Lucene search
K

182 matches found

Vulnrichment
Vulnrichment
added 2025/11/26 1:16 a.m.3 views

CVE-2025-66266 Insecure SYSTEM Service Permissions in UPSilon2000V6.0 (RupsMon.exe) leading to trivial Local Privilege Escalation

The RupsMon.exe service executable in UPSilon 2000 has insecure permissions, allowing the 'Everyone' group Full Control. A local attacker can replace the executable with a malicious binary to execute code with SYSTEM privileges or simply change the config path of the service to a command; startin...

9.3CVSS7.5AI score0.0012EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/26 1:16 a.m.12 views

CVE-2025-66266 Insecure SYSTEM Service Permissions in UPSilon2000V6.0 (RupsMon.exe) leading to trivial Local Privilege Escalation

The RupsMon.exe service executable in UPSilon 2000 has insecure permissions, allowing the 'Everyone' group Full Control. A local attacker can replace the executable with a malicious binary to execute code with SYSTEM privileges or simply change the config path of the service to a command; startin...

9.3CVSS0.0012EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/26 12:0 a.m.5 views

PT-2025-48122

The RupsMon.exe service executable in UPSilon 2000 has insecure permissions, allowing the 'Everyone' group Full Control. A local attacker can replace the executable with a malicious binary to execute code with SYSTEM privileges or simply change the config path of the service to a command; startin...

9.3CVSS7.8AI score0.0012EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/12 12:20 a.m.17 views

CVE-2025-57392

BenimPOS Masaustu 3.0.x is affected by insecure file permissions. The application installation directory grants Everyone and BUILTIN\Users groups FILEALLACCESS, allowing local users to replace or modify .exe and .dll files. This may lead to privilege escalation or arbitrary code execution upon...

7.8CVSS7.8AI score0.00181EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:38 a.m.16 views

CVE-2023-26918

Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. This occurs because %ProgramFiles%\FileReplicationPro allows Everyone:F access...

9.8CVSS7.1AI score0.06051EPSS
Exploits4References1
Positive Technologies
Positive Technologies
added 2024/12/23 12:0 a.m.7 views

PT-2024-17791 · Evoko · Evoko Home

Name of the Vulnerable Software and Affected Versions: Evoko Home versions 2.4.2 through 2.7.4 Description: The issue is related to incorrect default permissions in Evoko Home, allowing a non-admin user to exploit weak file and folder permissions and potentially escalate privileges, execute...

7.8CVSS7.5AI score0.00199EPSS
Exploits0References8
Cvelist
Cvelist
added 2024/11/28 3:41 p.m.17 views

CVE-2024-11969 Incorrect default permissions in Cradlepoint NetCloud Exchange

The NetCloud Exchange client for Windows, version 1.110.50, contains an insecure file and folder permissions vulnerability. A normal non-admin user could exploit the weakness in file and folder permissions to escalate privileges, execute arbitrary code and maintain persistence on the compromised...

8.8CVSS0.00163EPSS
Exploits0References1
CVE
CVE
added 2024/11/28 3:41 p.m.50 views

CVE-2024-11969

The NetCloud Exchange client for Windows v1.110.50 has an insecure file/folder permissions issue that grants full control to the Everyone group, enabling a local non-admin user to escalate privileges, potentially execute arbitrary code, and maintain persistence. No explicit remediation version is...

8.8CVSS8.9AI score0.00163EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/28 12:0 a.m.5 views

PT-2024-17372 · Unknown · Netcloud Exchange Client For Windows

Name of the Vulnerable Software and Affected Versions: NetCloud Exchange client for Windows version 1.110.50 Description: The NetCloud Exchange client for Windows contains an insecure file and folder permissions vulnerability. A normal user could exploit the weakness in file and folder permission...

8.8CVSS7.6AI score0.00163EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/06/24 8:50 a.m.12 views

CVE-2024-36495 Read/Write Permissions for Everyone on Configuration File

The application Faronics WINSelect Standard + Enterprise saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file: C:\ProgramData\WINSelect\WINSelect.wsd The path for the affected WINSelect Enterprise configuration file is:...

7.1AI score0.0031EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/06/24 8:50 a.m.52 views

CVE-2024-36495 Read/Write Permissions for Everyone on Configuration File

The application Faronics WINSelect Standard + Enterprise saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file: C:\ProgramData\WINSelect\WINSelect.wsd The path for the affected WINSelect Enterprise configuration file is:...

0.0031EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/06/24 12:0 a.m.7 views

PT-2024-27029 · Faronics · Winselect

Name of the Vulnerable Software and Affected Versions: Faronics WINSelect Standard + Enterprise affected versions not specified Description: The application saves its configuration in an encrypted file on the file system, which "Everyone" has read and write access to. The paths to the configurati...

7.7CVSS6.8AI score0.0031EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2024/04/30 12:0 a.m.10 views

CVE-2023-50914

A Privilege Escalation issue in the inter-process communication procedure from GOG Galaxy Beta 2.0.67.2 through v2.0.71.2 allows authentictaed users to change the DACL of arbitrary system directories to include Everyone full control permissions by modifying the FixDirectoryPrivileges instruction...

7AI score0.00701EPSS
Exploits1References4
CVE
CVE
added 2024/04/30 12:0 a.m.49 views

CVE-2023-50914

CVE-2023-50914 is a local privilege escalation in GOG Galaxy (Beta) IPC between GalaxyClient.exe and GalaxyClientService.exe. From 2.0.67.2 through 2.0.71.2, an authenticated user can forge IPC packets via FixDirectoryPrivileges, altering the DACL of arbitrary system directories to grant Everyone...

6.7CVSS6.9AI score0.00701EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/03/30 12:0 a.m.5 views

LoLLMs 安全漏洞

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A security vulnerability exists in LoLLMs versions prior to 9.1 that stems from allowing everyone to access the cors configuration...

8.8CVSS8.7AI score0.00445EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/02/08 12:0 a.m.7 views

PT-2024-17934

Name of the Vulnerable Software and Affected Versions kinto-attachment versions prior to 6.4.0 Description The issue allows an attachment file of an existing record to be replaced if a user has read permission on one of the parent collections or buckets. Furthermore, if the read permission is...

8.6CVSS5.9AI score0.00702EPSS
Exploits0References9
Packet Storm
Packet Storm
added 2024/01/10 12:0 a.m.232 views

Backdoor.Win32 Carbanak (Anunak) MVID-2024-0667 Named Pipe NULL DACL

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/b8e1e5b832e5947f41fd6ae6ef6d09a1.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32 Carbanak Anunak Vulnerability: Named Pipe Null DACL Family: Carbanak Type:...

7.4AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2023/09/11 7:15 p.m.4 views

CVE-2023-31468

An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 Runtime RT7.3 RC3 20221209.5. The "%PROGRAMFILESX86%\INOSOFT GmbH" folder has weak permissions for Everyone, allowing an attacker to insert a Trojan horse file that runs as SYSTEM. 2024-1 is a fixed version...

7.8CVSS7.1AI score0.00823EPSS
Exploits4References8
OSV
OSV
added 2023/09/11 7:15 p.m.4 views

CVE-2023-31468

An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 Runtime RT7.3 RC3 20221209.5. The "%PROGRAMFILESX86%\INOSOFT GmbH" folder has weak permissions for Everyone, allowing an attacker to insert a Trojan horse file that runs as SYSTEM. 2024-1 is a fixed version...

7.8CVSS5.8AI score0.00823EPSS
Exploits4References7
OSV
OSV
added 2023/09/11 7:15 p.m.4 views

CVE-2023-31068

An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILESX86%\TSplus\UserDesktop\themes...

9.8CVSS5.8AI score0.02849EPSS
Exploits3References2
Rows per page
Query Builder