CVE-2019-18368
https://notcve.org/view.php?id=CVE-2019-18368
In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible. En JetBrains Toolbox App versiones anteriores a 1.15.5666 para Windows, una escalada de privilegios era posible. • https://blog.jetbrains.com/blog/2019/10/29/jetbrains-security-bulletin-q3-2019 •
CVE-2019-14959
https://notcve.org/view.php?id=CVE-2019-14959
JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection. JetBrains Toolbox versiones anteriores a 1.15.5605, estaba resolviendo una URL interna por medio de una conexión http de texto claro. • https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019 • CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2019-12280
https://notcve.org/view.php?id=CVE-2019-12280
PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element. PC-Doctor Toolbox anterior a la versión 7.3 tiene un elemento path de búsqueda no controlada. • http://packetstormsecurity.com/files/153374/PC-Doctor-Toolbox-DLL-Hijacking.html http://seclists.org/fulldisclosure/2019/Jun/29 http://www.pc-doctor.com/company/pr-articles/130-pc-doctor-responds-to-software-vulnerability-report http://www.securityfocus.com/bid/108880 https://safebreach.com/Press-Post/SafeBreach-Identifies-Serious-Vulnerability-In-PC-Doctor-Software https://seclists.org/fulldisclosure/2019/Jun/29 https://www.dell.com/support/article/il/en/ilbsdt1/sln317291/dsa-2019-084-dell-supportassist • CWE-427: Uncontrolled Search Path Element •
CVE-2007-6139 – Mp3 ToolBox 1.0 Beta 5 - 'skin_file' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-6139
PHP remote file inclusion vulnerability in index.php in Mp3 ToolBox 1.0 beta 5 allows remote attackers to execute arbitrary PHP code via a URL in the skin_file parameter. Vulnerabilidad de inclusión remota de archivo en PHP en index.php de Mp3 ToolBox 1.0 beta 5 permite a atacantes remotos ejecutar código PHP de su elección mediante un URL en el parámetro skin_file. • https://www.exploit-db.com/exploits/4650 http://www.securityfocus.com/archive/1/484121/100/0/threaded http://www.vupen.com/english/advisories/2007/3997 https://exchange.xforce.ibmcloud.com/vulnerabilities/38598 • CWE-94: Improper Control of Generation of Code ('Code Injection') •