Lucene search
K

11 matches found

EUVD
EUVD
added 2026/06/10 9:39 p.m.29 views

EUVD-2026-36170

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.2, a vulnerability chain consisting of Stored XSS and Iframe Sandbox escape in the Xibo CMS allows users with DataSet permissions to use the Data Connector...

7.6CVSS5.3AI score0.0011EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.18 views

Xibo 跨站脚本漏洞

Xibo is a digital signage content management tool developed by Dan Garner. Versions of Xibo prior to 4.4.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from stored XSS attacks and an Iframe sandbox escape chain, which could allow users with DataSet permissions to use...

7.6CVSS4.9AI score0.0011EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/25 7:22 a.m.5 views

CVE-2026-31955

Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request Forgery SSRF vulnerability in versions prior to 4.4.1 allows users with DataSet permissions to make arbitrary HTTP requests from the CMS...

4.9CVSS5.6AI score0.00282EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/24 12:14 a.m.3 views

CVE-2026-31955 Xibo CMS has Authenticated Server-Side Request Forgery (SSRF) in Remote DataSet Functionality

Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request Forgery SSRF vulnerability in versions prior to 4.4.1 allows users with DataSet permissions to make arbitrary HTTP requests from the CMS...

4.9CVSS5.6AI score0.00282EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/06 3:12 p.m.3 views

Incorrect Execution-Assigned Permissions

Overview Affected versions of this package are vulnerable to Incorrect Execution-Assigned Permissions when initialising host directories with 711 and 755 permissions instead of 700. An attacker can gain unauthorized access to sensitive data and potentially escalate privileges by accessing...

8.5CVSS6.5AI score0.00159EPSS
Exploits1References2
Snyk
Snyk
added 2025/11/06 3:12 p.m.3 views

Incorrect Execution-Assigned Permissions

Overview Affected versions of this package are vulnerable to Incorrect Execution-Assigned Permissions when initialising host directories with 711 and 755 permissions instead of 700. An attacker can gain unauthorized access to sensitive data and potentially escalate privileges by accessing...

8.5CVSS6.9AI score0.00159EPSS
Exploits1References2
OSV
OSV
added 2025/03/12 12:0 p.m.6 views

RUSTSEC-2025-0149 World Writable Directory in /var/log/below Allows Local Privilege Escalation

Below is a tool for recording and displaying system data like hardware utilization and cgroup information on Linux. Symlink Attack in /var/log/below/errorroot.log Below's systemd service runs with full root privileges. It attempts to create a world-writable directory in /var/log/below. Even if th...

7.3CVSS7.3AI score0.0036EPSS
Exploits22References3
Positive Technologies
Positive Technologies
added 2024/05/27 12:0 a.m.8 views

PT-2024-25025 · Kaminari · Kaminari

Name of the Vulnerable Software and Affected Versions: Kaminari versions prior to 0.16.2 Description: A security issue involving insecure file permissions has been identified in the Kaminari pagination library for Ruby on Rails. This issue is of moderate severity due to the potential for...

6.6CVSS7AI score0.00595EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2020/08/05 12:0 a.m.4 views

PT-2020-14195 · Coreos +3 · Etcd +3

Name of the Vulnerable Software and Affected Versions: etcd versions 3.3.23 and earlier etcd versions 3.4.10 and earlier Description: The issue concerns the creation of certain directory paths with restricted access permissions by using the os.MkdirAll function, which does not perform permission...

7.7CVSS7.1AI score0.01636EPSS
Exploits0References32
Cvelist
Cvelist
added 2020/03/02 4:35 p.m.28 views

CVE-2020-8013 permissions: chkstat sets unintended setuid/capabilities for mrsh and wodim

A UNIX Symbolic Link Symlink Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. The symlinks can't be...

2.2CVSS4AI score0.00317EPSS
Exploits0References2
Exploit DB
Exploit DB
added 2004/09/26 12:0 a.m.35 views

linux/x86 cp /bin/sh /tmp/katy ; chmod 4555 katy 126 bytes

linux/x86 cp /bin/sh /tmp/katy ; chmod 4555 katy 126 bytes. Shellcode exploit for linx86 platform / Linux/x86 /bin/cp /bin/sh /tmp/katy ; chmod 4555 /tmp/sh using fork / include char shellcode = "\xeb\x5e\x5f\x31\xc0\x88\x47\x07\x88\x47\x0f\x88\x47\x19\x89\x7f"...

Exploits0
Rows per page
Query Builder