2831 matches found
CVE-2017-5397
The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This allows for the possibility of an installed malicious application or tools with write access to the file system to replace files used by Firefox with their own...
CVE-2017-5397
The CVE-2017-5397 issue affects Mozilla Firefox, specifically versions earlier than 51.0.3. The root cause is a world-writable cache directory on the local filesystem, which Firefox uses to extract libraries. This configuration allows a local attacker with write access (e.g., a malicious installe...
CVE-2017-5397
The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This allows for the possibility of an installed malicious application or tools with write access to the file system to replace files used by Firefox with their own...
CVE-2017-5397
The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This allows for the possibility of an installed malicious application or tools with write access to the file system to replace files used by Firefox with their own...
jboss: jbossas writable config files allow privilege escalation
It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group root:jboss, 664. On systems using classic /etc/init.d init scripts i.e. on Red Hat Enterprise Linux 6 a...
CVE-2012-5628
gofer before 0.68 uses world-writable permissions for /var/lib/gofer/journal/watchdog, which allows local users to cause a denial of service by removing journal entries...
Design/Logic Flaw
gofer before 0.68 uses world-writable permissions for /var/lib/gofer/journal/watchdog, which allows local users to cause a denial of service by removing journal entries...
CVE-2012-5628
gofer before 0.68 uses world-writable permissions for /var/lib/gofer/journal/watchdog, which allows local users to cause a denial of service by removing journal entries...
Insecure path handling in Bundler
Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could pla...
CVE-2018-10204
PureVPN 6.0.1 for Windows suffers from a SYSTEM privilege escalation vulnerability in its "sevpnclient" service. When configured to use the OpenVPN protocol, the "sevpnclient" service executes "openvpn.exe" using the OpenVPN config file located at %PROGRAMDATA%\purevpn\config\config.ovpn. This fi...
Arbitrary File Overwrite
JSNAPy is vulnerable to arbitrary file overwrite attacks. The default configuration and sample files are created world writable, allowing a local malicious user to edit files in the /etc/jsnapy directory...
Juniper JSNAPy Global Writable Default Profile Permissions Vulnerability
JSNAPy is Juniper developed Junos Snapshot Administrator open source python version. Juniper JSNAPy is vulnerable to a global writable default configuration file permissions vulnerability. An unprivileged local user could use this insecure file and directory permissions to change files in this...
Junos Snapshot Administrator (JSNAPy) world writeable default configuration file permission
JSNAPy is an open source python version of Junos Snapshot Administrator developed by Juniper available through github. The default configuration and sample files of JSNAPy automation tool versions prior to 1.3.0 are created world writable. This insecure file and directory permission allows...
PYSEC-2018-84
JSNAPy is an open source python version of Junos Snapshot Administrator developed by Juniper available through github. The default configuration and sample files of JSNAPy automation tool versions prior to 1.3.0 are created world writable. This insecure file and directory permission allows...
Default configuration
JSNAPy is an open source python version of Junos Snapshot Administrator developed by Juniper available through github. The default configuration and sample files of JSNAPy automation tool versions prior to 1.3.0 are created world writable. This insecure file and directory permission allows...
CVE-2018-0023 Junos Snapshot Administrator (JSNAPy) world writeable default configuration file permission
JSNAPy is an open source python version of Junos Snapshot Administrator developed by Juniper available through github. The default configuration and sample files of JSNAPy automation tool versions prior to 1.3.0 are created world writable. This insecure file and directory permission allows...
A Deep Dive into Database Attacks [Part IV]: Delivery and Execution of Malicious Executables through SQL Commands (MySQL)
In a previous post we covered different techniques for execution of SQL and OS commands through Microsoft SQL server that can be used for delivering and executing malicious payloads on the target system. In this post we’ll discuss the same topic for MySQL database. Creating an executable directly...
CVE-2018-5349
A vulnerability has been found in Heimdal PRO v2.2.190, but it is most likely also present in Heimdal FREE and Heimdal CORP. Faulty permissions on the directory "C:\ProgramData\Heimdal Security\Heimdal Agent" allow BUILTIN\Users to write new files to the directory. On startup, the process...
CVE-2018-7484
An issue was discovered in PureVPN through 5.19.4.0 on Windows. The client installation grants the Everyone group Full Control permission to the installation directory. In addition, the PureVPNService.exe service, which runs under NT Authority\SYSTEM privileges, tries to load several dynamic-link...
ABRT - raceabrt Privilege Escalation Exploit
Exploit for linux platform in category local exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ABRT raceabrt Privilege Escalation', 'Description' = %q This module attempts to gain root...