Search
Total
81 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46141 | 1 Phoenixcontact | 31 Automationworx Software Suite, Axc 1050, Axc 1050 Firmware and 28 more | 2023-12-21 | N/A | 9.8 CRITICAL |
| Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthenticated attacker to gain full access of the affected device. | |||||
| CVE-2023-0757 | 1 Phoenixcontact | 2 Multiprog, Proconos Eclr | 2023-12-21 | N/A | 9.8 CRITICAL |
| Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to upload arbitrary malicious code and gain full access on the affected device. | |||||
| CVE-2023-6593 | 2 Apple, Devolutions | 2 Iphone Os, Remote Desktop Manager | 2023-12-15 | N/A | 9.8 CRITICAL |
| Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker that has access to the application to execute entries in a SQL data source without restriction. | |||||
| CVE-2023-40302 | 1 Netscout | 1 Ngeniuspulse | 2023-12-12 | N/A | 9.1 CRITICAL |
| NETSCOUT nGeniusPULSE 3.8 has Weak File Permissions Vulnerability | |||||
| CVE-2023-49946 | 1 Forgejo | 1 Forgejo | 2023-12-07 | N/A | 9.1 CRITICAL |
| In Forgejo before 1.20.5-1, certain endpoints do not check whether an object belongs to a repository for which permissions are being checked. This allows remote attackers to read private issues, read private pull requests, delete issues, and perform other unauthorized actions. | |||||
| CVE-2023-39004 | 1 Opnsense | 1 Opnsense | 2023-08-15 | N/A | 9.8 CRITICAL |
| Insecure permissions in the configuration directory (/conf/) of OPNsense before 23.7 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation. | |||||
| CVE-2022-25010 | 1 Stepmania | 1 Stepmania | 2023-08-08 | 6.4 MEDIUM | 9.1 CRITICAL |
| The component /rootfs in RageFile of Stepmania v5.1b2 and below allows attackers access to the entire file system. | |||||
| CVE-2022-33175 | 1 Powertekpdus | 14 Basic Pdu, Basic Pdu Firmware, Piml Pdu and 11 more | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/get_param.cgi HTTP API. This leads to disclosing active session ids of currently logged-in administrators. The session id can then be reused to act as the administrator, allowing reading of the cleartext password, or reconfiguring the device. | |||||
| CVE-2020-28910 | 1 Nagios | 1 Nagios Xi | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and earlier allows for Privilege Escalation via creation of symlinks, which are mishandled in getprofile.sh. | |||||
| CVE-2021-29396 | 1 Globalnorthstar | 1 Northstar Club Management | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Systemic Insecure Permissions in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to use various functionalities without authentication. | |||||
| CVE-2022-22988 | 1 Westerndigital | 1 Edgerover | 2022-01-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| File and directory permissions have been corrected to prevent unintended users from modifying or accessing resources. | |||||
| CVE-2020-8768 | 1 Phoenixcontact | 4 Ilc 2050 Bi, Ilc 2050 Bi-l, Ilc 2050 Bi-l Firmware and 1 more | 2022-01-01 | 7.5 HIGH | 9.4 CRITICAL |
| An issue was discovered on Phoenix Contact Emalytics Controller ILC 2050 BI before 1.2.3 and BI-L before 1.2.3 devices. There is an insecure mechanism for read and write access to the configuration of the device. The mechanism can be discovered by examining a link on the website of the device. | |||||
| CVE-2021-42115 | 1 Businessdnasolutions | 1 Topease | 2021-11-30 | 6.4 MEDIUM | 9.1 CRITICAL |
| Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an unauthenticated remote attacker to escalate privileges from unauthenticated to authenticated user via stealing and injecting the session- independent and static cookie UID. | |||||
| CVE-2021-41589 | 1 Gradle | 2 Build Cache Node, Enterprise | 2021-11-03 | 7.5 HIGH | 9.8 CRITICAL |
| In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poisoning and remote code execution when running the build cache node with its default configuration. This configuration allows anonymous access to the configuration user interface and anonymous write access to the build cache. If access control to the build cache is not changed from the default open configuration, a malicious actor with network access can populate the cache with manipulated entries that may execute malicious code as part of a build process. This applies to the build cache provided with Gradle Enterprise and the separate build cache node service if used. If access control to the user interface is not changed from the default open configuration, a malicious actor can undo build cache access control in order to populate the cache with manipulated entries that may execute malicious code as part of a build process. This does not apply to the build cache provided with Gradle Enterprise, but does apply to the separate build cache node service if used. | |||||
| CVE-2020-9671 | 2 Adobe, Microsoft | 2 Creative Cloud Desktop Application, Windows | 2021-10-05 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Creative Cloud Desktop Application versions 5.1 and earlier have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2016-5202 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2021-09-08 | 7.5 HIGH | 9.1 CRITICAL |
| browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an erase() call, which causes the erase operation to access data that that erase operation will destroy. | |||||
