate a new item within the folder. Paste the payload XSS into this field, then save the item. Once saved, click on the item to activate an XSS alert. To confirm the success of...

Apple iOS 和 iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS and iPadOS, which originates from a file from the iCloud Shared by Me folder...

SUSE CVE-2017-3290

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Shared Folder. Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure wher...

SUSE CVE-2017-3538

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Shared Folder. Supported versions that are affected are Prior to 5.0.34 and Prior to 5.1.16. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle V...

SUSE CVE-2017-3587

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Shared Folder. Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle V...

SUSE CVE-2017-7471

Quick Emulator Qemu built with the VirtFS, host directory sharing via Plan 9 File System 9pfs support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to access host file system...

CVE-2022-22962

VMware Horizon Agent for Linux prior to 22.x contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic link. Successful exploitation can result in linking to a root owned file...

CVE-2022-22962

VMware Horizon Agent for Linux prior to 22.x contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic link. Successful exploitation can result in linking to a root owned file...

VMware Horizon 后置链接漏洞

VMware Horizon is a suite of foundation platforms for virtual desktops and applications from VMware. The product supports end users in accessing all their virtual desktops, applications and online services through a digital workspace. The VMware Horizon Client suffers from a backlink vulnerabilit...

CVE-2021-26620

An improper authentication vulnerability leading to information leakage was discovered in iptime NAS2dual. Remote attackers are able to steal important information in the server by exploiting vulnerabilities such as insufficient authentication when accessing the shared folder and changing user’s...

Authentication flaw

An improper authentication vulnerability leading to information leakage was discovered in iptime NAS2dual. Remote attackers are able to steal important information in the server by exploiting vulnerabilities such as insufficient authentication when accessing the shared folder and changing user’s...

CVE-2021-26620 IPTIME NAS2dual improper authentication vulnerability

An improper authentication vulnerability leading to information leakage was discovered in iptime NAS2dual. Remote attackers are able to steal important information in the server by exploiting vulnerabilities such as insufficient authentication when accessing the shared folder and changing user’s...

CVE-2021-26620

The CVE-2021-26620 entry describes an improper authentication vulnerability in iptime NAS2dual. The issue allows remote attackers to access a shared folder and alter a user’s password due to insufficient authentication, enabling potential information leakage. Reported impacts include exposure of ...

EFM ipTIME C200 IP Camera 授权问题漏洞

EFM ipTIME C200 IP Camera is a hardware device from EFM Korea. It provides a camera device for surveillance. A security vulnerability exists in the EFM ipTIME C200 IP Camera that stems from a problem with shared folder authentication. A remote attacker can exploit the vulnerability by using...

Keybase path traversal vulnerability

Keybase is a PGP technology-based social networking platform that supports end-to-end encryption.Keybase Client for Windows prior to version 5.7.0 is vulnerable to a path traversal vulnerability that stems from a networked system or product failing to properly filter special elements in a resourc...

CVE-2021-34422

The Keybase Client for Windows before version 5.7.0 contains a path traversal vulnerability when checking the name of a file uploaded to a team folder. A malicious user could upload a file to a shared folder with a specially crafted file name which could allow a user to execute an application whi...