MongoDB BI Connector ODBC driver installation via MSI may leave ACLs unset on custom installation directories

Incorrect Default Permissions vulnerability in MongoDB BI Connector ODBC driver allows Privilege Escalation.This issue affects BI Connector ODBC driver: from 1.0.0 through 1.4.6...

PT-2025-41315

Name of the Vulnerable Software and Affected Versions MongoDB Connector for BI versions 2.0.0 through 2.14.24 Description The installation of MongoDB Connector for BI via MSI on Windows may result in Privilege Escalation due to improperly configured Access Control Lists ACLs on custom installatio...

EUVD-2020-29483

Malware in sbrugna...

EUVD-2017-10485

Malware in sbrugna...

EUVD-2015-7502

Malware in sbrugna...

EUVD-2021-30817

Malicious code in bioql PyPI...

MongoDB Windows installation MSI may leave ACLs unset on custom installation directories

The MongoDB Windows installation MSI may leave ACLs unset on custom installation directories allowing a local attacker to introduce executable code to MongoDB's process via DLL hijacking. This issue affects MongoDB Server v6.0 version prior to 6.0.25, MongoDB Server v7.0 version prior to 7.0.21 a...

CVE-2020-8635

Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on installation directories and configuration files. This allows local users to arbitrarily create FTP users with full privileges, and escalate privileges within the operating system by modifying system files...

CVE-2024-1155

Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access...

Privilege escalation

Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access...

SUSE CVE-2010-3860

IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including 1 user.name, 2 user.home, and 3 java.home system properties, and other sensitive...

CVE-2021-43955

The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed authenticated remote attackers to obtain information about installation directories via information disclosure vulnerability...

Delta Electronics DiaLink 代码问题漏洞

DIALink is an equipment networking platform from Delta Electronics that effectively manages CNC machines and PLC-controlled machines, collects on-site equipment data and connects it to the upper management platform through a unified interface, and at the same time provides visual information...

CVE-2020-8635

Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on installation directories and configuration files. This allows local users to arbitrarily create FTP users with full privileges, and escalate privileges within the operating system by modifying system files...

CVE-2019-4078

IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local non privileged user to execute code as an administrator due to incorrect permissions set on MQ installation directories. IBM X-Force ID: 157190...

PT-2019-16887 · Ibm · Ibm Websphere Mq

Name of the Vulnerable Software and Affected Versions: IBM WebSphere MQ versions 8.0.0.0 through 8.0.0.9 IBM WebSphere MQ versions 9.0.0.0 through 9.1.1 Description: The issue allows a local non-privileged user to execute code as an administrator due to incorrect permissions set on MQ installatio...

Security Bulletin: IBM InfoSphere Information Server is vulnerable to a privilege escalation

Summary IBM InfoSphere Information Server could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. Vulnerability Details CVEID: CVE-2017-1468 DESCRIPTION: IBM InfoSphere Information Server could allow a local user to gain elevated privileges by...

Security Bulletin: IBM InfoSphere Information Server is vulnerable to a privilege escalation

Summary IBM InfoSphere Information Server could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. Vulnerability Details CVEID: CVE-2017-1469 DESCRIPTION: IBM InfoSphere Information Server could allow a local user to gain elevated privileges by...

Gemalto SafeNet Authentication Service for Outlook Web App Agent Elevation of Privilege Vulnerability

Gemalto SafeNet Authentication Service for Outlook Web App Agent is a SafeNet Authentication Service agent for Outlook applications from Gemalto USA. A security vulnerability exists in Gemalto SafeNet Authentication Service for Outlook Web App Agent, which stems from the program's use of weak...

Authentication flaw

SafeNet Authentication Service for NPS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module...