top of page

Rahim

Herkese Açık·8 İnsanlar

CVE-2019-3999 (insync Client)


The inSync Electron application is configured in such a way that a malicious local user can execute arbitrary NodeJS code in the context of theinSync client process. An attacker can accomplish this by launching inSync with a URL parameter pointing to an attacker-controlled HTML file containingNodeJS code.




CVE-2019-3999 (insync client)


Download Zip: https://www.google.com/url?q=https%3A%2F%2Ftweeat.com%2F2u3PdV&sa=D&sntz=1&usg=AOvVaw0PKbGMSogUx-wVS4sQ2Wom



Druva inSync client for Windows exposes a network service onTCP port 6064 on the local network interface. inSyncversions 6.6.3 and prior do not properly validateuser-supplied program paths in RPC type 5 messages, allowingexecution of arbitrary commands as SYSTEM. This module hasbeen tested successfully on inSync versions 6.5.2r99097 and6.6.3r102156 on Windows 7 SP1 (x64).


Druva inSync client for Windows exposes a network service on TCPport 6064 on the local network interface. inSync versions 6.6.3and prior do not properly validate user-supplied program pathsin RPC type 5 messages, allowing execution of arbitrary commandsas SYSTEM.


Hakkında

Şefkatle bağlantı meskeni olan bu gruba hoşgeldin. Burada gö...
bottom of page