EUVD-2022-48206

Malicious code in bioql PyPI...

EUVD-2022-48200

Malicious code in bioql PyPI...

CVE-2022-45307

Insecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\tools\php81 and all files located in that folder...

CVE-2022-45301

Insecure permissions in Chocolatey Ruby package v3.1.2.1 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\ruby31 and all files located in that folder...

Chocolatey Cmder has an unspecified vulnerability

Chocolatey Cmder is a package open sourced by Chocolatey. Chocolatey Cmder v1.3.20 and earlier versions contain a security vulnerability. An attacker could gain write access to the path C:\tools\Cmder and all files located in that folder for all users in the Authenticated Users group...

CVE-2022-45305

Insecure permissions in Chocolatey Python3 package v3.11.0 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\Python311 and all files located in that folder...

CVE-2022-45307

Insecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\tools\php81 and all files located in that folder...

Privilege escalation

Battle.net.exe in Battle.Net 1.27.1.12428 suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file with a binary of his choice. The vulnerability exist due to weak set of permissions being granted to the "Authenticat...

Battle.Net 安全漏洞

Battle.Net is Blizzard's multiplayer online gaming service for its games. Battle.Net suffers from a security vulnerability that stems from a weak permission setting granted to the "Authenticated Users Group" the authorization F flag aka "Full Control"...

CVE-2021-28269

Soyal Technology 701Client 9.0.1 is vulnerable to Insecure permissions via client.exe binary with Authenticated Users group with Full permissions...

CVE-2021-28269

Soyal Technology 701Client 9.0.1 is vulnerable to Insecure permissions via client.exe binary with Authenticated Users group with Full permissions...

Trojan.Win32.Delf.uq Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/a4ea99b54e171274795f14a4ac7f17ba.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Delf.uq Vulnerability: Insecure Permissions EoP Description: Malware creates an...

Constructor.Win32.SMWG.c Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/47e819a6ce3d5e93819f4842cfbe23d6.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Constructor.Win32.SMWG.c Vulnerability: Insecure Permissions Description: Description: SMWG - P2P...

CVE-2020-11613

Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulnerability due to default and insecure permissions being set for the installation folder. By default, the Authenticated Users group has Modify permissions to the installation folder. Because of this, any user on the system can...

CVE-2006-0023

Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the 1 Simple Service Discovery Protocol SSDP, 2...