11 matches found
EUVD-2026-36170
Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.2, a vulnerability chain consisting of Stored XSS and Iframe Sandbox escape in the Xibo CMS allows users with DataSet permissions to use the Data Connector...
Xibo 跨站脚本漏洞
Xibo is a digital signage content management tool developed by Dan Garner. Versions of Xibo prior to 4.4.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from stored XSS attacks and an Iframe sandbox escape chain, which could allow users with DataSet permissions to use...
CVE-2026-31955
Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request Forgery SSRF vulnerability in versions prior to 4.4.1 allows users with DataSet permissions to make arbitrary HTTP requests from the CMS...
CVE-2026-31955 Xibo CMS has Authenticated Server-Side Request Forgery (SSRF) in Remote DataSet Functionality
Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request Forgery SSRF vulnerability in versions prior to 4.4.1 allows users with DataSet permissions to make arbitrary HTTP requests from the CMS...
Incorrect Execution-Assigned Permissions
Overview Affected versions of this package are vulnerable to Incorrect Execution-Assigned Permissions when initialising host directories with 711 and 755 permissions instead of 700. An attacker can gain unauthorized access to sensitive data and potentially escalate privileges by accessing...
Incorrect Execution-Assigned Permissions
Overview Affected versions of this package are vulnerable to Incorrect Execution-Assigned Permissions when initialising host directories with 711 and 755 permissions instead of 700. An attacker can gain unauthorized access to sensitive data and potentially escalate privileges by accessing...
RUSTSEC-2025-0149 World Writable Directory in /var/log/below Allows Local Privilege Escalation
Below is a tool for recording and displaying system data like hardware utilization and cgroup information on Linux. Symlink Attack in /var/log/below/errorroot.log Below's systemd service runs with full root privileges. It attempts to create a world-writable directory in /var/log/below. Even if th...
PT-2024-25025 · Kaminari · Kaminari
Name of the Vulnerable Software and Affected Versions: Kaminari versions prior to 0.16.2 Description: A security issue involving insecure file permissions has been identified in the Kaminari pagination library for Ruby on Rails. This issue is of moderate severity due to the potential for...
PT-2020-14195 · Coreos +3 · Etcd +3
Name of the Vulnerable Software and Affected Versions: etcd versions 3.3.23 and earlier etcd versions 3.4.10 and earlier Description: The issue concerns the creation of certain directory paths with restricted access permissions by using the os.MkdirAll function, which does not perform permission...
CVE-2020-8013 permissions: chkstat sets unintended setuid/capabilities for mrsh and wodim
A UNIX Symbolic Link Symlink Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. The symlinks can't be...
linux/x86 cp /bin/sh /tmp/katy ; chmod 4555 katy 126 bytes
linux/x86 cp /bin/sh /tmp/katy ; chmod 4555 katy 126 bytes. Shellcode exploit for linx86 platform / Linux/x86 /bin/cp /bin/sh /tmp/katy ; chmod 4555 /tmp/sh using fork / include char shellcode = "\xeb\x5e\x5f\x31\xc0\x88\x47\x07\x88\x47\x0f\x88\x47\x19\x89\x7f"...