PT-2026-34644

EfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnerability caused by weak folder permissions in the installation directory. A local attacker can place a specially crafted DLL in this directory and achieve arbitrary code execution with highest privileges, because the affected...

SKYSEA Client View 安全漏洞

SKYSEA Client View is a software developed by SKYSEA Corporation in Japan. It supports information leakage countermeasures and IT operations management. There is a security vulnerability in SKYSEA Client View, which stems from improper permission settings in the installation folder. This...

CVE-2026-33698 Chamilo LMS affected by unauthenticated RCE in main/install folder

Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise-blocked PHP code from the main/install/ directory and allow an unauthenticated attacker to modify existing files or create new files where allowed by system permissions. This only affects portals...

CVE-2026-33698 Chamilo LMS affected by unauthenticated RCE in main/install folder

Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise-blocked PHP code from the main/install/ directory and allow an unauthenticated attacker to modify existing files or create new files where allowed by system permissions. This only affects portals...

EUVD-2026-16126

The installer of RATOC RAID Monitoring Manager for Windows allows to customize the installation folder. If the installation folder is customized to some non-default one, the folder may be left with un-secure ACLs and non-administrative users can alter contents of that folder. It may allow a...

CVE-2026-32680

The installer of RATOC RAID Monitoring Manager for Windows allows to customize the installation folder. If the installation folder is customized to some non-default one, the folder may be left with un-secure ACLs and non-administrative users can alter contents of that folder. It may allow a...

CVE-2026-32680

The installer of RATOC RAID Monitoring Manager for Windows allows to customize the installation folder. If the installation folder is customized to some non-default one, the folder may be left with un-secure ACLs and non-administrative users can alter contents of that folder. It may allow a...

CVE-2026-32680

The installer of RATOC RAID Monitoring Manager for Windows allows to customize the installation folder. If the installation folder is customized to some non-default one, the folder may be left with un-secure ACLs and non-administrative users can alter contents of that folder. It may allow a...

CVE-2025-34419 MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAISM.DLL

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAISM.DLL from its installation directory without sufficient integrity validation or a secure search order. A...

PT-2025-50342

Name of the Vulnerable Software and Affected Versions MailEnable versions prior to 10.54 Description MailEnable versions prior to 10.54 have an unsafe DLL loading issue that could allow a local attacker to execute arbitrary code. The MailEnable administrative executable loads MEAIMF.DLL from the...

CVE-2024-35177 Improper Access Control in wazuh-agent

Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. The wazuh-agent for Windows is vulnerable to a Local Privilege Escalation vulnerability...

Plesk Installer Code Issue Vulnerability

Plesk Installer is an installer program from the Swiss company Plesk. A code issue vulnerability exists in Plesk Installer version 3.27.0.0, which originates from a code issue that allows a local attacker to execute arbitrary code by injecting a DLL file into the same folder where the application...

CVE-2023-43086

Dell Command | Configure, versions prior to 4.11.0, contains an improper access control vulnerability. A local malicious user could potentially modify files inside installation folder during application upgrade, leading to privilege escalation...

PT-2023-21693 · Unknown · Conprosys Hmi System

Name of the Vulnerable Software and Affected Versions: CONPROSYS HMI System CHS versions prior to 3.5.3 Description: The issue is related to incorrect permission assignment for a critical resource in the CONPROSYS HMI System CHS. The Access Control List ACL is not set correctly for the local fold...

PT-2021-9627 · Spytech · Sytech Xl Reporter

Name of the Vulnerable Software and Affected Versions: Sytech XL Reporter version 14.0.1 Description: An exploitable local privilege elevation issue exists in the file system permissions of the install directory. Depending on the chosen vector, an attacker can overwrite service executables and...

CVE-2020-13553

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with ...

CVE-2020-28392

A vulnerability has been identified in SIMARIS configuration All versions V4.0.1. During installation to default target folder, incorrect permissions are configured for the application folder and subfolders which could allow an attacker to gain persistence or potentially escalate privileges shoul...

CVE-2020-11613

Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulnerability due to default and insecure permissions being set for the installation folder. By default, the Authenticated Users group has Modify permissions to the installation folder. Because of this, any user on the system can...

Valve Steam Privilege Acquisition Vulnerability

Valve Steam is a Linux-based operating system for living room gaming from the American company Valve. A security vulnerability exists in Valve Steam version 2.10.91.91, which originates when the program assigns weak permissions user: read/write to the Install folder. This vulnerability can be...

CVE-2015-7985

Valve Steam 2.10.91.91 uses weak permissions Users: read and write for the Install folder, which allows local users to gain privileges via a Trojan horse steam.exe file...