CVE-2025-69634

Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker to escalate privileges via the notes field in perms.php NOTE: this is disputed by a third party who indicates that exploitation can only occur if an unprivileged user knows the token of an admin user...

CVE-2025-69634

Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker to escalate privileges via the notes field in perms.php NOTE: this is disputed by a third party who indicates that exploitation can only occur if an unprivileged user knows the token of an admin user...

Dolibarr ERP & CRM 安全漏洞

Dolibarr ERP & CRM is an enterprise management software developed under the open-source license of Dolibarr. Version 22.0.9 of Dolibarr ERP & CRM contains a security vulnerability. This vulnerability stems from the notes field in the perms.php file, where cross-site request forgery attacks may...

CVE-2025-69634

Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker to escalate privileges via the notes field in perms.php NOTE: this is disputed by a third party who indicates that exploitation can only occur if an unprivileged user knows the token of an admin user...

CVE-2025-69634

Dolibarr ERP & CRM 22.0.9 is affected by a Cross Site Request Forgery vulnerability that could allow a remote attacker to escalate privileges via the notes field in perms.php. The issue is described across multiple sources (NVD/NVD-derived entries, Red Hat, UBUNTU, OSV, vulnerability enrichments)...

EUVD-2004-2602

Malware in sbrugna...

CVE-2023-7300

Huawei Home Music System has a path traversal vulnerability. Successful exploitation of this vulnerability may cause the music host file to be deleted or the file permission to be changed.Vulnerability ID:HWPSIRT-2023-60613...

CVE-2022-45193

CBRN-Analysis before 22 has weak file permissions under Public Profile, leading to disclosure of file contents or privilege escalation...

CVE-2024-54910

Hasleo Backup Suite Free v4.9.4 and before is vulnerable to Insecure Permissions via the File recovery function...

CVE-2024-54910

Hasleo Backup Suite Free v4.9.4 and before is vulnerable to Insecure Permissions via the File recovery function...

CVE-2023-29657

eXtplorer 2.1.15 is vulnerable to Insecure Permissions. File upload in file manager allows uploading zip file containing php pages with arbitrary code executions...

SUSE-SU-2021:0722-1 Security update for crmsh

This update for crmsh fixes the following issues: - Update to version 4.1.0+git.1614156984.f4f5e146: Fix: hbreport: walk through hbreport process under haclusterCVE-2020-35459, bsc1179999; CVE-2021-3020, bsc1180571 Fix: bootstrap: setup authorized ssh access for haclusterCVE-2020-35459, bsc117999...

CVE-2020-7063 Files added to tar with Phar::buildFromIterator have all-access permissions

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator function, the files are added with default permissions 0666, or all access even if the original files on the filesystem were with more restrictive permissions...

CVE-2012-5638

The setuplogging function in log.h in SANLock uses world-writable permissions for /var/log/sanlock.log, which allows local users to overwrite the file content or bypass intended disk-quota restrictions via standard filesystem write operations...

Newsgrab 0.5.0pre4 - Multiple LocalRemote Vulnerabilities

Newsgrab 0.5.0pre4 - Multiple LocalRemote Vulnerabilities source: https://www.securityfocus.com/bid/12428/info Newsgrab is reported prone to multiple vulnerabilities. The following individual issues are reported: Newsgrab is reported prone to a directory traversal vulnerability. This vulnerabilit...