Lucene search
K

2839 matches found

OSV
OSV
added 2024/04/29 5:15 p.m.3 views

DEBIAN-CVE-2024-32491

An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in user can upload a file via a manipulated AJAX Request to an arbitrary writable location by traversing paths. Arbitrary code can be executed if this location is publicly available...

9.8CVSS5.6AI score0.00719EPSS
Exploits0References1
OSV
OSV
added 2024/04/29 5:15 p.m.1 views

UBUNTU-CVE-2024-32491

An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in user can upload a file via a manipulated AJAX Request to an arbitrary writable location by traversing paths. Arbitrary code can be executed if this location is publicly available...

9.8CVSS6AI score0.00719EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/04/29 12:0 a.m.5 views

PT-2024-24613 · Znuny +1 · Znuny +1

Name of the Vulnerable Software and Affected Versions: Znuny versions 6.0.31 through 6.5.7 Znuny versions 7.0.1 through 7.0.16 Description: An issue allows a logged-in user to upload a file to an arbitrary writable location by traversing paths via a manipulated AJAX request. If this location is...

9.8CVSS7.8AI score0.00719EPSS
Exploits0References14
OSV
OSV
added 2024/04/27 11:15 p.m.4 views

CVE-2022-48685

An issue was discovered in Logpoint 7.1 before 7.1.2. The daily executed cron file cleansecbioldlogs is writable by all users and is executed as root, leading to privilege escalation...

6.7CVSS5.8AI score0.00166EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2024/04/27 11:15 p.m.4 views

CVE-2022-48685

An issue was discovered in Logpoint 7.1 before 7.1.2. The daily executed cron file cleansecbioldlogs is writable by all users and is executed as root, leading to privilege escalation...

7.7CVSS5.2AI score0.00166EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/04/27 12:0 a.m.20 views

CVE-2022-48685

An issue was discovered in Logpoint 7.1 before 7.1.2. The daily executed cron file cleansecbioldlogs is writable by all users and is executed as root, leading to privilege escalation...

7.7CVSS7.8AI score0.00166EPSS
Exploits0References1
Veracode
Veracode
added 2024/04/03 9:48 a.m.40 views

Information Disclosure

apacheairflow is vulnerable to a Information Disclosure. The vulnerability is due to an insecure umask configuration in numerous Airflow components when running with the --daemon flag, resulting in a race condition that results in setting files within the airflow home directory world writable...

4.7CVSS6.5AI score0.00593EPSS
Exploits0References9Affected Software1
CNNVD
CNNVD
added 2024/04/03 12:0 a.m.3 views

Axigen 安全漏洞

Axigen is a mail server with groupware and collaboration features from Axigen, Inc. A security vulnerability exists in Axigen version 10.5.18 and earlier that originates from a vulnerability that allows a local, low-privilege attacker to execute arbitrary code and elevate privileges by loading an...

6.7CVSS7.6AI score0.00342EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/03 12:0 a.m.8 views

PT-2024-22489 · Axigen · Axigen Mail Server

Name of the Vulnerable Software and Affected Versions: Axigen Mail Server for Windows versions 10.5.18 and before Description: An issue was discovered in Axigen Mail Server for Windows, allowing local low-privileged attackers to execute arbitrary code and escalate privileges via insecure DLL...

6.7CVSS8.3AI score0.00342EPSS
Exploits0References5
OSV
OSV
added 2024/03/20 5:15 a.m.3 views

CVE-2024-22078

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem permissions. This results in write access for all authenticated users and the possibility to...

8.8CVSS5.8AI score0.00642EPSS
Exploits0References1
NVD
NVD
added 2024/03/20 5:15 a.m.17 views

CVE-2024-22078

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem permissions. This results in write access for all authenticated users and the possibility to...

8.8CVSS7AI score0.00642EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/20 12:0 a.m.8 views

CVE-2024-22078

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem permissions. This results in write access for all authenticated users and the possibility to...

7.3AI score0.00642EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/20 12:0 a.m.14 views

CVE-2024-22078

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem permissions. This results in write access for all authenticated users and the possibility to...

7.2AI score0.00642EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/03/19 12:0 a.m.7 views

PT-2024-19188 · Elspec · Elspec G5 Digital Fault Recorder

Name of the Vulnerable Software and Affected Versions: Elspec G5 digital fault recorder versions 1.1.4.15 and before Description: An issue in the Elspec G5 digital fault recorder allows privilege escalation via world writable files. The network configuration script has weak filesystem permissions...

8.8CVSS7.7AI score0.00642EPSS
Exploits0References3
OSV
OSV
added 2024/03/18 10:15 a.m.2 views

CVE-2024-1605

BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries DLL from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of a potentially malicious libraries, which will execute with the application's privileges. Fix for...

7.8CVSS5.8AI score0.00491EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/03/18 12:0 a.m.5 views

PT-2024-18166 · Bmc · Bmc Control-M

Name of the Vulnerable Software and Affected Versions: BMC Control-M versions 9.0.20 through 9.0.21 Description: The issue arises when BMC Control-M loads all Dynamic Link Libraries DLL from a directory that grants Write and Read permissions to all users upon user login. This can be leveraged to...

7.8CVSS6.8AI score0.00491EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/03/18 12:0 a.m.5 views

BMC Control-M Security Vulnerability

BMC Control-M is an application from BMC Corporation. simplifies application and data workflow orchestration locally or as a service. A security vulnerability exists in BMC Control-M versions 9.0.20 and 9.0.21, which stems from a vulnerability that allows dynamic link libraries DLLs to be loaded...

7.8CVSS6.8AI score0.00491EPSS
Exploits0References4
OSV
OSV
added 2024/03/06 10:56 a.m.16 views

BIT-MINICONDA-2022-26526

Anaconda Anaconda3 Anaconda Distribution through 2021.11.0.0 and Miniconda3 through 4.11.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placing a Trojan horse fil...

7.8CVSS7.7AI score0.00338EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2024/02/27 9:3 p.m.17 views

CVE-2021-46912

A flaw was found in the network sub-component in the Linux Kernel. The tcpallowedcongestioncontrol is global and writable, and writing to it in any net namespace will leak into all other net namespaces...

5.5CVSS6.8AI score0.00232EPSS
Exploits0References6
OSV
OSV
added 2024/02/06 12:30 a.m.2 views

GHSA-9GP8-6CG8-7H34 Spring Security's spring-security.xsd file is world writable

The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for Critical...

5.5CVSS6.4AI score0.00216EPSS
Exploits0References5
Rows per page
Query Builder