44 matches found
EUVD-2019-7408
Malware in sbrugna...
EUVD-2013-3431
Malware in sbrugna...
EUVD-2024-52854
Malicious code in bioql PyPI...
CVE-2025-53947
A local attacker with low privileges on the Windows system where the software is installed can exploit this vulnerability to corrupt sensitive data. A data folder is created with very weak privileges, allowing any user logged into the Windows system to modify its content...
Xerox Workplace Suite 安全漏洞
Xerox Workplace Suite is a powerful print management software from Xerox. A security vulnerability exists in Xerox Workplace Suite version 5.6.701.9, which originates from weak default folder permissions...
PT-2025-3158
Name of the Vulnerable Software and Affected Versions Xerox Workplace Suite versions prior to 5.6.701.9 Description The issue concerns weak default folder permissions in the software, allowing unauthorized users to access, modify, or delete files. There is no information provided about the...
CVE-2024-42050
The MSI installer for Splashtop Streamer for Windows before 3.7.0.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM via an oplock on CredProviderInst.reg...
CVE-2024-25958
Dell Grab for Windows, versions up to and including 5.0.4, contain Weak Application Folder Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to privilege escalation, unauthorized access to application data, unauthorized modification of...
PT-2024-21242 · Dell · Dell Grab For Windows
Name of the Vulnerable Software and Affected Versions: Dell Grab for Windows versions up to and including 5.0.4 Description: The issue allows a local authenticated attacker to potentially exploit Weak Application Folder Permissions, leading to privilege escalation, unauthorized access to...
CVE-2023-25648
There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI product. Due to weak folder permission, an attacker with ordinary user privileges could construct a fake DLL to execute command to escalate local privileges...
PT-2023-20208 · Zxcloud · Zxcloud Irai
Name of the Vulnerable Software and Affected Versions: ZXCLOUD iRAI affected versions not specified Description: The issue is related to weak folder permissions in the ZXCLOUD iRAI product, allowing an attacker with ordinary user privileges to construct a fake DLL to execute commands and escalate...
PT-2023-23346 · Inosoft Gmbh · Inosoft Visiwin
Name of the Vulnerable Software and Affected Versions: Inosoft VisiWin versions 7 through 2022-2.1 Description: An issue was discovered in the "%PROGRAMFILESX86%INOSOFT GmbH" folder, which has weak permissions for Everyone, allowing an attacker to insert a Trojan horse file that runs as SYSTEM...
CVE-2021-23022
CVE-2021-23022 affects the BIG-IP Edge Client for Windows: the Windows Installer Service temporary folder has weak permissions, enabling local privilege escalation. Affected versions are 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1; non-vulnerable/End of Technical Support versions are...
CVE-2020-15351
IDrive before 6.7.3.19 on Windows installs by default to %PROGRAMFILESX86%\IDriveWindows with weak folder permissions granting any user modify permission i.e., NT AUTHORITY\Authenticated Users:OICIM to the contents of the directory and its sub-folders. In addition, the program installs a service...
CVE-2020-15351
IDrive before 6.7.3.19 on Windows installs by default to %PROGRAMFILESX86%\IDriveWindows with weak folder permissions granting any user modify permission i.e., NT AUTHORITY\Authenticated Users:OICIM to the contents of the directory and its sub-folders. In addition, the program installs a service...
Design/Logic Flaw
IDrive before 6.7.3.19 on Windows installs by default to %PROGRAMFILESX86%\IDriveWindows with weak folder permissions granting any user modify permission i.e., NT AUTHORITY\Authenticated Users:OICIM to the contents of the directory and its sub-folders. In addition, the program installs a service...
CVE-2020-15351
IDrive prior to 6.7.3.19 on Windows installs to %PROGRAMFILES(X86)%\IDriveWindows with weak folder permissions (Authenticated Users: modify) and runs a LocalSystem service (IDriveService). This enables a local user to escalate to SYSTEM by replacing the service binary with a malicious one. Affect...
CVE-2019-16913
PC Protect Antivirus v4.14.31 installs by default to %PROGRAMFILESX86%\PCProtect with very weak folder permissions, granting any user full permission "Everyone: F" to the contents of the directory and its subfolders. In addition, the program installs a service called SecurityService that runs as...
Default credentials
PC Protect Antivirus v4.14.31 installs by default to %PROGRAMFILESX86%\PCProtect with very weak folder permissions, granting any user full permission "Everyone: F" to the contents of the directory and its subfolders. In addition, the program installs a service called SecurityService that runs as...
CVE-2019-16913
PC Protect Antivirus (v4.14.31) is installed to %PROGRAMFILES(X86)%\PCProtect with overly permissive folder ACLs (Everyone: (F)). The component also creates a service (SecurityService) that runs as LocalSystem. This combination enables privilege escalation to NT AUTHORITY\SYSTEM by replacing the ...