CVE-2026-12602

Incorrect default permissions in ArubaSign, affecting versions prior to v4.6.6. The vulnerability is caused by the assignment of inappropriate permissions during the software’s default installation, whereby the main executable and other programme files located in C:\Program Files have excessive...

EUVD-2026-38230

Incorrect default permissions in ArubaSign, affecting versions prior to v4.6.6. The vulnerability is caused by the assignment of inappropriate permissions during the software’s default installation, whereby the main executable and other programme files located in C:\Program Files have excessive...

EUVD-2016-10821

Wowza Streaming Engine 4.5.0 contains a local privilege escalation vulnerability that allows authenticated users to escalate privileges by replacing executable files due to improper file permissions granting full access to the Everyone group. Attackers can replace the nssmx64.exe binary in the...

CVE-2016-20033 Wowza Streaming Engine 4.5.0 Local Privilege Escalation via nssm_x64.exe

Wowza Streaming Engine 4.5.0 contains a local privilege escalation vulnerability that allows authenticated users to escalate privileges by replacing executable files due to improper file permissions granting full access to the Everyone group. Attackers can replace the nssmx64.exe binary in the...

EUVD-2025-206271

Details On October 1, 2025, Palantir discovered that images uploaded through the Dossier front-end app were not being marked correctly with the proper security levels. The regression was traced back to a change in May 2025, which was meant to allow file uploads to be shared among different...

CVE-2023-31468

An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 Runtime RT7.3 RC3 20221209.5. The "%PROGRAMFILESX86%\INOSOFT GmbH" folder has weak permissions for Everyone, allowing an attacker to insert a Trojan horse file that runs as SYSTEM. 2024-1 is a fixed version...

CVE-2021-28271

Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. The vulnerability is due to improper permissions with the 'F' flag Full for 'Everyone'and 'Authenticated...

Palantir Gotham和Palantir Dossier 安全漏洞

Palantir Gotham and Palantir Dossier are both products of Palantir Corporation, a U.S.-based company.Palantir Gotham is a commercially available, artificial intelligence-enabled operating system.Palantir Dossier is a writing survey and dynamic reporting tool. A security vulnerability exists in...

CVE-2025-66266

CVE-2025-66266 concerns the RupsMon.exe service executable in UPSilon 2000. The vulnerability stems from insecure permissions that grant the Everyone group Full Control, enabling a local attacker to replace the binary with a malicious one to execute code with SYSTEM privileges or to alter the ser...

EUVD-2025-199688

The RupsMon.exe service executable in UPSilon 2000 has insecure permissions, allowing the 'Everyone' group Full Control. A local attacker can replace the executable with a malicious binary to execute code with SYSTEM privileges or simply change the config path of the service to a command; startin...

PT-2024-17791 · Evoko · Evoko Home

Name of the Vulnerable Software and Affected Versions: Evoko Home versions 2.4.2 through 2.7.4 Description: The issue is related to incorrect default permissions in Evoko Home, allowing a non-admin user to exploit weak file and folder permissions and potentially escalate privileges, execute...

CVE-2024-11969 Incorrect default permissions in Cradlepoint NetCloud Exchange

The NetCloud Exchange client for Windows, version 1.110.50, contains an insecure file and folder permissions vulnerability. A normal non-admin user could exploit the weakness in file and folder permissions to escalate privileges, execute arbitrary code and maintain persistence on the compromised...

CVE-2024-11969

The NetCloud Exchange client for Windows v1.110.50 has an insecure file/folder permissions issue that grants full control to the Everyone group, enabling a local non-admin user to escalate privileges, potentially execute arbitrary code, and maintain persistence. No explicit remediation version is...

PT-2024-17372 · Unknown · Netcloud Exchange Client For Windows

Name of the Vulnerable Software and Affected Versions: NetCloud Exchange client for Windows version 1.110.50 Description: The NetCloud Exchange client for Windows contains an insecure file and folder permissions vulnerability. A normal user could exploit the weakness in file and folder permission...

PT-2023-23130 · Tsplus · Tsplus Remote Access

Name of the Vulnerable Software and Affected Versions: TSplus Remote Access versions through 16.0.2.14 Description: An issue was discovered in TSplus Remote Access where some directories under %PROGRAMFILESX86%TSplusClientswww have Full Control permissions for Everyone. Recommendations: For...

PT-2022-23177 · Gocd · Gocd

Name of the Vulnerable Software and Affected Versions: GoCD versions prior to 22.2.0 Description: GoCD is a continuous delivery server. The issue arises from inadequate permission restrictions during Windows installations of GoCD server or agent installers outside of the default location. This...

Privilege escalation

The Gw2-64.exe in Guild Wars 2 launcher version 106916 suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file with a binary of his choice. The vulnerability exist due to the improper permissions, with the 'F' flag...

Soyal Technologies SOYAL 701Server 安全漏洞

SOYAL Soyal Technology 701Server is a hardware device from China's Maosu Information SOYAL. A toilet alarm. A security vulnerability exists in Soyal Technologies SOYAL 701Server 9.0.1, which is caused by improper privileges to the "Everyone" and "Authenticated Users" groups using the "F The...

CVE-2021-28098

An issue was discovered in Forescout CounterACT before 8.1.4. A local privilege escalation vulnerability is present in the logging function. SecureConnector runs with administrative privileges and writes logs entries to a file in %PROGRAMDATA%\ForeScout SecureConnector\ that has full permissions...

Kepware LinkMaster Service privilege escalation vulnerability

Talos Vulnerability Report TALOS-2020-1147 Kepware LinkMaster Service privilege escalation vulnerability December 16, 2020 CVE Number CVE-2020-13535 Summary A privilege escalation vulnerability exists in Kepware LinkMaster 3.0.94.0. In its default configuration, an attacker can globally overwrite...