CVE-2020-10588

v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/add.sh and /etc/v2rayL/remove.sh are owned by a low-privileged user but execute as root via Sudo...

EUVD-2010-1375

Malware in sbrugna...

EUVD-2024-3341

Malicious code in bioql PyPI...

EUVD-2022-37423

Malicious code in bioql PyPI...

Array Networks vAPV和Array Networks vxAG 安全漏洞

Array Networks vAPV and Array Networks vxAG are both products of Array Networks, Inc. of the U.S.A. Array Networks vAPV is a Virtual Application Delivery Controller.Array Networks vxAG is a Virtual Secure Access System. A security vulnerability exists in Array Networks vAPV version 8.3.2.17 and...

CVE-2025-32797 Conda-build Insecure Build Script Permissions Enabling Arbitrary Code Execution

Conda-build contains commands and tools to build conda packages. Prior to version 25.3.1, the writebuildscripts function in conda-build creates the temporary build script condabuild.sh with overly permissive file permissions 0o766, allowing write access to all users. Attackers with filesystem...

CVE-2020-6230

SAP OrientDB, version 3.0, allows an authenticated attacker with script execute/write permissions to inject code that can be executed by the application and lead to Code Injection. An attacker could thereby control the behavior of the application...

The vulnerability of Siemens Sinumerik programmable logic controllers lies in the improper assignment of permissions for the scripts executed by the system. This allows attackers to increase their privileges.

The vulnerability of Siemens Sinumerik programmable logic controllers is related to the incorrect assignment of permissions for the system’s scripts. Exploiting this vulnerability can allow attackers to enhance their privileges...

PT-2024-7813 · Siemens · Sinumerik 828D V4 +3

Name of the Vulnerable Software and Affected Versions: SINUMERIK 828D V4 All versions SINUMERIK 828D V5 All versions V5.24 SINUMERIK 840D sl V4 All versions SINUMERIK ONE All versions V6.24 Description: A vulnerability has been identified in the affected devices, which do not properly enforce...

Elspec G5 digital fault recorder security vulnerability

The Elspec G5 digital fault recorder is a digital fault recorder from Elspec, Israel, used to monitor and record fault events and waveform data in power systems. A security vulnerability exists in Elspec G5 digital fault recorder version 1.1.4.15 and earlier, which stems from weak file system...

CVE-2022-0997

Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected script files, which could result in arbitrary commands being run as root upon subsequent logon by a...

CVE-2022-22960

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'...

CVE-2018-6978

vRealize Operations 7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876 contains a local privilege escalation vulnerability due to improper permissions of support scripts. Admin user of the vROps application with shell access may exploit this issue to elevate th...

SUSE-SU-2018:0532-1 Security update for dhcp

This update for dhcp fixes several issues. This security issue was fixed: - CVE-2017-3144: OMAPI code didn't free socket descriptors when empty message is received allowing DoS bsc1076119. These non-security issues were fixed: - Optimized if and when DNS client context and ports are initted...

CVE-2015-8994

An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/modphp or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with the opcache.validatepermission=1 setting. The vulnerability details a...

MGASA-2017-0054 Updated mariadb packages fix security vulnerability

Root Privilege Escalation CVE-2016-6664. Unspecified vulnerability affecting the Optimizer component CVE-2017-3238. Unspecified vulnerability affecting the Charsets component CVE-2017-3243. Unspecified vulnerability affecing the DML component CVE-2017-3244. Unspecified vulnerability affecting...

CVE-2015-0926

Labtech before 100.237 on Linux uses world-writable permissions for root-executed scripts, which allows local users to gain privileges by modifying a script file...

cgi vulnerability

hi all I found a security hole in Book of guests and Post it! written by Seth Leonard. It is available at http://www.dreamcachersweb.com The problem is that this script doesn't filter out ANY metacharacters from the input and pass it to the shell. Therefore by writing something like...