CVE-2020-37160

SprintWork 2.3.1 contains multiple local privilege escalation vulnerabilities through insecure file, service, and folder permissions on Windows systems. Local unprivileged users can exploit missing executable files and weak service configurations to create a new administrative user and gain...

CVE-2023-4341

Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI...

EUVD-2023-54206

Malicious code in bioql PyPI...

Acronis Cyber Files 安全漏洞

Acronis Cyber Files is a secure file synchronization and sharing solution from Acronis Switzerland. A security vulnerability exists in Acronis Cyber Files versions prior to 9.0.0x24 that stems from insecure folder permissions that result in local elevation of privileges...

Inosoft VisiWin 7 2022-2.1 Insecure Permissions / Privilege Escalation

Exploit Title: Inosoft VisiWin 7 2022-2.1 - Insecure Folders Permissions Privilege Escalation Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://www.inosoft.com/ Version: Up to 2022-2.1 Runtime RT7.3 RC3 20221209.5 Tested on: Windows CVE:...

TSPlus 16.0.0.0 Insecure Permissions

Exploit Title: TSplus 16.0.0.0 - Remote Work Insecure Files and Folders Permissions Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://tsplus.net/ Version: Up to 16.0.0.0 Tested on: Windows CVE : CVE-2023-31068 With TSPlus Remote Work v...

Inosoft VisiWin 7 2022-2.1 - Insecure Folders Permissions

Exploit Title: Inosoft VisiWin 7 2022-2.1 - Insecure Folders Permissions Privilege Escalation Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://www.inosoft.com/ Version: Up to 2022-2.1 Runtime RT7.3 RC3 20221209.5 Tested on: Windows CVE:...

TSplus 16.0.0.0 - Remote Work Insecure Files and Folders Vulnerability

Exploit Title: TSplus 16.0.0.0 - Remote Work Insecure Files and Folders Permissions Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://tsplus.net/ Version: Up to 16.0.0.0 Tested on: Windows CVE : CVE-2023-31068 With TSPlus Remote Work v. 16.0.0.0 you can crea...

CVE-2023-4341

Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI...

CVE-2023-4341

Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI...

Privilege escalation

Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI...

CVE-2023-4341 Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI

Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI...

PT-2023-28820 · Broadcom · Broadcom Raid Controller

Name of the Vulnerable Software and Affected Versions: Broadcom RAID Controller affected versions not specified Description: The issue is related to the creation of insecure folders by the Web GUI, which can lead to privilege escalation to root. Recommendations: At the moment, there is no...

CVE-2022-33877

An incorrect default permission CWE-276 vulnerability in FortiClient Windows versions 7.0.0 through 7.0.6 and 6.4.0 through 6.4.8 and FortiConverter Windows versions 6.2.0 through 6.2.1, 7.0.0 and all versions of 6.0.0 may allow a local authenticated attacker to tamper with files in the...

OpenClinic GA 5.194.18 Privilege Escalation

Exploit Title: OpenClinic GA 5.194.18 - Local Privilege Escalation Date: 2021-07-24 Author: Alessandro Salzano Vendor Homepage: https://sourceforge.net/projects/open-clinic/ Software Homepage: https://sourceforge.net/projects/open-clinic/ Software Link:...

OpenClinic GA 5.194.18 - Local Privilege Escalation Vulnerability

Exploit Title: OpenClinic GA 5.194.18 - Local Privilege Escalation Author: Alessandro Salzano Vendor Homepage: https://sourceforge.net/projects/open-clinic/ Software Homepage: https://sourceforge.net/projects/open-clinic/ Software Link:...

Information disclosure

Under certain conditions, SAP Business One Chef cookbook, version - 9.2, 9.3, 10.0, used to install SAP Business One, allows an attacker to exploit an insecure temporary folder for incoming & outgoing payroll data and to access information which would otherwise be restricted, which could lead to...

Design/Logic Flaw

The installation for Zen Cart stores sensitive information and insecure programs under the 1 docs, 2 extras, and 3 zcinstall folders, and 4 install.txt, which allows remote attackers to obtain sensitive information, delete the database, and conduct other attacks via a direct request, different...