2832 matches found
CVE-2019-3870
A vulnerability was found in Samba versions 4.9 and later. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner root only access. However in some upgraded installations it will have othe...
PT-2019-4610 · Samba +1 · Samba +1
Name of the Vulnerable Software and Affected Versions: Samba versions 4.9 through 4.9.5 Samba versions 4.10.0 through 4.10.1 Description: A vulnerability was found in Samba related to the creation of a new Samba AD DC. During this process, files are created in a private subdirectory of the instal...
World writable files in Samba AD DC private/ dir
Description During the creation of a new Samba AD DC, files are created in a the private/ subdirectory of our install location. This directory is typically mode 0700, that is owner root only access. However in some upgraded installations it will have other permissions, such as 0755, because this...
Belkin Wemo UPnP Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Belkin Wemo UPnP Remote Code Execution', 'Description' = %q This module exploits a command injection in the Belkin Wemo UPnP API via the...
EulerOS 2.0 SP3 : ghostscript (EulerOS-SA-2019-1022)
According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ghostscript: Incorrect 'restoration of privilege' checking when running out of stack during exception handling CVE-2018-16802 - ghostscript...
CVE-2018-20768
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file...
CVE-2018-20768
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file...
Design/Logic Flaw
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file...
CVE-2018-20768
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file...
The vulnerability in the software for automatically processing group configurations and assigning processes to groups of libcgroups relates to errors in the access control mechanism, allowing an intruder to gain unauthorized access to protected information.
The vulnerability of the software for automatically processing group configurations and assigning processes to groups related to libcgroup lies in the creation of the "/var/log/cgred" file with access rights of 0666, regardless of the umask setting. Exploiting this vulnerability can allow an...
World Writable Permissions
augeas is vulnerable to world writable permissions. The vulnerability exists as the transformsave function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be used for new files...
Insecure File Permissions
BusyBox uses insecure file permissions. The mdev utility creates certain directories within the /dev with world-writable permissions 0777, which would allow a local unprivileged user to perform read, write and execute actions within the /dev directory tree...
Arbitrary File Overwrite
sanlock is vulnerable to arbitrary file overwrite attacks. The vulnerability exists as the setuplogging function in log.h in SANLock uses world-writable permissions for /var/log/sanlock.log, which allows local users to overwrite the file content or bypass intended disk-quota restrictions via...
Linux: Sticky bit on all world-writable directories
Setting the sticky bit on world writable directories prevents users from deleting or renaming files in that directory that are not owned by them. This feature prevents the ability to delete or rename files in world writable directories such as /tmp that are owned by another user...
EulerOS 2.0 SP5 : ghostscript (EulerOS-SA-2019-1004)
According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ghostscript: Incorrect free logic in pagedevice replacement 699664 CVE-2018-16541 - ghostscript: Incorrect 'restoration of privilege'...
SolarWinds SFTP XXE Vulnerability
SolarWinds SFTP is an FTP service program. SolarWinds SFTP is vulnerable to XXE. Allows an attacker to filter a global readable and writable profile of data to XXE...
Design/Logic Flaw
In SolarWinds SFTP/SCP Server through 2018-09-10, the configuration file is world readable and writable, and stores user passwords in an insecure manner, allowing an attacker to determine passwords for potentially privileged accounts. This also grants the attacker an ability to backdoor the serve...
mysql: pid file can be created in a world-writeable directory (CPU Apr 2018)
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client programs. Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where...
rust: rustdoc loads plugins from world writable directory allowing for arbitrary code execution
The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the...
DEBIAN-CVE-2018-19045
keepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information...