Lucene search
K

67 matches found

OSV
OSV
added 2024/02/06 12:30 a.m.2 views

GHSA-9GP8-6CG8-7H34 Spring Security's spring-security.xsd file is world writable

The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for Critical...

5.5CVSS6.4AI score0.00216EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/09/18 12:0 a.m.4 views

PT-2023-24653 · Spring · Spring Security

Name of the Vulnerable Software and Affected Versions: Spring Security versions prior to 5.8.7 Spring Security versions prior to 6.0.7 Spring Security versions prior to 6.1.4 Spring Security versions prior to 6.2.0-M1 Description: The spring-security.xsd file inside the spring-security-config jar...

5.5CVSS8.9AI score0.00216EPSS
Exploits0References11
OSV
OSV
added 2021/12/06 4:15 a.m.3 views

CVE-2021-43034

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A world writable file allowed local users to execute arbitrary code as the user apache, leading to privilege escalation...

7.8CVSS6.1AI score0.00438EPSS
Exploits1References3
Prion
Prion
added 2021/12/06 4:15 a.m.12 views

Privilege escalation

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A world writable file allowed local users to execute arbitrary code as the user apache, leading to privilege escalation...

4.6CVSS7.8AI score0.00438EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2021/12/06 12:0 a.m.6 views

PT-2021-23723 · Kaseya · Kaseya Unitrends Backup Appliance

Name of the Vulnerable Software and Affected Versions: Kaseya Unitrends Backup Appliance versions prior to 10.5.5 Description: An issue was discovered in the Kaseya Unitrends Backup Appliance, where a world writable file allowed local users to execute arbitrary code as the user apache, leading to...

7.8CVSS7.8AI score0.00438EPSS
Exploits1References7
OSV
OSV
added 2020/01/27 4:15 p.m.3 views

CVE-2019-17190

A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe which is running as NT AUTHORITY\SYSTEM when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, th...

7.8CVSS7.1AI score0.00522EPSS
Exploits1References3
NVD
NVD
added 2019/02/10 5:29 p.m.26 views

CVE-2018-20768

An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file...

9.8CVSS9.7AI score0.01235EPSS
Exploits0References1
OSV
OSV
added 2019/02/10 5:29 p.m.7 views

CVE-2018-20768

An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file...

9.8CVSS5.9AI score0.01235EPSS
Exploits0References1
Prion
Prion
added 2019/02/10 5:29 p.m.17 views

Design/Logic Flaw

An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file...

7.5CVSS9.6AI score0.01235EPSS
Exploits0References1Affected Software29
Cvelist
Cvelist
added 2019/02/10 5:0 p.m.29 views

CVE-2018-20768

An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file...

9.7AI score0.01235EPSS
Exploits0References1
OSV
OSV
added 2018/06/15 2:29 p.m.2 views

CVE-2018-1460

IBM Netezza Platform Software IBM PureData System for Analytics 1.0.0 could allow a local user to modify a world writable file, which could be used to execute commands as root. IBM X-Force ID: 140211...

7.8CVSS5.9AI score0.00565EPSS
Exploits1References4
Prion
Prion
added 2018/06/15 2:29 p.m.14 views

Command injection

IBM Netezza Platform Software IBM PureData System for Analytics 1.0.0 could allow a local user to modify a world writable file, which could be used to execute commands as root. IBM X-Force ID: 140211...

7.2CVSS7.4AI score0.00565EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2018/06/15 2:0 p.m.35 views

CVE-2018-1460

CVE-2018-1460 affects IBM Netezza Platform Software (IBM PureData System for Analytics) versions 7.0.4 through 7.2.1.6. A local attacker can modify a world-writable file to execute commands with root privileges, enabling local privilege escalation. IBM’s security bulletin confirms the vulnerabili...

8.4CVSS7.5AI score0.00565EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2018/06/15 2:0 p.m.15 views

CVE-2018-1460

IBM Netezza Platform Software IBM PureData System for Analytics 1.0.0 could allow a local user to modify a world writable file, which could be used to execute commands as root. IBM X-Force ID: 140211...

8.4CVSS8.1AI score0.00565EPSS
Exploits1References4
seebug.org
seebug.org
added 2009/08/06 12:0 a.m.43 views

IBM AIX libC XL C++运行时库本地权限提升漏洞

IBM AIX是一款商业性质的UNIX操作系统。 AIX的XL C++运行时库的调试组件没有正确地处理LIBINITDBG和LIBINITDBGFILE环境变量,本地用户可以通过链接到XL C++运行时库的setuid root程序创建属于root的任意可写文件。 AIX 5.3中受影响的库是/usr/lpp/xlC/lib/libC.a,AIX 6.1中受影响的库是/usr/ccs/lib/libc.a和/usr/ccs/lib/libp/libc.a。 IBM AIX 6.1 IBM AIX 5.3 厂商补丁: IBM ---...

6.9AI score
Exploits0
Cvelist
Cvelist
added 2007/10/25 7:0 p.m.22 views

CVE-2003-1502

modthrottle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges...

6.5AI score0.00283EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2004/10/29 12:0 a.m.9 views

rockdodger -- buffer overflows

The environment variable HOME is copied without regard to buffer size, which can be used to gain elevated privilege if the binary is installed setgid games, and a string is read from the high score file without bounds check. The port installs the binary without setgid, but with a world-writable...

2.9AI score
Exploits0References1
securityvulns
securityvulns
added 2004/03/20 12:0 a.m.31 views

Borland Interbase weak permissions

File /opt/interbase/admin.ib is world writable...

1.9AI score
Exploits0References1Affected Software1
NVD
NVD
added 2003/12/31 5:0 a.m.16 views

CVE-2003-1502

modthrottle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges...

4.6CVSS6.5AI score0.00283EPSS
Exploits0References2
NVD
NVD
added 2002/04/01 5:0 a.m.15 views

CVE-2001-1171

Check Point Firewall-1 3.0b through 4.0 SP1 follows symlinks and creates a world-writable temporary .cpp file when compiling Policy rules, which could allow local users to gain privileges or modify the firewall policy...

7.2CVSS6.6AI score0.00345EPSS
Exploits0References1
Rows per page
Query Builder