CVE-2026-5337

During the analysis, it was identified that authenticated attackers with Subscriber-level access or higher are able to perform an Insecure Direct Object Reference IDOR attack. This vulnerability exists because the Frontend File Manager Plugin WordPress plugin through 23.6 does not properly valida...

CVE-2022-45473

In drachtio-server 0.8.18, /var/log/drachtio has mode 0777 and drachtio.log has mode 0666...

CVE-2023-41040

GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the .git directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the .git...

CVE-2023-27639

An issue was discovered in the tshirtecommerce aka Custom Product Designer component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter filename in the tshirtecommerce/ajax.php?type=svg endpoint, to allow a remote attacker to traverse directories on the system in order to...

Medium: docker

Issue Overview: A flaw was found in Moby. This flaw allows an attacker to bypass primary group restrictions due to a flaw in the supplementary group access setup. CVE-2022-36109 Docker version 20.10.15, build fd82621 is vulnerable to Insecure Permissions. Unauthorized users outside the Docker...

CVE-2022-23497 Insecure file access in FreshRSS

FreshRSS is a free, self-hostable RSS aggregator. User configuration files can be accessed by a remote user. In addition to user preferences, such configurations contain hashed passwords brypt with cost 9, salted of FreshRSS Web interface. If the API is used, the configuration might contain a...

CVE-2022-30264

The Emerson ROC and FloBoss RTU product lines through 2022-05-02 perform insecure filesystem operations. They utilize the ROC protocol 4000/TCP, 5000/TCP for communications between a master terminal and RTUs. Opcode 203 of this protocol allows a master terminal to transfer files to and from the...

CVE-2021-28825

The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker wit...

CVE-2021-28826

The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker...

CVE-2021-28819

The Windows Installation component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating...

CVE-2019-19231

An insecure file access vulnerability exists in CA Client Automation 14.0, 14.1, 14.2, and 14.3 Agent for Windows that can allow a local attacker to gain escalated privileges...

CVE-2019-19231

An insecure file access vulnerability exists in CA Client Automation 14.0, 14.1, 14.2, and 14.3 Agent for Windows that can allow a local attacker to gain escalated privileges...

[SECURITY] [DSA 656-1] New vdr packages fix insecure file access

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 656-1 [email protected] http://www.debian.org/security/ Martin Schulze January 25th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 656-1] New vdr packages fix insecure file access

-------------------------------------------------------------------------- Debian Security Advisory DSA 656-1 [email protected] http://www.debian.org/security/ Martin Schulze January 25th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 656-1] New vdr packages fix insecure file access

-------------------------------------------------------------------------- Debian Security Advisory DSA 656-1 [email protected] http://www.debian.org/security/ Martin Schulze January 25th, 2005 http://www.debian.org/security/faq -...

File locking and security

Topic : File locking and security Author : 3APA3A Affected software : Windows NT 4.0, Windows 2000 and may be another systems Exploitable : Yes Remotely exploitable : No Category : Design flaw Background: Application can lock the file after file description is open by application or in open call...

suse6.2pbpg.txt

Brock Tellier [email protected] Sent: Thursday, September 16, 1999 5:06 PM Subject: Two SuSE 6.2 local root exploits Greetings, /usr/bin/pb and /usr/bin/pg, suid root by default on SuSE 6.2, allow any user to read any file on the system as shown: susebox:/root ls -la /usr/bin/pb uname -rwsr-xr-...

Linux_suse_exploits.txt

Subject: Two SuSE 6.2 local root exploits To: [email protected] Greetings, /usr/bin/pb and /usr/bin/pg, suid root by default on SuSE 6.2, allow any user to read any file on the system as shown: susebox:/root ls -la /usr/bin/pb uname -rwsr-xr-x 1 root root 23544 Jul 22 20:07 /usr/bin/pb...