top of page

Gearfox Studios Group

Public·312 members

CVE-2019-3999 (insync Client) Fixed


The inSync Electron application is configured in such a way that a malicious local user can execute arbitrary NodeJS code in the context of theinSync client process. An attacker can accomplish this by launching inSync with a URL parameter pointing to an attacker-controlled HTML file containingNodeJS code.




CVE-2019-3999 (insync client)


DOWNLOAD: https://www.google.com/url?q=https%3A%2F%2Furluso.com%2F2tOuDe&sa=D&sntz=1&usg=AOvVaw1mbR-SbSZXO7F82YSvmztU



Druva inSync client for Windows exposes a network service onTCP port 6064 on the local network interface. inSyncversions 6.6.3 and prior do not properly validateuser-supplied program paths in RPC type 5 messages, allowingexecution of arbitrary commands as SYSTEM. This module hasbeen tested successfully on inSync versions 6.5.2r99097 and6.6.3r102156 on Windows 7 SP1 (x64).


Druva inSync client for Windows exposes a network service on TCPport 6064 on the local network interface. inSync versions 6.6.3and prior do not properly validate user-supplied program pathsin RPC type 5 messages, allowing execution of arbitrary commandsas SYSTEM. 350c69d7ab


About

Welcome to the group! You can connect with other members, ge...
Group Page: Groups_SingleGroup
bottom of page