Published: 31/05/2019 Updated: 11/05/2020

CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 445

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Evernote 7.9 on macOS allows malicious users to execute arbitrary programs by embedding a reference to a local executable file such as the /Applications/Calculator.app/Contents/MacOS/Calculator file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
evernote evernote 7.9

Exploit Title: Code execution via path traversal # Date: 17-04-2019 # Exploit Author: Dhiraj Mishra # Vendor Homepage: evernotecom/ # Software Link: evernotecom/download # Version: 79 # Tested on: macOS Mojave v10144 # CVE: CVE-2019-10038 # References: # nvdnistgov/vuln/detail/CVE-2019-10038 # wwwinputzeroio/ ...

Evernote version 49 suffers from a path traversal that can allow for code execution ...

CWE-22 https://www.inputzero.io/2019/04/evernote-cve-2019-10038.html https://evernote.com/security/updates https://drive.google.com/file/d/1cmWixK1vAh7oZ2y3Y3ZtVeSoTRp8c1Ts/view?usp=sharing https://nvd.nist.gov https://www.exploit-db.com/exploits/46724

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-10038

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect