132 matches found
Insecure Access Control
overlayfs uses insecure access control. Insufficient permission checking when copying up files in an overlayfs. An attacker is able to exploit the vulnerability to obtain read access to files on the system. that they would not normally be permitted to access...
Insecure Access Control
github.com/hashicorp uses insecure access controls. Improper scheduling of the batch token expiration time allows the batch token leases to outlive their TTL Time-to-live...
Insecure Access Control
istio is vulnerable to insecure access control due to incorrect translation of DENY policy for TCP service...
Insecure Access Control
github.com/hashicorp/consul uses an insecure access control. The changes to legacy ACL tokens rules are not enforced as they are not being propagated to the secondary data center...
CVE-2020-11968
In the web-panel in IQrouter through 3.3.1, remote attackers can read system logs because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a required step for settin...
solidflux.nl Improper Access Control vulnerability
Open Bug Bounty ID: OBB-1136536 Security Researcher keritzy Helped patch 2027 vulnerabilities Received 5 Coordinated Disclosure badges Received 4 recommendations , a holder of 5 badges for responsible and coordinated disclosure, found a security vulnerability affecting solidflux.nl website and it...
Avast Secure Browser Local Elevation of Privilege Vulnerability
Avast Secure Browser is a new browser built for privacy. A security vulnerability exists in Avast Secure Browser version 76.0.1659.101 that stems from an insecure ACL set by the AvastBrowserUpdate.exe file. The vulnerability can be exploited by creating a hard link named Update.ini in the...
PT-2020-9879 · Avast · Avast Secure Browser
Name of the Vulnerable Software and Affected Versions: Avast Secure Browser version 76.0.1659.101 Description: A Local Privilege Escalation issue was discovered due to an insecure ACL set by the AvastBrowserUpdate.exe when AvastSecureBrowser.exe checks for new updates. The elevated process cleans...
PT-2020-1416 · Oracle · X-Window-System +1
Name of the Vulnerable Software and Affected Versions: Oracle Solaris versions 10 and 11 Description: The issue is related to inadequate access control in the X Window System component of Oracle Solaris. It allows an attacker with low privileges and logon access to the infrastructure to compromis...
Design/Logic Flaw
OKER G232V1 v1.03.02.20161129 devices provide a root terminal on a UART serial interface without proper access control. This allows attackers with physical access to interrupt the boot sequence in order to execute arbitrary commands with root privileges and conduct further attacks...
nidv.eu Improper Access Control vulnerability
Security Researcher geeknik Helped patch 8525 vulnerabilities Received 8 Coordinated Disclosure badges Received 20 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting nidv.eu website and its users. Following coordinated and...
CVE-2019-13356
In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\bd\TDUpdate2\ used by AMRT.exe allows local attackers to hijack bdcore.dll, which leads to privilege escalation when the AMRT service loads the DLL...
CVE-2019-13355
In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\ used by ccschedulersvc.exe allows local attackers to hijack dotnetproxy.exe, which leads to privilege escalation when the ccSchedulerSVC service runs the executable...
CVE-2019-13355
In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\ used by ccschedulersvc.exe allows local attackers to hijack dotnetproxy.exe, which leads to privilege escalation when the ccSchedulerSVC service runs the executable...
CVE-2019-13355
In Total Defense Anti-virus 9.0.0.773, an insecure access control weakness on the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\ used by ccschedulersvc.exe allows a local attacker to hijack dotnetproxy.exe, enabling privilege escalation when the ccSchedulerSVC service executes the file. The...
CVE-2019-13355
In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\ used by ccschedulersvc.exe allows local attackers to hijack dotnetproxy.exe, which leads to privilege escalation when the ccSchedulerSVC service runs the executable...
CVE-2019-13356
In Total Defense Anti-virus 9.0.0.773, an insecure access-control issue in the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\bd\TDUpdate2\ used by AMRT.exe allows a local attacker to hijack bdcore.dll and escalate privileges when the AMRT service loads the DLL. The core issue is improper ac...
Information disclosure
On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product...
CVE-2016-11007
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpiuserid for invoice retrieval...
CVE-2018-9853
Insecure access control in freeSSHd version 1.3.1 allows attackers to obtain the privileges of the freesshd.exe process by leveraging the ability to login to an unprivileged account on the server...