Lucene search
K

2832 matches found

OpenVAS
OpenVAS
added 2020/03/30 12:0 a.m.35 views

Debian: Security Advisory (DLA-2162-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.5AI score0.09579EPSS
Exploits4References3
NVD
NVD
added 2020/03/19 6:15 p.m.21 views

CVE-2019-16061

A number of files on the NETSAS Enigma NMS server 65.0.0 and prior are granted weak world-readable and world-writable permissions, allowing any low privileged user with access to the system to read sensitive data e.g., .htpasswd and create/modify/delete content e.g., under /var/www/html/docs with...

8.8CVSS8.5AI score0.00994EPSS
Exploits1References1
OSV
OSV
added 2020/03/19 6:15 p.m.4 views

CVE-2019-16061

A number of files on the NETSAS Enigma NMS server 65.0.0 and prior are granted weak world-readable and world-writable permissions, allowing any low privileged user with access to the system to read sensitive data e.g., .htpasswd and create/modify/delete content e.g., under /var/www/html/docs with...

8.8CVSS7.3AI score0.00994EPSS
Exploits1References1
OSV
OSV
added 2020/03/16 6:15 p.m.6 views

CVE-2019-5543

For VMware Horizon Client for Windows 5.x and prior before 5.3.0, VMware Remote Console for Windows 10.x before 11.0.0, VMware Workstation for Windows 15.x before 15.5.2 the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users. A local...

7.8CVSS5.5AI score0.00391EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/03/13 12:0 a.m.34 views

EulerOS Virtualization for ARM 64 3.0.2.0 : perl (EulerOS-SA-2020-1196)

According to the versions of the perl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows...

7.8CVSS7.4AI score0.03045EPSS
Exploits0References3
OSV
OSV
added 2020/03/07 12:15 a.m.3 views

CVE-2020-8634

Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on files modified within the HTTP file management interface, resulting in files being saved with world-readable and world-writable permissions. If a sensitive system file were edited this way, a low-privilege user may...

7.8CVSS7.1AI score0.00807EPSS
Exploits6References1
NVD
NVD
added 2020/03/07 12:15 a.m.19 views

CVE-2020-8634

Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on files modified within the HTTP file management interface, resulting in files being saved with world-readable and world-writable permissions. If a sensitive system file were edited this way, a low-privilege user may...

7.8CVSS7.7AI score0.00426EPSS
Exploits5References1
CNVD
CNVD
added 2020/02/28 12:0 a.m.3 views

PHP PHAR Archive File Permissions Vulnerability

PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language jointly maintained by the PHPGroup and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. A...

5.5CVSS9AI score0.01599EPSS
Exploits1References1
Kitploit
Kitploit
added 2020/02/21 12:0 p.m.1725 views

SUDO_KILLER - A Tool To Identify And Exploit Sudo Rules' Misconfigurations And Vulnerabilities Within Sudo

Linux Privilege Escalation through SUDO abuse. If you like the tool and for my personal motivation so as to develop other tools please a +1 star The tool can be used by pentesters, system admins, CTF players, students, System Auditors and trolls :. INTRO WARNING: SUDOKILLER is part of the KILLER...

8.8CVSS9.2AI score0.63917EPSS
Exploits21References1
OSV
OSV
added 2020/02/17 4:15 a.m.3 views

CVE-2020-9024

Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world-writable permissions for the /root/cleardata.pl executed as root by crond and /root/loadperl.sh executed as root at boot time scripts...

9.8CVSS7.3AI score
Exploits0References1
NVD
NVD
added 2020/02/17 4:15 a.m.11 views

CVE-2020-9024

Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world-writable permissions for the /root/cleardata.pl executed as root by crond and /root/loadperl.sh executed as root at boot time scripts...

10CVSS9.6AI score0.01843EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/02/17 3:3 a.m.11 views

CVE-2020-9024

Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world-writable permissions for the /root/cleardata.pl executed as root by crond and /root/loadperl.sh executed as root at boot time scripts...

9.6AI score0.01843EPSS
Exploits1References1
CVE
CVE
added 2020/02/17 3:3 a.m.101 views

CVE-2020-9024

The CVE concerns Iteris Vantage Velocity Field Unit, versions 2.3.1 and 2.4.2. The underlying issue is world-writable permissions on two scripts: /root/cleardata.pl (executed as root by crond) and /root/loadperl.sh (executed as root at boot). This improper permissions setup can allow unauthorized...

10CVSS9.5AI score0.01843EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2020/02/14 6:15 p.m.10 views

CVE-2019-11215

In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writable, then execution of arbitrary code can be accomplished by calling ajax.dataloader with a maliciously crafted payload. Many conditions can place the configuration file into a writable state: during installation; during...

8.1CVSS7.4AI score
Exploits0References2
Prion
Prion
added 2020/02/14 6:15 p.m.16 views

Race condition

In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writable, then execution of arbitrary code can be accomplished by calling ajax.dataloader with a maliciously crafted payload. Many conditions can place the configuration file into a writable state: during installation; during...

6.8CVSS8.1AI score0.01167EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/02/14 5:31 p.m.19 views

CVE-2019-11215

In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writable, then execution of arbitrary code can be accomplished by calling ajax.dataloader with a maliciously crafted payload. Many conditions can place the configuration file into a writable state: during installation; during...

8.2AI score0.01167EPSS
Exploits0References2
CVE
CVE
added 2020/02/14 5:31 p.m.117 views

CVE-2019-11215

CVE-2019-11215 affects Combodo iTop versions 2.2.0–2.6.0. If the configuration file is writable, an attacker can achieve arbitrary code execution by sending a crafted payload to the ajax.dataloader API. The condition for writability can arise during installation, upgrade, a web-interface write er...

8.1CVSS8.1AI score0.01167EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2020/02/08 5:15 a.m.29 views

CVE-2019-11485

Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling...

3.3CVSS4AI score0.0026EPSS
Exploits0References2
OSV
OSV
added 2020/02/08 5:15 a.m.2 views

CVE-2019-11485

Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling...

3.3CVSS5.8AI score0.0026EPSS
Exploits0References2
Prion
Prion
added 2020/02/08 5:15 a.m.26 views

Design/Logic Flaw

Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling...

2.1CVSS5.2AI score0.0026EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder