350 matches found
CVE-2025-6241 CVE-2025-6241
LsiAgent.exe, a component of SysTrack from Lakeside Software, attempts to load several DLL files which are not present in the default installation. If a user-writable directory is present in the SYSTEM PATH environment variable, the user can write a malicious DLL to that directory with arbitrary...
CVE-2025-6241 CVE-2025-6241
LsiAgent.exe, a component of SysTrack from Lakeside Software, attempts to load several DLL files which are not present in the default installation. If a user-writable directory is present in the SYSTEM PATH environment variable, the user can write a malicious DLL to that directory with arbitrary...
PT-2025-30989
Name of the Vulnerable Software and Affected Versions: Lakeside SysTrack versions affected versions not specified Description: LsiAgent.exe, a component of SysTrack, attempts to load DLL files that are not part of the default installation. If a user-writable directory is included in the SYSTEM PA...
Exploit for Incorrect Permission Assignment for Critical Resource in Facebook Below
CVE-2025-27591 – Privilege Escalation via Symlink Abuse in be...
Exploit for Incorrect Permission Assignment for Critical Resource in Facebook Below
CVE-2025-27591 - Privilege Escalation via Writable Symlink in...
CVE-2023-1314
A vulnerability has been discovered in cloudflared's installer = 2023.3.0 for Windows 32-bits devices that allows a local attacker with no administrative permissions to escalate their privileges on the affected device. This vulnerability exists because the MSI installer used by cloudflared relied...
CVE-2021-34408
The Zoom Client for Meetings for Windows in all versions before version 5.3.2 writes log files to a user writable directory as a privileged user during the installation or update of the client. This could allow for potential privilege escalation if a link was created between the user writable...
CVE-2021-40981
ASUS ROG Armoury Crate Lite before 4.2.10 allows local users to gain privileges by placing a Trojan horse file in the publicly writable %PROGRAMDATA%\ASUS\GamingCenterLib directory...
CVE-2020-6024
Check Point SmartConsole before R80.10 Build 185, R80.20 Build 119, R80.30 before Build 94, R80.40 before Build 415, and R81 before Build 548 were vulnerable to a possible local privilege escalation due to running executables from a directory with write access to all authenticated users...
CVE-2020-27384
The Gw2-64.exe in Guild Wars 2 launcher version 106916 suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file with a binary of his choice. The vulnerability exist due to the improper permissions, with the 'F' flag...
CVE-2005-1856
The CD-burning feature in backup-manager 0.5.8 and earlier uses a fixed filename in a world-writable directory for logging, which allows local users to overwrite files via a symlink attack...
CVE-2025-32820
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable...
CVE-2025-32820
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable...
Exploit for Deserialization of Untrusted Data in Apache Tomcat
CVE-2025-24813 Apache Tomcat RCE PoC Proof of Concept PoC ex...
CVE-2025-27591
A flaw was found in the Below service. This vulnerability allows local, unprivileged users to escalate to root privileges via symlink attacks exploiting a world-writable directory at /var/log/below. Mitigation Mitigation for this issue is either not available or the currently available options do...
RUSTSEC-2025-0149 World Writable Directory in /var/log/below Allows Local Privilege Escalation
Below is a tool for recording and displaying system data like hardware utilization and cgroup information on Linux. Symlink Attack in /var/log/below/errorroot.log Below's systemd service runs with full root privileges. It attempts to create a world-writable directory in /var/log/below. Even if th...
Below has Incorrect Permission Assignment for Critical Resource
Impact A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as...
CVE-2025-27591
A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow...
CVE-2025-27591
CVE-2025-27591 – Below privilege escalation : Prior to v0.9.0, the Below service creates a world-writable directory at /var/log/below and writes a world-writable log file, enabling local unprivileged users to perform a symlink attack (e.g., replacing error_root.log with a link to /etc/passwd). Th...
CVE-2025-27591
A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow...