CVE-2026-32680

The issue concerns RATOC RAID Monitoring Manager for Windows. If users customize the installer’s target folder, that folder may retain insecure ACLs, allowing non-administrative users to alter its contents. This can enable a non-administrative user to execute arbitrary code with SYSTEM privileges...

EUVD-2017-0651

Malware in sbrugna...

SUSE CVE-2024-35177

Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. The wazuh-agent for Windows is vulnerable to a Local Privilege Escalation vulnerability...

CVE-2024-55930

Xerox Workplace Suite has weak default folder permissions that allow unauthorized users to access, modify, or delete files...

CVE-2024-55930 Weak default folder permissions

Xerox Workplace Suite has weak default folder permissions that allow unauthorized users to access, modify, or delete files...

PRIMX ORIZON 安全漏洞

PRIMX ORIZON is a multi-platform software from PRIMX Corporation that encrypts files and folders stored at a cloud service provider. A security vulnerability exists in PRIMX ORIZON version 2024.3 and earlier, which stems from the fact that by default dedicated folders can be accessed by other use...

CVE-2024-28241 GlPI-Agent MSI package installation doesn't update folder security profile when using non default installation folder

The GLPI Agent is a generic management agent. Prior to version 1.7.2, a local user can modify GLPI-Agent code or used DLLs to modify agent logic and even gain higher privileges. Users should upgrade to GLPI-Agent 1.7.2 to receive a patch. As a workaround, use the default installation folder which...

GLPI 安全漏洞

GLPI is an open source IT and asset management software from an individual developer. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner...

PT-2024-22356 · Unknown +1 · Glpi Agent +1

Name of the Vulnerable Software and Affected Versions: GLPI Agent versions prior to 1.7.2 Description: A local user can modify the GLPI-Agent code or used DLLs to modify agent logic and potentially gain higher privileges. Recommendations: For versions prior to 1.7.2, upgrade to GLPI-Agent 1.7.2 t...

CVE-2024-1569

parisneo/lollms-webui is vulnerable to denial of service through uncontrolled resource consumption. An attacker can trigger repeated unauthenticated POST requests at /open_code_in_vs_code and similar endpoints to repeatedly open VS Code or the default folder opener, exhausting system resources an...

LoLLMs 资源管理错误漏洞

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A resource management error vulnerability exists in LoLLMs that originates from allowing an attacker to open Visual Studio Code or the default folder opener multiple times by sending repeated...

National Instruments LabVIEW 安全漏洞

National Instruments LabVIEW NI LabVIEW is a graphical program compilation platform from National Instruments. A security vulnerability exists in National Instruments LabVIEW that stems from incorrect default permissions in a folder. An attacker could exploit the vulnerability to elevate privileg...

CVE-2020-9280

In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x. This module is...

CVE-2019-16444

Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a binary planting default folder privilege escalation vulnerability. Successful exploitation could lead t...

Kaseya VSA Agent 9.5 Privilege Escalation

Exploit Title: Kaseya VSA agent CVE-2017-12410 found by Filip Palian. A a fix was put in place for the original CVE, however it was specific to binaries and not scripts. The root cause for both issues is allowing a low privileged group excessive permissions to a folder used by a elevated process...

CVE-2017-0295

Microsoft Windows 10 1607 and 1703, and Windows Server 2016 allow an authenticated attacker to modify the C:\Users\DEFAULT folder structure, aka "Windows Default Folder Tampering Vulnerability"...

CVE-2017-0295

CVE-2017-0295 affects Windows 10 (1703/1607) and Windows Server 2016. An authenticated user could modify the C:\Users\DEFAULT folder structure due to incorrect permissions on the DEFAULT folder contents (Windows Default Folder Tampering). Microsoft released security updates KB4022715 and related ...

Windows Default Folder Tampering Vulnerability

A tampering vulnerability exists in Microsoft Windows that could allow an authenticated attacker to modify the C:\Users\DEFAULT folder structure. An attacker who successfully exploited this vulnerability could potentially modify files and folders that are synchronized the first time when a user...

Microsoft Outlook 2002 Mailto Parameter Quoting Zone Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9827/info Microsoft Outlook is prone to a vulnerability that may permit execution of arbitrary code on client systems. This issue is exposed through Outlook, but will reportedly cause Internet Explorer to load malicious...

Secunia Research: IBM Lotus Notes Insecure Default FolderPermissions

====================================================================== Secunia Research 18/10/2006 - IBM Lotus Notes Insecure Default Folder Permissions - ====================================================================== Table of Contents Affected...