67 matches found
GHSA-9GP8-6CG8-7H34 Spring Security's spring-security.xsd file is world writable
The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for Critical...
PT-2023-24653 · Spring · Spring Security
Name of the Vulnerable Software and Affected Versions: Spring Security versions prior to 5.8.7 Spring Security versions prior to 6.0.7 Spring Security versions prior to 6.1.4 Spring Security versions prior to 6.2.0-M1 Description: The spring-security.xsd file inside the spring-security-config jar...
CVE-2021-43034
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A world writable file allowed local users to execute arbitrary code as the user apache, leading to privilege escalation...
Privilege escalation
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A world writable file allowed local users to execute arbitrary code as the user apache, leading to privilege escalation...
PT-2021-23723 · Kaseya · Kaseya Unitrends Backup Appliance
Name of the Vulnerable Software and Affected Versions: Kaseya Unitrends Backup Appliance versions prior to 10.5.5 Description: An issue was discovered in the Kaseya Unitrends Backup Appliance, where a world writable file allowed local users to execute arbitrary code as the user apache, leading to...
CVE-2019-17190
A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe which is running as NT AUTHORITY\SYSTEM when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, th...
CVE-2018-20768
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file...
CVE-2018-20768
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file...
Design/Logic Flaw
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file...
CVE-2018-20768
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file...
CVE-2018-1460
IBM Netezza Platform Software IBM PureData System for Analytics 1.0.0 could allow a local user to modify a world writable file, which could be used to execute commands as root. IBM X-Force ID: 140211...
Command injection
IBM Netezza Platform Software IBM PureData System for Analytics 1.0.0 could allow a local user to modify a world writable file, which could be used to execute commands as root. IBM X-Force ID: 140211...
CVE-2018-1460
CVE-2018-1460 affects IBM Netezza Platform Software (IBM PureData System for Analytics) versions 7.0.4 through 7.2.1.6. A local attacker can modify a world-writable file to execute commands with root privileges, enabling local privilege escalation. IBM’s security bulletin confirms the vulnerabili...
CVE-2018-1460
IBM Netezza Platform Software IBM PureData System for Analytics 1.0.0 could allow a local user to modify a world writable file, which could be used to execute commands as root. IBM X-Force ID: 140211...
IBM AIX libC XL C++运行时库本地权限提升漏洞
IBM AIX是一款商业性质的UNIX操作系统。 AIX的XL C++运行时库的调试组件没有正确地处理LIBINITDBG和LIBINITDBGFILE环境变量,本地用户可以通过链接到XL C++运行时库的setuid root程序创建属于root的任意可写文件。 AIX 5.3中受影响的库是/usr/lpp/xlC/lib/libC.a,AIX 6.1中受影响的库是/usr/ccs/lib/libc.a和/usr/ccs/lib/libp/libc.a。 IBM AIX 6.1 IBM AIX 5.3 厂商补丁: IBM ---...
CVE-2003-1502
modthrottle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges...
rockdodger -- buffer overflows
The environment variable HOME is copied without regard to buffer size, which can be used to gain elevated privilege if the binary is installed setgid games, and a string is read from the high score file without bounds check. The port installs the binary without setgid, but with a world-writable...
Borland Interbase weak permissions
File /opt/interbase/admin.ib is world writable...
CVE-2003-1502
modthrottle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges...
CVE-2001-1171
Check Point Firewall-1 3.0b through 4.0 SP1 follows symlinks and creates a world-writable temporary .cpp file when compiling Policy rules, which could allow local users to gain privileges or modify the firewall policy...