Page 2 of 9 results (0.002 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 6

CVE-2020-5752 – Druva inSync Windows Client 6.6.3 - Local Privilege Escalation

https://notcve.org/view.php?id=CVE-2020-5752

Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges. Un salto de ruta relativa en Druva inSync Windows Client versión 6.6.3, permite a un atacante local, no autenticado, ejecutar comandos de sistema operativo arbitrarios con privilegios SYSTEM. Druva inSync Windows Client version 6.6.3 suffers from a local privilege escalation vulnerability. • https://www.exploit-db.com/exploits/48505 https://www.exploit-db.com/exploits/49211 https://github.com/yevh/CVE-2020-5752-Druva-inSync-Windows-Client-6.6.3---Local-Privilege-Escalation-PowerShell- http://packetstormsecurity.com/files/157802/Druva-inSync-Windows-Client-6.6.3-Local-Privilege-Escalation.html http://packetstormsecurity.com/files/160404/Druva-inSync-Windows-Client-6.6.3-Privilege-Escalation.html https://www.tenable.com/security/research/tra-2020-34 https://www.tenable.com/security& • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2019-4001

https://notcve.org/view.php?id=CVE-2019-4001

Improper input validation in Druva inSync Client 6.5.0 allows a local, authenticated attacker to execute arbitrary NodeJS code. Una comprobación de entrada inapropiada en Druva inSync Client versión 6.5.0, permite a un atacante local y autenticado ejecutar código NodeJS arbitrario. • https://www.tenable.com/security/research/tra-2020-12 • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1

CVE-2019-4000

https://notcve.org/view.php?id=CVE-2019-4000

Improper neutralization of directives in dynamically evaluated code in Druva inSync Mac OS Client 6.5.0 allows a local, authenticated attacker to execute arbitrary Python expressions with root privileges. Una neutralización inapropiada de las directivas en el código evaluado dinámicamente en Druva inSync Mac OS Client versión 6.5.0, permite a un atacante autenticado local ejecutar expresiones de Python arbitrarias con privilegios root. • https://www.tenable.com/security/research/tra-2020-12 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 4

CVE-2019-3999 – Druva inSync Windows Client 6.5.2 - Local Privilege Escalation

https://notcve.org/view.php?id=CVE-2019-3999

Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges. La neutralización inapropiada de elementos especiales utilizados en un comando del Sistema Operativo en Druva inSync Windows Client versión 6.5.0, permite a un atacante no autenticado local ejecutar comandos arbitrarios del sistema operativo con privilegios SYSTEM. Druva inSync Windows Client version 6.5.2 suffers from a local privilege escalation vulnerability. • https://www.exploit-db.com/exploits/48400 http://packetstormsecurity.com/files/157493/Druva-inSync-Windows-Client-6.5.2-Privilege-Escalation.html http://packetstormsecurity.com/files/157680/Druva-inSync-inSyncCPHwnet64.exe-RPC-Type-5-Privilege-Escalation.html https://www.tenable.com/security/research/tra-2020-12 https://www.tenable.com/security/research/tra-2020-34 https://github.com/tenable/poc/blob/master/druva/inSync/druva_win_cphwnet64.py https://www.matteomalvica.com/blog/2020/05/21/lpe- • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •