CVE-2011-0178

The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directory in response to a call with the kTemporaryFolderType flag, which allows local users to obtain potentially sensitive information by accessing this directory...

EUVD-2015-5263

Malware in sbrugna...

EUVD-2011-0204

Malware in sbrugna...

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions due to insufficient permission enforcement in DirectoryOperations.cs when writing temporary files downloaded from stages to the OS temporary directory. A user with access to that world-readable directory ca...

DEBIAN-CVE-2024-29069

In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic links and other file types. Various file entries within the snap squashfs image such as icons and...

PT-2024-6091 · Snapd +4 · Snapd +4

Name of the Vulnerable Software and Affected Versions: snapd versions prior to 2.62 Description: The issue is related to the improper checking of symbolic link destinations when extracting a snap. This could allow an attacker to convince a user to install a malicious snap, which in turn could cau...

UBUNTU-CVE-2024-29069

In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic links and other file types. Various file entries within the snap squashfs image such as icons and...

CVE-2023-28351

An issue was discovered in Faronics Insight 10.0.19045 on Windows. Every keystroke made by any user on a computer with the Student application installed is logged to a world-readable directory. A local attacker can trivially extract these cleartext keystrokes, potentially enabling them to obtain...

CVE-2023-28351

An issue was discovered in Faronics Insight 10.0.19045 on Windows. Every keystroke made by any user on a computer with the Student application installed is logged to a world-readable directory. A local attacker can trivially extract these cleartext keystrokes, potentially enabling them to obtain...

PT-2023-2974 · Faronics · Faronics Insight

Name of the Vulnerable Software and Affected Versions: Faronics Insight version 10.0.19045 Description: An issue in Faronics Insight allows every keystroke made by any user on a computer with the Student application installed to be logged to a world-readable directory. This enables a local attack...

snapd 安全漏洞

Snapd is an open source, cross-platform package management tool. A security vulnerability exists in snapd 2.54.2 and earlier versions, which stems from the software creating the snap directory in a user's home directory without specifying owner-only permissions. This may allow a local attacker to...

CVE-2021-3532

Removed by vendor...

CVE-2021-25276

In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files that include users' password hashes that is world readable and writable. An unprivileged Windows user having access to the server's filesystem can add an FTP user by copying a valid profile file to thi...

CVE-2018-13352

Session Exposure in the web application for TerraMaster TOS version 3.1.03 allows attackers to view active session tokens in a world-readable directory...

pulp: Leakage of CA key in pulp-qpid-ssl-cfg

It was found that the private CA key was created in a directory that is world-readable for a small amount of time. A local user could possibly use this flaw to gain access to the private key information in the file...

MGASA-2017-0179 Updated kodi packages fix security vulnerability

Updated Kodi package to fix world readable $HOME/.kodi directory which could potentially contain clear passwords for add-ons...

PT-2017-8340 · Pulp · Pulp

Name of the Vulnerable Software and Affected Versions: Pulp version 2.8.3 Description: The issue arises during the installation process of Pulp, where the pulp.spec generates RSA key pairs in a world-readable directory before modifying the permissions. This might allow local users to read the...

mailman: Local users able to read private mailing list archives

It was found that mailman stored private email messages in a world-readable directory. A local user could use this flaw to read private mailing list archives...

SGI IRIX 6.2 cgi-bin wrap Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/373/info A vulnerability exists in the cgi-bin program 'wrap', as included with Irix 6.2 from SGI. A failure to validate input results in a vulnerability that allows any remote attacker to view the contents of any world...

DEBIAN-CVE-2012-6120

Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directory with world-readable permissions, which allows local users to obtain sensitive information such as Puppet log files...