46 matches found
CVE-2024-36587
Insecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 allows non-privileged attackers to escalate privileges to root via overwriting the binary dnscrypt-proxy...
CVE-2024-36586
AdGuardHome is affected by a privilege escalation vulnerability (CVE-2024-36586) affecting v0.93 to latest, described as unprivileged attackers escalating privileges by overwriting the AdGuardHome binary. Connected advisories (OSV GO-2024-2924 and GHSA-7JP9-VGMQ-C8R5, Veracode 47547, CNNVD, PT-20...
AdGuardHome privilege escalation vulnerability
An issue in AdGuardHome v0.93 to latest allows unprivileged attackers to escalate privileges via overwriting the AdGuardHome binary...
CVE-2024-36587
Insecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 allows non-privileged attackers to escalate privileges to root via overwriting the binary dnscrypt-proxy...
CVE-2024-0259
Fortra's Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to ga...
RHEL 7 : rh-nodejs10-nodejs (RHSA-2020:0597)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0597 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
RHEL 7 : rh-nodejs12-nodejs (RHSA-2020:0602)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0602 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
PT-2022-23472 · Unknown · Strawberryperl
Name of the Vulnerable Software and Affected Versions: StrawberryPerl versions 5.32.1.1 and below Description: The issue is related to incorrect access control in the install directory of StrawberryPerl, allowing authenticated attackers to execute arbitrary code by overwriting binaries in the...
CVE-2022-28005
An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server via /Electron/download directory traversal in conjunction with a path component that uses...
PT-2022-18743 · 3Cx · 3Cx Phone System Management Console
Name of the Vulnerable Software and Affected Versions: 3CX Phone System Management Console versions prior to 18 Update 3 FINAL Description: An issue was discovered in the 3CX Phone System Management Console, where an unauthenticated attacker could abuse improperly secured access to arbitrary file...
CentOS 8 : nodejs:10 (CESA-2020:0579)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:0579 advisory. - nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string CVE-2019-15604 - nodejs: HTTP request smuggling using...
GHSA-V45M-2WCP-GG98 Global node_modules Binary Overwrite in bin-links
Versions of bin-links prior to 1.1.6 are vulnerable to a Global nodemodules Binary Overwrite. It fails to prevent globally-installed binaries to be overwritten by other package installs. For example, if a package was installed globally and created a serve binary, any subsequent installs of packag...
Global node_modules Binary Overwrite in bin-links
Versions of bin-links prior to 1.1.6 are vulnerable to a Global nodemodules Binary Overwrite. It fails to prevent globally-installed binaries to be overwritten by other package installs. For example, if a package was installed globally and created a serve binary, any subsequent installs of packag...
FreeBSD : NPM -- Multiple vulnerabilities (2a3588b4-ab12-11ea-a051-001b217b3468)
NPM reports : Global nodemodules Binary Overwrite Symlink reference outside of nodemodules Arbitrary File Write C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2020 Jacques Vidrine and...
npm: Global node_modules Binary Overwrite
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of...
NPM -- Multiple vulnerabilities
NPM reports: Global nodemodules Binary Overwrite Symlink reference outside of nodemodules Arbitrary File Write...
GHSA-4328-8HGF-7WJR npm Vulnerable to Global node_modules Binary Overwrite
Versions of the npm CLI prior to 6.13.4 are vulnerable to a Global nodemodules Binary Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent...
npm Vulnerable to Global node_modules Binary Overwrite
Versions of the npm CLI prior to 6.13.4 are vulnerable to a Global nodemodules Binary Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent...
CVE-2019-16777
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of...
Global node_modules Binary Overwrite
Overview Versions of the npm CLI prior to 6.13.4 are vulnerable to a Global nodemodules Binary Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any...