PowerJob <=4.3.2 - Unauthenticated Access

PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface. id: CVE-2023-29923 info: name: PowerJob =4.3.2 - Unauthenticated Access author: For3stCo1d severity: medium description: | PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface. impact: ...

EUVD-2020-5844

Malware in sbrugna...

EUVD-2021-9952

Malicious code in bioql PyPI...

Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Products (Update C)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : ICONICS, Mitsubishi Electric Equipment : ICONICS Product Suite, Mitsubishi Electric MC Works64 Vulnerability : Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could...

GHSA-FRP2-5QFC-7R8M request_store has Incorrect Default Permissions

Impact The files published as part of requeststore 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not allow access for local users, so the chances of thi...

JVN#94347255: JP1/Extensible SNMP Agent fails to restrict access permissions

JP1/Extensible SNMP Agent provided by Hitachi fails to restrict access permissions CWE-276. Impact If an authenticated attacker who can log in to the product places a specially crafted DLL file in a specific directory, arbitrary code may be executed with the administrative privilege. Solution...

CVE-2024-37038

CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user with access to the device’s web interface to perform unauthorized file and firmware uploads when crafting custom web requests...

Siemens Polarion ALM

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Mitsubishi Electric FA Engineering Software (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.3 ATTENTION : Low attack complexity Vendor : Mitsubishi Electric Equipment : FA Engineering Software Products Vulnerability : Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to...

Default configuration

An incorrect default permission CWE-276 vulnerability in FortiClient Windows versions 7.0.0 through 7.0.6 and 6.4.0 through 6.4.8 and FortiConverter Windows versions 6.2.0 through 6.2.1, 7.0.0 and all versions of 6.0.0 may allow a local authenticated attacker to tamper with files in the...

CVE-2022-33877

An incorrect default permission CWE-276 vulnerability in FortiClient Windows versions 7.0.0 through 7.0.6 and 6.4.0 through 6.4.8 and FortiConverter Windows versions 6.2.0 through 6.2.1, 7.0.0 and all versions of 6.0.0 may allow a local authenticated attacker to tamper with files in the...

CVE-2022-33877

An incorrect default permission CWE-276 vulnerability in FortiClient Windows versions 7.0.0 through 7.0.6 and 6.4.0 through 6.4.8 and FortiConverter Windows versions 6.2.0 through 6.2.1, 7.0.0 and all versions of 6.0.0 may allow a local authenticated attacker to tamper with files in the...

CVE-2022-33877

CVE-2022-33877 affects FortiClient (Windows) and FortiConverter (Windows) where an incorrect default permission (CWE-276) could allow a local authenticated attacker to tamper with files in the installation folder if installed in an insecure folder. Affected: FortiClient versions 7.0.0–7.0.6 and 6...

FortiClient (Windows) / FortiConverter (Windows) - Insecure Installation Folder

An incorrect default permissions CWE-276 vulnerability in FortiClient Windows and FortiConverter Windows may allow a local authenticated attacker to tamper with files in the installation folder, if FortiClient or FortiConvreter is installed in an insecure folder...

Fortinet FortiClient Insecure Installation Folder (FG-IR-22-229)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-229 advisory. - An incorrect default permission CWE-276 vulnerability in FortiClient Windows versions 7.0.0 through 7.0.6 and 6.4.0 throu...

CVE-2022-37705

A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the...

Delta Electronics DIAEnergie (Update C)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DIAEnergie Vulnerabilities: Path Traversal, Incorrect Default Permissions, SQL Injection, Uncontrolled Search Path Element 2. UPDATE INFORMATION This updated advisory is a...

WIN-911 2021

1. EXECUTIVE SUMMARY CVSS v3 5.6 ATTENTION: Low attack complexity Vendor: WIN-911 Equipment: WIN-911 2021 Vulnerabilities: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to leverage the misconfigured privileges to the...

CVE-2021-22817

A CWE-276: Incorrect Default Permissions vulnerability exists that could cause unauthorized access to the base installation directory leading to local privilege escalation. Affected Product: Harmony/Magelis iPC Series All Versions, Vijeo Designer All Versions prior to V6.2 SP11 Multiple HotFix 4,...

Design/Logic Flaw

A CWE-276: Incorrect Default Permissions vulnerability exists that could cause unauthorized access to the base installation directory leading to local privilege escalation. Affected Product: Harmony/Magelis iPC Series All Versions, Vijeo Designer All Versions prior to V6.2 SP11 Multiple HotFix 4,...