Lucene search
+L

350 matches found

Vulnrichment
Vulnrichment
added 2025/07/27 12:46 a.m.4 views

CVE-2025-6241 CVE-2025-6241

LsiAgent.exe, a component of SysTrack from Lakeside Software, attempts to load several DLL files which are not present in the default installation. If a user-writable directory is present in the SYSTEM PATH environment variable, the user can write a malicious DLL to that directory with arbitrary...

6.4AI score0.00164EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/27 12:46 a.m.15 views

CVE-2025-6241 CVE-2025-6241

LsiAgent.exe, a component of SysTrack from Lakeside Software, attempts to load several DLL files which are not present in the default installation. If a user-writable directory is present in the SYSTEM PATH environment variable, the user can write a malicious DLL to that directory with arbitrary...

0.00164EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/27 12:0 a.m.6 views

PT-2025-30989

Name of the Vulnerable Software and Affected Versions: Lakeside SysTrack versions affected versions not specified Description: LsiAgent.exe, a component of SysTrack, attempts to load DLL files that are not part of the default installation. If a user-writable directory is included in the SYSTEM PA...

4.4CVSS6AI score0.00164EPSS
Exploits0References8
GithubExploit
GithubExploit
added 2025/07/19 10:17 p.m.124 views

Exploit for Incorrect Permission Assignment for Critical Resource in Facebook Below

CVE-2025-27591 – Privilege Escalation via Symlink Abuse in be...

6.8CVSS8AI score0.0036EPSS
Exploits23
GithubExploit
GithubExploit
added 2025/07/15 5:48 a.m.394 views

Exploit for Incorrect Permission Assignment for Critical Resource in Facebook Below

CVE-2025-27591 - Privilege Escalation via Writable Symlink in...

6.8CVSS7.7AI score0.0036EPSS
Exploits23
RedhatCVE
RedhatCVE
added 2025/05/23 2:31 a.m.20 views

CVE-2023-1314

A vulnerability has been discovered in cloudflared's installer = 2023.3.0 for Windows 32-bits devices that allows a local attacker with no administrative permissions to escalate their privileges on the affected device. This vulnerability exists because the MSI installer used by cloudflared relied...

7.8CVSS6.9AI score0.00259EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:50 p.m.9 views

CVE-2021-34408

The Zoom Client for Meetings for Windows in all versions before version 5.3.2 writes log files to a user writable directory as a privileged user during the installation or update of the client. This could allow for potential privilege escalation if a link was created between the user writable...

7.8CVSS7.1AI score0.00443EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:48 p.m.10 views

CVE-2021-40981

ASUS ROG Armoury Crate Lite before 4.2.10 allows local users to gain privileges by placing a Trojan horse file in the publicly writable %PROGRAMDATA%\ASUS\GamingCenterLib directory...

7.3CVSS6.9AI score0.00387EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 5:29 p.m.6 views

CVE-2020-6024

Check Point SmartConsole before R80.10 Build 185, R80.20 Build 119, R80.30 before Build 94, R80.40 before Build 415, and R81 before Build 548 were vulnerable to a possible local privilege escalation due to running executables from a directory with write access to all authenticated users...

7.8CVSS6.8AI score0.00265EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:1 p.m.6 views

CVE-2020-27384

The Gw2-64.exe in Guild Wars 2 launcher version 106916 suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file with a binary of his choice. The vulnerability exist due to the improper permissions, with the 'F' flag...

7.8CVSS6.9AI score0.0032EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 12:20 a.m.12 views

CVE-2005-1856

The CD-burning feature in backup-manager 0.5.8 and earlier uses a fixed filename in a world-writable directory for logging, which allows local users to overwrite files via a symlink attack...

2.1CVSS6.5AI score0.00331EPSS
Exploits0References1
NVD
NVD
added 2025/05/07 6:15 p.m.32 views

CVE-2025-32820

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable...

8.8CVSS0.02975EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/07 5:20 p.m.38 views

CVE-2025-32820

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable...

0.02975EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/04/08 2:52 p.m.236 views

Exploit for Deserialization of Untrusted Data in Apache Tomcat

CVE-2025-24813 Apache Tomcat RCE PoC Proof of Concept PoC ex...

9.8CVSS9.4AI score0.99945EPSS
Exploits47
RedhatCVE
RedhatCVE
added 2025/03/12 1:33 p.m.19 views

CVE-2025-27591

A flaw was found in the Below service. This vulnerability allows local, unprivileged users to escalate to root privileges via symlink attacks exploiting a world-writable directory at /var/log/below. Mitigation Mitigation for this issue is either not available or the currently available options do...

7.8CVSS7AI score0.0036EPSS
Exploits23References6
OSV
OSV
added 2025/03/12 12:0 p.m.7 views

RUSTSEC-2025-0149 World Writable Directory in /var/log/below Allows Local Privilege Escalation

Below is a tool for recording and displaying system data like hardware utilization and cgroup information on Linux. Symlink Attack in /var/log/below/errorroot.log Below's systemd service runs with full root privileges. It attempts to create a world-writable directory in /var/log/below. Even if th...

7.3CVSS7.3AI score0.0036EPSS
Exploits23References3
Github Security Blog
Github Security Blog
added 2025/03/11 9:12 p.m.16 views

Below has Incorrect Permission Assignment for Critical Resource

Impact A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as...

6.8CVSS7.1AI score0.0036EPSS
Exploits23References9Affected Software1
NVD
NVD
added 2025/03/11 7:15 p.m.11 views

CVE-2025-27591

A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow...

6.8CVSS0.0036EPSS
Exploits23References3
CVE
CVE
added 2025/03/11 6:29 p.m.722 views

CVE-2025-27591

CVE-2025-27591 – Below privilege escalation : Prior to v0.9.0, the Below service creates a world-writable directory at /var/log/below and writes a world-writable log file, enabling local unprivileged users to perform a symlink attack (e.g., replacing error_root.log with a link to /etc/passwd). Th...

6.8CVSS7.2AI score0.0036EPSS
Exploits23References3Affected Software1
Cvelist
Cvelist
added 2025/03/11 6:29 p.m.19 views

CVE-2025-27591

A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow...

0.0036EPSS
Exploits23References2
Rows per page
Query Builder