2 results (0.038 seconds)

CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 1

BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\GetSupportService_N-Central\PushUpdates, leading to arbitrary file deletion. BASupSrvcUpdater.exe en N-able Take Control Agent hasta 7.0.41.1141 anterior a 7.0.43 tiene una Condición de Ejecución TOCTOU a través de un pseudoenlace simbólico en %PROGRAMDATA%\GetSupportService_N-Central\PushUpdates, lo que lleva a la eliminación arbitraria de archivos. • https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0011.md • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0

Cross-site request forgery (CSRF) vulnerability in the Take Control module 6.x-2.x before 6.x-2.2 for Drupal allows remote attackers to hijack the authentication of unspecified users for Ajax requests that manipulate files. Vulnerabilidad de falsificación de peticiones en sitios cruzados (CSRF) en el módulo Take Control v6.x-2.x antes de v6.x-2.2 para Drupal, permite a atacantes remotos secuestrar la autenticación de usuarios no especificados en peticiones AJAX que manipulan ficheros. • http://drupal.org/node/1243604 http://drupal.org/node/1569512 http://secunia.com/advisories/49060 http://www.openwall.com/lists/oss-security/2012/05/10/6 http://www.openwall.com/lists/oss-security/2012/05/11/2 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.openwall.com/lists/oss-security/2012/06/15/6 http://www.securityfocus.com/bid/53452 https://exchange.xforce.ibmcloud.com/vulnerabilities/75504 • CWE-352: Cross-Site Request Forgery (CSRF) •