Lucene search
+L

25 matches found

packetstorm
packetstorm
added 2026/04/21 12:0 a.m.175 views

📄 Below Log File Symlink Privilege Escalation

This Metasploit module exploits a local privilege escalation vulnerability in the below utility when executed with sudo. This affects versions prior to 0.9.0. ================================================================================================================================== | Title...

6.8CVSS7.1AI score0.0036EPSS
Exploits23
githubexploit
githubexploit
added 2026/04/16 1:18 a.m.188 views

Exploit for Incorrect Permission Assignment for Critical Resource in Facebook Below

CVE-2025-27591 — Meta below Symlink Local Privilege Escalati...

6.8CVSS7.2AI score0.0036EPSS
Exploits23
circl
circl
added 2026/03/12 1:30 a.m.8 views

CVE-2026-27591

creationtimestamp| type| source ---|---|--- 2026-03-12 01:30:39+00:00| seen| https://infosec.exchange/users/offseq/statuses/116213614461031957 2026-03-12 12:48:45+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mgugq5rnq32h 2026-03-12 23:01:22+00:00| seen|...

9.9CVSS5.7AI score0.00486EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/01/09 9:21 a.m.9 views

CVE-2021-27591

When a user opens manipulated Portable Document Format .PDF format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application...

7.8CVSS6.8AI score0.01242EPSS
Exploits0References1
githubexploit
githubexploit
added 2025/08/16 11:54 a.m.133 views

Exploit for Incorrect Permission Assignment for Critical Resource in Facebook Below

CVE-2025-27591 Below v0.9.0 PoC Privilege Escalation Expl...

6.8CVSS8.7AI score0.0036EPSS
Exploits23
githubexploit
githubexploit
added 2025/07/19 10:17 p.m.124 views

Exploit for Incorrect Permission Assignment for Critical Resource in Facebook Below

CVE-2025-27591 – Privilege Escalation via Symlink Abuse in be...

6.8CVSS8AI score0.0036EPSS
Exploits23
githubexploit
githubexploit
added 2025/07/19 10:17 p.m.850 views

Exploit for Incorrect Permission Assignment for Critical Resource in Facebook Below

CVE-2025-27591 – Privilege Escalation via Symlink Abuse in be...

6.8CVSS8AI score0.0036EPSS
Exploits23
githubexploit
githubexploit
added 2025/07/16 10:31 p.m.322 views

Exploit for Incorrect Permission Assignment for Critical Resource in Facebook Below

Proof-Of-Concept Usage 1. build bash go build -o poc e...

6.8CVSS7.5AI score0.0036EPSS
Exploits23
githubexploit
githubexploit
added 2025/07/15 5:48 a.m.394 views

Exploit for Incorrect Permission Assignment for Critical Resource in Facebook Below

CVE-2025-27591 - Privilege Escalation via Writable Symlink in...

6.8CVSS7.7AI score0.0036EPSS
Exploits23
githubexploit
githubexploit
added 2025/07/12 10:50 p.m.747 views

Exploit for Incorrect Permission Assignment for Critical Resource in Facebook Below

Below - Local Privilege Escalation CVE-2025-27591 B...

6.8CVSS7.8AI score0.0036EPSS
Exploits23
githubexploit
githubexploit
added 2025/07/12 9:17 p.m.1060 views

Exploit for Incorrect Permission Assignment for Critical Resource in Facebook Below

CVE-2025-27591 - Privilege Escalation via below This reposi...

6.8CVSS7.7AI score0.0036EPSS
Exploits23
circl
circl
added 2025/03/11 9:48 p.m.14 views

CVE-2025-27591

creationtimestamp| type| source ---|---|--- 2025-03-11 21:48:55+00:00| seen| https://t.me/cvedetector/20126 2025-03-12 12:00:41+00:00| seen| https://bsky.app/profile/buherator.bsky.social/post/3lk6ju6fw642e 2025-03-12 12:09:31+00:00| seen|...

6.8CVSS7.2AI score0.0036EPSS
Exploits23References21
cvelist
cvelist
added 2025/03/11 6:29 p.m.18 views

CVE-2025-27591

A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow...

0.0036EPSS
Exploits23References2
vulnrichment
vulnrichment
added 2025/03/11 6:29 p.m.5 views

CVE-2025-27591

A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow...

7.3AI score0.0036EPSS
Exploits23References2
osv
osv
added 2025/03/11 6:29 p.m.8 views

CVE-2025-27591

A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow...

6.8CVSS7AI score0.0036EPSS
Exploits23References5
circl
circl
added 2023/03/17 11:31 p.m.7 views

CVE-2023-27591

creationtimestamp| type| source ---|---|--- 2023-03-17 23:31:47+00:00| seen| https://t.me/cibsecurity/60273...

7.5CVSS7.3AI score0.00755EPSS
Exploits0References1
nvd
nvd
added 2023/03/17 8:15 p.m.29 views

CVE-2023-27591

Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the METRICSCOLLECTOR configuration option is enabled and METRICSALLOWEDNETWORKS is set to 127.0.0.1/8 the default. A patch is available in...

7.5CVSS7.6AI score0.00755EPSS
Exploits0References4
cvelist
cvelist
added 2023/03/17 7:4 p.m.44 views

CVE-2023-27591 Unauthenticated Miniflux user can bypass allowed networks check to obtain Prometheus metrics

Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the METRICSCOLLECTOR configuration option is enabled and METRICSALLOWEDNETWORKS is set to 127.0.0.1/8 the default. A patch is available in...

7.5CVSS7.8AI score0.00755EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2023/03/17 7:4 p.m.8 views

CVE-2023-27591 Unauthenticated Miniflux user can bypass allowed networks check to obtain Prometheus metrics

Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the METRICSCOLLECTOR configuration option is enabled and METRICSALLOWEDNETWORKS is set to 127.0.0.1/8 the default. A patch is available in...

7.5CVSS7.6AI score0.00755EPSS
Exploits0References4
cve
cve
added 2023/03/17 7:4 p.m.84 views

CVE-2023-27591

CVE-2023-27591 affects Miniflux prior to v2.0.43. An unauthenticated user could retrieve Prometheus metrics from a publicly reachable Miniflux instance when the metrics collector is enabled and METRICS_ALLOWED_NETWORKS is set to 127.0.0.1/8 (default). A patch is available in Miniflux v2.0.43. Wor...

7.5CVSS7.6AI score0.00755EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder