97 matches found
CVE-2025-10549
EfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnerability caused by weak folder permissions in the installation directory. A local attacker can place a specially crafted DLL in this directory and achieve arbitrary code execution with highest privileges, because the affected...
EUVD-2026-23793
SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product. As a result, arbitrary code may b...
CVE-2026-39454
SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product. As a result, arbitrary code may b...
CVE-2026-39454
SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product. As a result, arbitrary code may b...
CVE-2026-39454
SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product. As a result, arbitrary code may b...
CVE-2026-39454
SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product. As a result, arbitrary code may b...
SKYSEA Client View and SKYMEC IT Manager improper file access permission settings
Overview SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. are Enterprise IT Asset Management Tools. SKYSEA Client View and SKYMEC IT Manager contain the following vulnerability. Incorrect default permissions in the installation folder CWE-276 - CVE-2026-39454 Takashi Matsumoto of...
PT-2026-33731
Name of the Vulnerable Software and Affected Versions SKYSEA Client View affected versions not specified SKYMEC IT Manager affected versions not specified Description Improper file access permission settings in the installation folder allow a non-administrative user to manipulate or place arbitra...
RATOC RAID Monitoring Manager for Windows 安全漏洞
RATOC RAID Monitoring Manager for Windows is a software developed by RATOC RAID in Japan, designed for monitoring and managing the RAID hard drive boxes it supports. RATOC RAID Monitoring Manager for Windows has a security vulnerability; this vulnerability stems from the installation program’s...
CVE-2025-13905
CWE-276: Incorrect Default Permissions vulnerability exists that could cause privilege escalation through the reverse shell when one or more executable service binaries are modified in the installation folder by a local user with normal privilege upon service restart...
CVE-2025-13905
CVE-2025-13905 maps to Schneider Electric EcoStruxure Process Expert (for AVEVA System Platform) with versions prior to 2025 affected. The issue is CWE-276: Incorrect Default Permissions, enabling privilege escalation via a reverse shell when one or more executable service binaries are modified i...
EUVD-2025-206546
CWE-276: Incorrect Default Permissions vulnerability exists that could cause privilege escalation through the reverse shell when one or more executable service binaries are modified in the installation folder by a local user with normal privilege upon service restart...
CVE-2025-11567
CWE-276: Incorrect Default Permissions vulnerability exists that could cause elevated system access when the target installation folder is not properly secured...
EUVD-2025-131908
CWE-276: Incorrect Default Permissions vulnerability exists that could cause elevated system access when the target installation folder is not properly secured...
CVE-2025-11567
CWE-276: Incorrect Default Permissions vulnerability exists that could cause elevated system access when the target installation folder is not properly secured...
CVE-2025-11567
CWE-276: Incorrect Default Permissions vulnerability exists that could cause elevated system access when the target installation folder is not properly secured...
CVE-2025-11567
CWE-276: Incorrect Default Permissions vulnerability exists that could cause elevated system access when the target installation folder is not properly secured...
CVE-2025-11567
CVE-2025-11567 affects Schneider Electric PowerChute Serial Shutdown. The connected Nessus entry states an elevation of privilege vulnerability due to improper access control in Azure Monitor Agent, exploitable by a locally authenticated attacker on affected systems running PowerChute Serial Shut...
Schneider Electric PowerChute Serial Shutdown 安全漏洞
Schneider Electric PowerChute Serial Shutdown is a UPS management, normal shutdown, and energy management software from Schneider Electric France. A security vulnerability exists in Schneider Electric PowerChute Serial Shutdown that stems from improperly set default permissions, which could resul...
PT-2025-46659
Name of the Vulnerable Software and Affected Versions affected versions not specified Description An issue exists related to incorrect default permissions that may lead to elevated system access. This occurs when the target installation folder is not adequately secured. Approximately 1000 devices...