📄 FIFOFox: Windows Named-Pipe Weak Permission and Access Control Validation

This C-based framework analyzes Windows named pipes for insecure permission configurations and weak access controls that could introduce privilege boundary issues. The code collects metadata about target pipes, inspects security descriptors and DACL configurations, checks for potentially unsafe...

FIFOFox: Windows Named-Pipe Security Auditor and Fuzzer

FIFOFox is a Windows named-pipe security assessment tool for identifying weak pipe permissions, pipe-squatting exposure, and named-pipe impersonation attack paths. It combines passive auditing with authorized active testing, including fuzzing and interception-style capture, to help defenders find...

CVE-2026-9490

Affected product: Acer Care Center (ACC Svc). The vulnerability arises because the ACCSvc service creates a Named Pipe with a weak security descriptor, permitting an authenticated local user to connect and send a crafted message (type 0x03). This can trigger the service to crash with exit code 10...

Astra Linux – Vulnerability in targetcli-fb

The Open-iSCSI TargetCLI-fb version up to 2.1.52 has weak permissions for the /etc/target directory as well as for the backup directory and backup files...

CVE-2025-10549

EfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnerability caused by weak folder permissions in the installation directory. A local attacker can place a specially crafted DLL in this directory and achieve arbitrary code execution with highest privileges, because the affected...

CVE-2025-10549

CVE-2025-10549 : DLL hijacking in EfficientLab Controlio before v1.3.95 due to weak permissions in the installation directory. A local attacker can drop a crafted DLL and achieve arbitrary code execution with SYSTEM privileges because the service runs as NT AUTHORITY\SYSTEM. Affects EfficientLab ...

EfficientLab Controlio 代码问题漏洞

EfficientLab Controlio is a management software developed by EfficientLab for monitoring employee behavior and analyzing work efficiency. Versions of EfficientLab Controlio prior to 1.3.95 contained code vulnerabilities. These vulnerabilities were caused by weak permissions in the installation...

CVE-2021-27032

Autodesk Licensing Installer was found to be vulnerable to privilege escalation issues. A malicious user with limited privileges could run any number of tools on a system to identify services that are configured with weak permissions and are running under elevated privileges. These weak permissio...

CVE-2026-2026

The CVE-2026-2026 entry concerns the Nessus Agent for Windows with weak file permissions in its installation directory, allowing unauthorized access that can lead to Denial of Service. Reported CVSS metrics indicate a Local attack with Low privilege required and No user interaction, contributing ...

[R1] Nessus Agent Versions 11.0.4 and 11.1.2 Fix One Vulnerability

R1 Nessus Agent Versions 11.0.4 and 11.1.2 Fix One Vulnerability Arnie Cabral Thu, 02/12/2026 - 10:40 A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service DoS attack...

[R1] Nessus Agent Versions 11.0.4 and 11.1.2 Fix One Vulnerability

R1 Nessus Agent Versions 11.0.4 and 11.1.2 Fix One Vulnerability Arnie Cabral Thu, 02/12/2026 - 10:40 A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service DoS attack...

LinuxPrivEscToolkit

🛡️ Linux Privilege Escalation Toolkit !Pythonhttps://img.s...

Rockstar Games Launcher security vulnerability

Rockstar Games Launcher is a game launcher developed by Rockstar Games, Inc. Version 1.0.37.349 of Rockstar Games Launcher has a security vulnerability. This vulnerability stems from weak permissions for the service executable file, which may lead to an elevation of privileges...

MiracleLinux 8 : targetcli-2.1.53-1.el8 (AXSA:2020-1067:05)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-1067:05 advisory. targetcli: weak permissions for /etc/target and backup files CVE-2020-13867 Tenable has extracted the preceding description block directly from the...

MiracleLinux 8 : python-rtslib-2.1.73-2.el8 (AXEA:2021-1213:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXEA:2021-1213:01 advisory. - Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile instead of shutil.copy is used, and thus...

CVE-2023-31468

An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 Runtime RT7.3 RC3 20221209.5. The "%PROGRAMFILESX86%\INOSOFT GmbH" folder has weak permissions for Everyone, allowing an attacker to insert a Trojan horse file that runs as SYSTEM. 2024-1 is a fixed version...

CVE-2022-37030

Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 through 1.x before 1.28 allow a local unprivileged user in the gromox group to have the PAM stack execute arbitrary code upon loading the Gromox PAM module...

CVE-2017-18422

In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog ownership and permissions SEC-272...

CVE-2017-18425

In cPanel before 66.0.2, the cpdavderrorlog file can be created with weak permissions SEC-280...

CVE-2019-20843

An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There are weak permissions for configuration files...