10 matches found
CVE-2026-29127
The IDC SFX2100 Satellite Receiver sets overly permissive file system permissions on the monitor user's home directory. The directory is configured with permissions 0777, granting read, write, and execute access to all local users on the system, which may cause local privilege escalation dependin...
CVE-2026-29127 Incorrect Permission Assignment(777) on `monitor` Users Home Directory Containing SUID Root Binaries in IDC SFX2100
The IDC SFX2100 Satellite Receiver sets overly permissive file system permissions on the monitor user's home directory. The directory is configured with permissions 0777, granting read, write, and execute access to all local users on the system, which may cause local privilege escalation dependin...
CVE-2025-59901
Disk Pulse Enterprise v10.4.18 has an authenticated reflected XSS vulnerability in the '/monitordirectory?sid=' endpoint, caused by insufficient validation of the 'monitordirectory' parameter sent by POST. An attacker could exploit this weakness to send malicious content to an authenticated user...
CVE-2025-59901
Disk Pulse Enterprise v10.4.18 has an authenticated reflected XSS vulnerability in the '/monitordirectory?sid=' endpoint, caused by insufficient validation of the 'monitordirectory' parameter sent by POST. An attacker could exploit this weakness to send malicious content to an authenticated user...
CVE-2025-59901 authenticated reflected XSS vulnerability in Sync Breeze Enterprise Server
Disk Pulse Enterprise v10.4.18 has an authenticated reflected XSS vulnerability in the '/monitordirectory?sid=' endpoint, caused by insufficient validation of the 'monitordirectory' parameter sent by POST. An attacker could exploit this weakness to send malicious content to an authenticated user...
EUVD-2025-206502
Disk Pulse Enterprise v10.4.18 has an authenticated reflected XSS vulnerability in the '/monitordirectory?sid=' endpoint, caused by insufficient validation of the 'monitordirectory' parameter sent by POST. An attacker could exploit this weakness to send malicious content to an authenticated user...
CVE-2025-59901 authenticated reflected XSS vulnerability in Sync Breeze Enterprise Server
Disk Pulse Enterprise v10.4.18 has an authenticated reflected XSS vulnerability in the '/monitordirectory?sid=' endpoint, caused by insufficient validation of the 'monitordirectory' parameter sent by POST. An attacker could exploit this weakness to send malicious content to an authenticated user...
CVE-2025-59901
CVE-2025-59901 describes an authenticated reflected XSS in Disk Pulse Enterprise v10.4.18. The vulnerability is located in the /monitor_directory?sid= endpoint and arises from insufficient validation of the monitor_directory parameter sent via POST. An attacker could craft input that, when viewed...
PT-2026-5109
Disk Pulse Enterprise v10.4.18 has an authenticated reflected XSS vulnerability in the '/monitor directory?sid=' endpoint, caused by insufficient validation of the 'monitor directory' parameter sent by POST. An attacker could exploit this weakness to send malicious content to an authenticated use...
PT-2022-23471 · Unknown · Rubyinstaller2
Name of the Vulnerable Software and Affected Versions: Rubyinstaller2 versions 3.1.2 and below Description: The issue is related to incorrect access control in the install directory of Rubyinstaller2, specifically the C:RailsInstaller directory. This allows authenticated attackers to execute...