2839 matches found
DEBIAN-CVE-2024-32491
An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in user can upload a file via a manipulated AJAX Request to an arbitrary writable location by traversing paths. Arbitrary code can be executed if this location is publicly available...
UBUNTU-CVE-2024-32491
An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in user can upload a file via a manipulated AJAX Request to an arbitrary writable location by traversing paths. Arbitrary code can be executed if this location is publicly available...
PT-2024-24613 · Znuny +1 · Znuny +1
Name of the Vulnerable Software and Affected Versions: Znuny versions 6.0.31 through 6.5.7 Znuny versions 7.0.1 through 7.0.16 Description: An issue allows a logged-in user to upload a file to an arbitrary writable location by traversing paths via a manipulated AJAX request. If this location is...
CVE-2022-48685
An issue was discovered in Logpoint 7.1 before 7.1.2. The daily executed cron file cleansecbioldlogs is writable by all users and is executed as root, leading to privilege escalation...
CVE-2022-48685
An issue was discovered in Logpoint 7.1 before 7.1.2. The daily executed cron file cleansecbioldlogs is writable by all users and is executed as root, leading to privilege escalation...
CVE-2022-48685
An issue was discovered in Logpoint 7.1 before 7.1.2. The daily executed cron file cleansecbioldlogs is writable by all users and is executed as root, leading to privilege escalation...
Information Disclosure
apacheairflow is vulnerable to a Information Disclosure. The vulnerability is due to an insecure umask configuration in numerous Airflow components when running with the --daemon flag, resulting in a race condition that results in setting files within the airflow home directory world writable...
Axigen 安全漏洞
Axigen is a mail server with groupware and collaboration features from Axigen, Inc. A security vulnerability exists in Axigen version 10.5.18 and earlier that originates from a vulnerability that allows a local, low-privilege attacker to execute arbitrary code and elevate privileges by loading an...
PT-2024-22489 · Axigen · Axigen Mail Server
Name of the Vulnerable Software and Affected Versions: Axigen Mail Server for Windows versions 10.5.18 and before Description: An issue was discovered in Axigen Mail Server for Windows, allowing local low-privileged attackers to execute arbitrary code and escalate privileges via insecure DLL...
CVE-2024-22078
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem permissions. This results in write access for all authenticated users and the possibility to...
CVE-2024-22078
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem permissions. This results in write access for all authenticated users and the possibility to...
CVE-2024-22078
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem permissions. This results in write access for all authenticated users and the possibility to...
CVE-2024-22078
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem permissions. This results in write access for all authenticated users and the possibility to...
PT-2024-19188 · Elspec · Elspec G5 Digital Fault Recorder
Name of the Vulnerable Software and Affected Versions: Elspec G5 digital fault recorder versions 1.1.4.15 and before Description: An issue in the Elspec G5 digital fault recorder allows privilege escalation via world writable files. The network configuration script has weak filesystem permissions...
CVE-2024-1605
BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries DLL from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of a potentially malicious libraries, which will execute with the application's privileges. Fix for...
PT-2024-18166 · Bmc · Bmc Control-M
Name of the Vulnerable Software and Affected Versions: BMC Control-M versions 9.0.20 through 9.0.21 Description: The issue arises when BMC Control-M loads all Dynamic Link Libraries DLL from a directory that grants Write and Read permissions to all users upon user login. This can be leveraged to...
BMC Control-M Security Vulnerability
BMC Control-M is an application from BMC Corporation. simplifies application and data workflow orchestration locally or as a service. A security vulnerability exists in BMC Control-M versions 9.0.20 and 9.0.21, which stems from a vulnerability that allows dynamic link libraries DLLs to be loaded...
BIT-MINICONDA-2022-26526
Anaconda Anaconda3 Anaconda Distribution through 2021.11.0.0 and Miniconda3 through 4.11.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placing a Trojan horse fil...
CVE-2021-46912
A flaw was found in the network sub-component in the Linux Kernel. The tcpallowedcongestioncontrol is global and writable, and writing to it in any net namespace will leak into all other net namespaces...
GHSA-9GP8-6CG8-7H34 Spring Security's spring-security.xsd file is world writable
The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for Critical...