22 matches found
CVE-2026-28267
Multiple i-フィルター products are configured with improper file access permission settings. Files may be created or overwritten in the system directory or backup directory by a non-administrative user...
CVE-2018-1000148
An exposure of sensitive information vulnerability exists in Jenkins Copy To Slave Plugin version 1.4.4 and older in CopyToSlaveBuildWrapper.java that allows attackers with permission to configure jobs to read arbitrary files from the Jenkins master file system...
EUVD-2002-0352
Malware in sbrugna...
EUVD-2024-1344
Malicious code in bioql PyPI...
EUVD-2022-3274
Malicious code in bioql PyPI...
EUVD-2025-8644
Malicious code in bioql PyPI...
EUVD-2022-5816
Malicious code in bioql PyPI...
CVE-2025-52900
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The file access permissions for files uploaded to or created from File Browser are never explicitly set by the application. The same is true for the...
CVE-2025-52900
Summary: CVE-2025-52900 affects the File Browser project. On servers running versions prior to 2.33.7, the application does not explicitly set permissions for uploaded/created files and its database, so file access is governed by the system umask. This can allow all OS accounts on the server to r...
Improper file access permission settings in PC Time Tracer
Overview PC Time Tracer provided by Keiyo System Co., LTD contains a vulnerability listed below. Incorrect default permissions CWE-276 - CVE-2025-46355 Ruslan Sayfiev and Masahiro Kawada of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the develop...
CVE-2025-2713
Google gVisor's runsc component exhibited a local privilege escalation vulnerability due to incorrect handling of file access permissions, which allowed unprivileged users to access restricted files. This occurred because the process initially ran with root-like permissions until the first fork...
CVE-2025-2713
Google gVisor's runsc component exhibited a local privilege escalation vulnerability due to incorrect handling of file access permissions, which allowed unprivileged users to access restricted files. This occurred because the process initially ran with root-like permissions until the first fork...
CVE-2025-2713 Improper File Permission Handling in Google gVisor runsc
Google gVisor's runsc component exhibited a local privilege escalation vulnerability due to incorrect handling of file access permissions, which allowed unprivileged users to access restricted files. This occurred because the process initially ran with root-like permissions until the first fork...
CVE-2020-28044
An attacker with physical access to a PAX Point Of Sale device with ProlinOS through 2.4.161.8859R can boot it in management mode, enable the XCB service, and then list, read, create, and overwrite files with MAINAPP permissions...
Windows 10 Bug Let UWP Apps Access All Files Without Users' Consent
Microsoft silently patched a bug in its Windows 10 operating system with the October 2018 update version 1809 that allowed Microsoft Store apps with extensive file system permission to access all files on users' computers without their consent. With Windows 10, Microsoft introduced a common...
Incorrect Default Permissions
npm is vulnerable to authorization bypass. During installation, the file access permissions on the local system are bypassed due to a change in ownership of the /etc/ and /usr directories, allowing a malicious file system access...
Upload the file of trap II pure alphanumeric. swf is a vulnerability?- Vulnerability warning-the black bar safety net
0x00 background In a previous uploaded file trap , the author mentioned for flash cross-domain data hijacking,sometimes does not need us to upload a file. Because we can simply use the JSONP interface,the flash content is assigned to the callback to be used. Just like in the comments@Sogili...
RHEL 4 : JBoss EAP (RHSA-2008:0831)
Updated JBoss Enterprise Application Platform JBEAP 4.3 packages that fix various security issues are now available for Red Hat Enterprise Linux 4 as JBEAP 4.3.0.CP02. This update has been rated as having low security impact by the Red Hat Security Response Team. JBoss Enterprise Application...
RedHat Update for libvirt RHSA-2011:0479-01
Check for the Version of libvirt OpenVAS Vulnerability Test RedHat Update for libvirt RHSA-2011:0479-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
MS Offers SharePoint Zero Day Workaround
Microsoft offered an interim work-around for a SharePoint bug that involved disabling access to the help system by running a pair of commands from the command prompt. The commands modify the access control list ACL, Windows’ list of file access permissions. Read the full article. Computerworld...