Dell GeoDrive License Issues Vulnerabilities

Dell GeoDrive is a free application from Dell, Inc. It provides access to Dell EMC ECS and Atmos storage from Microsoft Windows desktops and servers. An authorization issue vulnerability exists in Dell GeoDrive versions prior to 2.2.3. The vulnerability stems from the inclusion of insecure file a...

Design/Logic Flaw

Dell GeoDrive, versions prior to 2.2, contains Insecure File and Folder Permissions vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. Dell recommends customers to upgrade at the earlie...

CVE-2022-33922

CVE-2022-33922 affects Dell GeoDrive before version 2.2. The issue is insecure file and folder permissions that allow a low-privilege, local attacker to potentially execute arbitrary code in the SYSTEM context. Affected product/version: Dell GeoDrive prior to 2.2. Impact is defined as remote? No,...

PT-2022-21911 · Dell · Dell Geodrive

Name of the Vulnerable Software and Affected Versions: Dell GeoDrive versions prior to 2.2 Description: The issue is related to Insecure File and Folder Permissions, which could be exploited by a low privilege attacker to execute arbitrary code in the SYSTEM security context. Recommendations: For...

CVE-2022-2554

The Enable Media Replace WordPress plugin before 4.0.0 does not ensure that renamed files are moved to the Upload folder, which could allow high privilege users such as admin to move them outside to the web root directory via a path traversal attack for example...

CVE-2022-2554

The Enable Media Replace WordPress plugin before 4.0.0 does not ensure that renamed files are moved to the Upload folder, which could allow high privilege users such as admin to move them outside to the web root directory via a path traversal attack for example...

WordPress plugin Enable Media Replace 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A path traversal vulnerability exists in WordPress plugi...

WordPress plugin Download Monitor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2022-39959

Panini Everest Engine 2.0.4 allows unprivileged users to create a file named Everest.exe in the %PROGRAMDATA%\Panini folder. This leads to privilege escalation because a service, running as SYSTEM, uses the unquoted path of %PROGRAMDATA%\Panini\Everest Engine\EverestEngine.exe and therefore a...

Path traversal

Panini Everest Engine 2.0.4 allows unprivileged users to create a file named Everest.exe in the %PROGRAMDATA%\Panini folder. This leads to privilege escalation because a service, running as SYSTEM, uses the unquoted path of %PROGRAMDATA%\Panini\Everest Engine\EverestEngine.exe and therefore a...

CVE-2022-40756

If folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 v15.11.005, Patch Update 4 for Zen 15 v15.01.017, or Patch Update 5 for Zen 14 SP2 v14.21.022, it can allow an attacker with file read/write access to remove specific security files in order to reset the...

PT-2022-25516 · Actian · Actian Zen Psql

Name of the Vulnerable Software and Affected Versions: Actian Zen PSQL versions prior to v15.11.005 Actian Zen PSQL versions prior to v15.01.017 Actian Zen PSQL versions prior to v14.21.022 Description: The issue arises when folder security is misconfigured, allowing an attacker with file...

UBUNTU-CVE-2022-36062

Grafana is an open-source platform for monitoring and observability. In versions prior to 8.5.13, 9.0.9, and 9.1.6, Grafana is subject to Improper Preservation of Permissions resulting in privilege escalation on some folders where Admin is the only used permission. The vulnerability impacts Grafa...

CVE-2022-36062 Grafana folders admin only permission privilege escalation

Grafana is an open-source platform for monitoring and observability. In versions prior to 8.5.13, 9.0.9, and 9.1.6, Grafana is subject to Improper Preservation of Permissions resulting in privilege escalation on some folders where Admin is the only used permission. The vulnerability impacts Grafa...

CVE-2022-36062 Grafana folders admin only permission privilege escalation

Grafana is an open-source platform for monitoring and observability. In versions prior to 8.5.13, 9.0.9, and 9.1.6, Grafana is subject to Improper Preservation of Permissions resulting in privilege escalation on some folders where Admin is the only used permission. The vulnerability impacts Grafa...

Grafana folders admin only permission privilege escalation

Grafana is an open-source platform for monitoring and observability. In versions prior to 8.5.13, 9.0.9, and 9.1.6, Grafana is subject to Improper Preservation of Permissions resulting in privilege escalation on some folders where Admin is the only used permission. The vulnerability impacts Grafa...

CVE-2022-40142

A security link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service agents could allow a local attacker to create a writable folder in an arbitrary location and escalate privileges on affected installations. Please note: an attacker mus...

CVE-2022-40142

A security link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service agents could allow a local attacker to create a writable folder in an arbitrary location and escalate privileges on affected installations. Please note: an attacker mus...

CVE-2022-38764

A vulnerability on Trend Micro HouseCall version 1.62.1.1133 and below could allow a local attacker to escalate privlieges due to an overly permissive folder om the product installer...

CVE-2022-38764

A vulnerability on Trend Micro HouseCall version 1.62.1.1133 and below could allow a local attacker to escalate privlieges due to an overly permissive folder om the product installer...