EUVD-2018-4153

Malware in sbrugna...

Tenable Network Security Nessus 安全漏洞

Tenable Network Security Nessus is a network vulnerability scanning tool developed by Tenable Network Security to detect security vulnerabilities and configuration errors in operating systems, network devices, and applications. Tenable Network Security Nessus suffers from an elevation of privileg...

CVE-2025-2781 WatchGuard Mobile VPN with SSL Local Privilege Escalation via Non-Standard Installation Directory

The WatchGuard Mobile VPN with SSL Client on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. This issue affects Mobile VPN with SSL Client...

SUSE CVE-2025-24786

WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory /db, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the applicati...

CVE-2025-24786 Path traversal opening Sqlite3 database in WhoDB

WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory /db, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the applicati...

Wazuh 访问控制错误漏洞

Wazuh is a Wazuh open source application. It is used to collect, aggregate, index and analyze security data to help organizations detect intrusions, threats and behavioral anomalies. An Access Control Error vulnerability exists in Wazuh versions prior to 4.9.1, which stems from an incorrect ACL f...

PT-2024-24963 · Tenable · Nessus Agent

Name of the Vulnerable Software and Affected Versions: Nessus Agent versions prior to 10.6.4 Description: The issue concerns the installation of Nessus Agent to a non-default directory on a Windows host, where secure permissions for sub-directories were not enforced in versions prior to 10.6.4...

CVE-2023-32479

Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by...

CVE-2023-33240

Foxit PDF Reader 12.1.1.15289 and earlier and Foxit PDF Editor 12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier on Windows allows Local Privilege Escalation when installed to a non-default directory because unprivileged users...

PT-2023-24236

Name of the Vulnerable Software and Affected Versions Foxit PDF Reader versions 12.1.1.15289 and earlier Foxit PDF Editor versions 12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier Description The issue allows Local Privilege...

SUSE CVE-2017-5414

The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or the local account name. This vulnerability affects Firefox 52 and Thunderbird 52...

Adobe ColdFusion 安全漏洞

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. An elevation of privilege vulnerability exists in the Adobe ColdFusion installer, which can be exploite...

CVE-2020-26130

Issues were discovered in Open TFTP Server multithreaded 1.66 and Open TFTP Server single port 1.66. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the OpenTFTPServerMT.exe or the OpenTFTPServerSP.exe binary...

Ghisler Total Commander Elevation of Privilege Vulnerability

Ghisler Total Commander is a file manager software from the American company Ghisler. The program offers file compression, management, ftp sharing and more. An elevation of privilege vulnerability exists in Ghisler Total Commander version 9.51, which stems from insufficient access restrictions in...

CVE-2020-17381

An issue was discovered in Ghisler Total Commander 9.51. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the %SYSTEMDRIVE%\totalcmd\TOTALCMD64.EXE binary...

CVE-2020-25734

webTareas through 2.1 allows files/Default/ Directory Listing...

EulerOS 2.0 SP2 : openssl110f (EulerOS-SA-2019-1862)

According to the version of the openssl110f packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS...

CVE-2019-13404

The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27 directory, which makes it easier for local users to deploy Trojan horse code. This also affects old 3.x releases before 3.5. NOTE: the vendor's position is that it is the user's responsibility to ensure C:\Python27...

CVE-2019-13404

The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27 directory, which makes it easier for local users to deploy Trojan horse code. This also affects old 3.x releases before 3.5. NOTE: the vendor's position is that it is the user's responsibility to ensure C:\Python27...

Intel OpenVINO Toolkit for Windows Privilege License and Access Control Issues Vulnerability

Intel OpenVINO Toolkit for Windows is a Windows-based toolkit for developing multi-platform computer vision solutions from Intel. Intel OpenVINO Toolkit for Windows is vulnerable to a privilege permission and access control issue. An attacker could exploit this vulnerability to execute code using...