| CVE-2020-16259 | 1 Winstonprivacy | 2 Winston, Winston Firmware | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| Winston 1.5.4 devices have an SSH user account with access from bastion hosts. This is undocumented in device documents and is not announced to the user. | |||||
| CVE-2019-7247 | 1 Amd | 1 Overdrive | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in AODDriver2.sys in AMD OverDrive. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x81112ee0 and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges. | |||||
| CVE-2020-35339 | 1 74cms | 1 74cms | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin/Controller/ConfigController.class.php and /ThinkPHP/Common/functions.php where attackers can obtain server permissions and control the server. | |||||
| CVE-2020-35949 | 1 Expresstech | 1 Quiz And Survey Master | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution. If a quiz question could be answered by uploading a file, only the Content-Type header was checked during the upload, and thus the attacker could use text/plain for a .php file. | |||||
| CVE-2017-12816 | 1 Kaspersky | 1 Internet Security | 2021-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC. | |||||
| CVE-2021-33509 | 1 Plone | 1 Plone | 2021-05-24 | 8.5 HIGH | 9.9 CRITICAL |
| Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script. | |||||
| CVE-2021-22850 | 1 Hgiga | 1 Oaklouds Portal | 2021-01-22 | 7.5 HIGH | 9.8 CRITICAL |
| HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions. | |||||
| CVE-2020-11831 | 1 Oppo | 1 Ovoicemanager | 2020-12-04 | 10.0 HIGH | 9.8 CRITICAL |
| OvoiceManager has system permission to write vulnerability reports for arbitrary files, affected product is com.oppo.ovoicemanager V2.0.1. | |||||
| CVE-2018-1115 | 2 Opensuse, Postgresql | 2 Leap, Postgresql | 2020-12-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation. | |||||
| CVE-2020-24355 | 1 Zyxel | 2 Vmg5313-b30b, Vmg5313-b30b Firmware | 2020-09-11 | 10.0 HIGH | 9.8 CRITICAL |
| Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by insecure permissions which allows regular and other users to create new users with elevated privileges. This is done by changing "FirstIndex" field in JSON that is POST-ed during account creation. Similar may also be possible with account deletion. | |||||
| CVE-2017-7471 | 1 Qemu | 1 Qemu | 2020-09-10 | 7.7 HIGH | 9.0 CRITICAL |
| Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host. | |||||
| CVE-2019-12102 | 1 Kentico | 1 Kentico | 2020-08-24 | 6.4 MEDIUM | 9.1 CRITICAL |
| ** DISPUTED ** Kentico 11 through 12 lets attackers upload and explore files without authentication via the cmsmodules/medialibrary/formcontrols/liveselectors/insertimageormedia/tabs_media.aspx URI. NOTE: The vendor disputes the report because the researcher did not configure the media library permissions correctly. The vendor states that by default all users can read/modify/upload files, and it’s up to the administrator to decide who should have access to the media library and set the permissions accordingly. See the vendor documentation in the references for more information. | |||||
| CVE-2019-12373 | 1 Ivanti | 1 Landesk Management Suite | 2020-08-24 | 2.7 LOW | 9.0 CRITICAL |
| Improper access control and open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote disclosure of administrator passwords. | |||||
| CVE-2018-14916 | 1 Loytec | 2 Lgate-902, Lgate-902 Firmware | 2020-08-24 | 9.4 HIGH | 9.1 CRITICAL |
| LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion. | |||||
| CVE-2019-19915 | 1 Webfactoryltd | 1 301 Redirects | 2020-08-24 | 6.0 MEDIUM | 9.0 CRITICAL |
| The "301 Redirects - Easy Redirect Manager" plugin before 2.45 for WordPress allows users (with subscriber or greater access) to modify, delete, or inject redirect rules, and exploit XSS, with the /admin-ajax.php?action=eps_redirect_save and /admin-ajax.php?action=eps_redirect_delete actions. This could result in a loss of site availability, malicious redirects, and user infections. This could also be exploited via CSRF. | |||||
| CVE-2019-7958 | 3 Adobe, Apple, Microsoft | 3 Creative Cloud, Mac Os X, Windows | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Creative Cloud Desktop Application versions 4.6.1 and earlier have an insecure inherited permissions vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2019-1010009 | 1 Dglogik | 1 Dglux Server | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| DGLogik Inc DGLux Server All Versions is affected by: Insecure Permissions. The impact is: Remote Execution, Credential Leaks. The component is: IoT API. The attack vector is: Any Accessible Server. | |||||
| CVE-2018-10171 | 1 Kromtech | 1 Mackeeper | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Kromtech MacKeeper 3.20.4 suffers from a root privilege escalation vulnerability through its `com.mackeeper.AdwareAnalyzer.AdwareAnalyzerPrivilegedHelper` component. The AdwareAnalzyerPrivilegedHelper tool implements an XPC service that allows an unprivileged application to connect and execute shell scripts as the root user. | |||||
| CVE-2018-20871 | 1 Univa | 1 Grid Engine | 2020-08-24 | 6.8 MEDIUM | 9.8 CRITICAL |
| In Univa Grid Engine before 8.6.3, when configured for Docker jobs and execd spooling on root_squash, weak file permissions ("other" write access) occur in certain cases (GE-6890). | |||||
