CVE-2022-30697 Local privilege escalation due to insecure folder permissions

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy Windows before build 3640...

CVE-2022-30697

CVE-2022-30697 affects Acronis Snap Deploy for Windows before build 3640. Local privilege escalation due to insecure folder permissions on the host. CVSSv3.1 base score 7.8 (LOCAL, Privileges Required: LOW). No exploitation details are provided in the documents. Mitigation: upgrade to build 3640 ...

Privilege escalation

Trend Micro Password Manager Consumer version 5.0.0.1266 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow a low privileged local attacker to delete the contents of an arbitrary folder as SYSTEM which can then be used for privilege escalation on the...

ROS-20220516-05

A vulnerability in the Git distributed version control system is related to the fact that the uninstaller binary downloads DLLs in an unsafe manner from the current working directory. uninstaller binary loads DLLs in an insecure manner from the current working directory. Exploitation of the...

Improper Neutralization of Input During Web Page Generation in Jupyter Notebook

Cross-site scripting XSS vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site reque...

GHSA-4VWQ-X64Q-J4CJ Improper Neutralization of Input During Web Page Generation in Jupyter Notebook

Cross-site scripting XSS vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site reque...

GHSA-QGJQ-M78X-4GM8 Improper Authentication in Jenkins Blue Ocean Plugin

Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. Its SCM content REST API supports the pipeline creation and editing feature in Blue...

Improper Authentication in Jenkins Blue Ocean Plugin

Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. It did not properly check the current user's authentication and authorization when...

GHSA-87VG-5PGX-PGGH spring-integration-zip Arbitrary File Write

Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal...

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the admin/install.php script. An attacker can inject arbitrary JavaScript code by manipulating input fields such as $fdatabase, $fdbusername, and $fadminusername...

CVE-2022-30697

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy Windows before build 3640...

CVE-2022-23139

ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could...

CVE-2022-23139

ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could...

ZTE ZXMP M721 权限许可和访问控制问题漏洞

The ZTE ZXMP M721 is a metro edge OTN Optical Transport Network device from ZTE Corporation ZTE in China.The ZTE ZXMP M721 has a privilege and access control vulnerability, which stems from the fact that the folder privilege viewed by sftp is 666, which is inconsistent with the actual privilege,...

CVE-2022-23743

Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory allow a local attacker the ability to execute an arbitrary file write, leading t...

The vulnerability of the distributed Git version control system, related to deficiencies in access control, allows a intruder to increase their privileges or execute arbitrary commands.

The vulnerability of the distributed Git version control system relates to the possibility of creating a folder named “C:.git”. Exploiting this vulnerability could allow a malicious actor to execute arbitrary commands remotely...

CVE-2022-24888

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing \n, \r, \t, and \v characters. The server rejects files and folders...

CVE-2022-28527

dhcms v20170919 was discovered to contain an arbitrary folder deletion vulnerability via /admin.php?r=admin/AdminBackup/del...

CVE-2022-28527

dhcms v20170919 was discovered to contain an arbitrary folder deletion vulnerability via /admin.php?r=admin/AdminBackup/del...

CVE-2022-28527

dhcms v20170919 was discovered to contain an arbitrary folder deletion vulnerability via /admin.php?r=admin/AdminBackup/del...