EUVD-2016-10805

ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with...

CVE-2016-20025 ZKTeco ZKAccess Professional 3.5.3 Privilege Escalation via Insecure Permissions

ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with...

CVE-2016-20024

The CVE-2016-20024 issue affects ZKTeco ZKTime.Net product lines, notably 3.0.1.6 (and related versions 3.0.1.5/3.0.1.1 per sources). The root cause is insecure file permissions: world-writable rights on the ZKTimeNet3.0 directory and its contents allow unprivileged users to replace executable fi...

CVE-2016-20024 ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Privilege Escalation

ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with...

Wondershare MobileGo 安全漏洞

Wondershare MobileGo is a multi-functional mobile device management software developed by Wondershare Technology. The version 8.5.0 of Wondershare MobileGo contains a security vulnerability. This vulnerability stems from insecure file permissions, which may allow local users to replace executable...

CVE-2022-50931

TeamSpeak 3.5.6 has an insecure file permissions vulnerability allowing local attackers to replace system executables (e.g., ts3client_win32.exe) with malicious binaries, potentially yielding SYSTEM/Administrator privileges. Documented CVSS: LOCAL, HIGH impact (C/H/I/A). Exploit details are repor...

CVE-2022-50931 TeamSpeak 3.5.6 - Insecure File Permissions

TeamSpeak 3.5.6 contains an insecure file permissions vulnerability that allows local attackers to replace executable files with malicious binaries. Attackers can replace system executables like ts3clientwin32.exe with custom files to potentially gain SYSTEM or Administrator-level access...

PT-2026-2407

Name of the Vulnerable Software and Affected Versions TeamSpeak version 3.5.6 Description TeamSpeak 3.5.6 has a file permissions issue that allows local attackers to replace executable files with malicious binaries. An attacker can replace system executables, such as ts3client win32.exe, with...

CVE-2020-36916

TDM Digital Signage PC Player 4.1.0.4 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files. Attackers can leverage the 'Modify' permissions for authenticated users to replace executable files with malicious binaries and gain elevated system...

EUVD-2025-27593

Malicious code in bioql PyPI...

PT-2024-20594 · Node.Js +1 · Node.Js +1

Name of the Vulnerable Software and Affected Versions: pkg affected versions not specified Description: The issue arises from the pkg tool writing native code packages to a hardcoded directory, specifically /tmp/pkg/ on Unix systems, which is a shared directory for all users on the same local...

Delta Electronics DIAEnergie 安全漏洞

Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.An authorization...

CVE-2021-37364

OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default the Authenticated Users group has the modify permission to openclinic folders/files. A low privilege account is able to rename mysqld.exe or tomcat8.exe files located in bin folders and replace with a malicious file that would...

CVE-2016-10072

WampServer 3.0.6 has two files called 'wampmanager.exe' and 'unins000.exe' with a weak ACL for Modify. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. To properly exploit this vulnerability, the local...