| CVE-2018-11240 | 1 Softcase | 2 T-router, T-router Firmware | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on SoftCase T-Router build 20112017 devices. There are no restrictions on the 'exec command' feature of the T-Router protocol. If the command syntax is correct, there is code execution both on the other modem and on the main servers. This is fixed in production builds as of Spring 2018. | |||||
| CVE-2019-1010101 | 1 Akeo | 1 Rufus | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Akeo Consulting Rufus 3.0 and earlier is affected by: Insecure Permissions. The impact is: arbitrary code execution with escalation of privilege. The component is: Executable installer, portable executable (ALL executables available). The attack vector is: CWE-29, CWE-377, CWE-379. | |||||
| CVE-2019-12042 | 1 Pandasecurity | 6 Panda Antivirus, Panda Antivirus Pro, Panda Dome and 3 more | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Insecure permissions of the section object Global\PandaDevicesAgentSharedMemory and the event Global\PandaDevicesAgentSharedMemoryChange in Panda products before 18.07.03 allow attackers to queue an event (as an encrypted JSON string) to the system service AgentSvc.exe, which leads to privilege escalation when the CmdLineExecute event is queued. This affects Panda Antivirus, Panda Antivirus Pro, Panda Dome, Panda Global Protection, Panda Gold Protection, and Panda Internet Security. | |||||
| CVE-2018-1000132 | 2 Debian, Mercurial | 2 Debian Linux, Mercurial | 2020-07-31 | 6.4 MEDIUM | 9.1 CRITICAL |
| Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1. | |||||
| CVE-2020-12041 | 1 Baxter | 3 Sigma Spectrum Infusion System, Sigma Spectrum Infusion System Firmware, Wireless Battery Module | 2020-07-08 | 7.5 HIGH | 9.4 CRITICAL |
| The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) telnet Command-Line Interface, grants access to sensitive data stored on the WBM that permits temporary configuration changes to network settings of the WBM, and allows the WBM to be rebooted. Temporary configuration changes to network settings are removed upon reboot. | |||||
| CVE-2018-21081 | 1 Google | 1 Android | 2020-04-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered on Samsung mobile devices with N(7.x) software. In Dual Messenger, the second app can use the runtime permissions of the first app without a user's consent. The Samsung ID is SVE-2017-11018 (March 2018). | |||||
| CVE-2012-2087 | 1 Ispconfig | 1 Ispconfig | 2020-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entire server from client interface. | |||||
| CVE-2017-9602 | 1 Kbvault Mysql Project | 1 Kbvault Mysql | 2020-01-24 | 7.5 HIGH | 9.8 CRITICAL |
| KBVault Mysql Free Knowledge Base application package 0.16a comes with a FileExplorer/Explorer.aspx?id=/Uploads file-management component. An unauthenticated user can access the file upload and deletion functionality. Through this functionality, a user can upload an ASPX script to Uploads/Documents/ to run any arbitrary code. | |||||
| CVE-2011-3923 | 2 Apache, Redhat | 2 Struts, Jboss Enterprise Web Server | 2019-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands. | |||||
| CVE-2019-8071 | 2 Adobe, Microsoft | 2 Download Manager, Windows | 2019-10-21 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Download Manager versions 2.0.0.363 have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2018-1164 | 1 Zyxel | 2 P-870h-51, P-870h-51 Firmware | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5. Authentication is not required to exploit this vulnerability. The specific flaw exists within numerous exposed CGI endpoints. The vulnerability is caused by improper access controls that allow access to critical functions without authentication. An attacker can use this vulnerability to reboot affected devices, along with other actions. Was ZDI-CAN-4540. | |||||
| CVE-2018-15379 | 1 Cisco | 1 Prime Infrastructure | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory permissions could allow an unauthenticated, remote attacker to upload an arbitrary file. This file could allow the attacker to execute commands at the privilege level of the user prime. This user does not have administrative or root privileges. The vulnerability is due to an incorrect permission setting for important system directories. An attacker could exploit this vulnerability by uploading a malicious file by using TFTP, which can be accessed via the web-interface GUI. A successful exploit could allow the attacker to run commands on the targeted application without authentication. | |||||
| CVE-2018-10612 | 1 Codesys | 12 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 9 more | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials. | |||||
| CVE-2017-9626 | 1 Marel | 2 Pluto1203, Pluto2 | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Systems using the Marel Food Processing Systems Pluto platform do not restrict remote access. Marel has created an update for Pluto-based applications. This update will restrict remote access by implementing SSH authentication. | |||||
| CVE-2018-15681 | 1 Btiteam | 1 Xbtit | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in BTITeam XBTIT 2.5.4. When a user logs in, their password hash is rehashed using a predictable salt and stored in the "pass" cookie, which is not flagged as HTTPOnly. Due to the weak and predictable salt that is in place, an attacker who successfully steals this cookie can efficiently brute-force it to retrieve the user's cleartext password. | |||||