Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CVEs (1,508)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-2749 1Asustor 1Download Center Nov 21, 2024 May 31, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Download Center fails to properly validate the file path submitted by a user, An attacker can exploit this vulnerability to gain unauthorized access to sensitive files or directories without appropriate permission restri...Show more Download Center fails to properly validate the file path submitted by a user, An attacker can exploit this vulnerability to gain unauthorized access to sensitive files or directories without appropriate permission restrictions. Download Center on ADM 4.0 and above will be affected. Affected products and versions include: Download Center 1.1.5.r1280 and below. Show less
CVE-2023-29733 1Dualspace 1Lock Master Jan 14, 2025 May 30, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 The Lock Master app 2.2.4 for Android allows unauthorized apps to modify the values in its SharedPreference files. These files hold data that affects many app functions. Malicious modifications by unauthorized apps can c...Show more The Lock Master app 2.2.4 for Android allows unauthorized apps to modify the values in its SharedPreference files. These files hold data that affects many app functions. Malicious modifications by unauthorized apps can cause security issues, such as functionality manipulation, resulting in a severe escalation of privilege attack.Show less
CVE-2023-29732 1Loka 1Solive Jan 9, 2025 May 30, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SoLive 1.6.14 thru 1.6.20 for Android exists exposed component, the component provides the method to modify the SharedPreference file. The attacker can use the method to modify the data in any SharedPreference file, thes...Show more SoLive 1.6.14 thru 1.6.20 for Android exists exposed component, the component provides the method to modify the SharedPreference file. The attacker can use the method to modify the data in any SharedPreference file, these data will be loaded into the memory when the application is opened. Depending on how the data is used, this can result in various attack consequences, such as ad display exceptions.Show less
CVE-2023-29731 1Loka 1Solive Jan 13, 2025 May 30, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 SoLive 1.6.14 thru 1.6.20 for Android has an exposed component that provides a method to modify the SharedPreference file. An attacker can leverage this method to inject a large amount of data into any SharedPreference f...Show more SoLive 1.6.14 thru 1.6.20 for Android has an exposed component that provides a method to modify the SharedPreference file. An attacker can leverage this method to inject a large amount of data into any SharedPreference file, which will be loaded into memory when the application is opened. When an attacker injects too much data, the application will trigger an OOM error and crash at startup, resulting in a persistent denial of service.Show less
CVE-2023-28079 1Dell 1Powerpath Nov 21, 2024 May 30, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File and Folder Permissions vulnerability. A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute...Show more PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File and Folder Permissions vulnerability. A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM. Show less
CVE-2022-45853 1Zyxel 10Gs1900 10hp Firmware Gs1900 16 FirmwareGs1900 24 Firmware+7 more Jan 10, 2025 May 30, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 The privilege escalation vulnerability in the Zyxel GS1900-8 firmware version V2.70(AAHH.3) and the GS1900-8HP firmware version V2.70(AAHI.3) could allow an authenticated, local attacker with administrator privileges t...Show more The privilege escalation vulnerability in the Zyxel GS1900-8 firmware version V2.70(AAHH.3) and the GS1900-8HP firmware version V2.70(AAHI.3) could allow an authenticated, local attacker with administrator privileges to execute some system commands as 'root' on a vulnerable device via SSH.Show less
CVE-2023-32698 1Goreleaser 1Nfpm Nov 21, 2024 May 30, 2023 N/A· v4 7.1 HIGH· v3 N/A· v2 nFPM is an alternative to fpm. The file permissions on the checked-in files were not maintained. Hence, when nfpm packaged the files (without extra config for enforcing it’s own permissions) files could go out with bad...Show more nFPM is an alternative to fpm. The file permissions on the checked-in files were not maintained. Hence, when nfpm packaged the files (without extra config for enforcing it’s own permissions) files could go out with bad permissions (chmod 666 or 777). Anyone using nfpm for creating packages without checking/setting file permissions before packaging could result in bad permissions for files/folders.Show less
CVE-2023-33291 1Ebankit 1Ebankit Jan 14, 2025 May 28, 2023 N/A· v4 7.4 HIGH· v3 N/A· v2 In ebankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any e-mail address or phone number without validation. (It cannot be exploited with e-mai...Show more In ebankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any e-mail address or phone number without validation. (It cannot be exploited with e-mail addresses or phone numbers that are registered in the application.)Show less
CVE-2023-29919 1Contec 1Solarview Compact Firmware Jan 17, 2025 May 23, 2023 N/A· v4 9.1 CRITICAL· v3 N/A· v2 SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read or modified because texteditor.php is not restricted.
CVE-2023-29838 1Allwaysync 1Allwaysync Nov 21, 2024 May 22, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Insecure Permission vulnerability found in Botkind/Siber Systems SyncApp v.19.0.3.0 allows a local attacker toe escalate privileges via the SyncService.exe file.
CVE-2023-1693 1Huawei 2Emui Harmonyos Jan 21, 2025 May 20, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality.
CVE-2023-33240 1Foxit 2Pdf Editor Pdf Reader Jan 21, 2025 May 19, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier) on Windows allows Local Privilege...Show more Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier) on Windows allows Local Privilege Escalation when installed to a non-default directory because unprivileged users have access to an executable file of a system service. This is fixed in 12.1.2.Show less
CVE-2022-45459 1Acronis 2Agent Cyber Protect Nov 21, 2024 May 18, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Sensitive information disclosure due to insecure registry permissions. The following products are affected: Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984.
CVE-2022-45452 1Acronis 2Agent Cyber Protect Nov 21, 2024 May 18, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30430, Acronis Cyber Protect 15 (Windows) before build 30984.
CVE-2023-30281 1Storecommander 1Scquickaccounting Jan 23, 2025 May 16, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Insecure permissions vulnerability was discovered, due to a lack of permissions’s control in scquickaccounting before v3.7.3 from Store Commander for PrestaShop, a guest can access exports from the module which can lead...Show more Insecure permissions vulnerability was discovered, due to a lack of permissions’s control in scquickaccounting before v3.7.3 from Store Commander for PrestaShop, a guest can access exports from the module which can lead to leak of personnal informations from ps_customer table sush as name / surname / emailShow less
CVE-2023-32999 1Jenkins 1Appspider Jan 23, 2025 May 16, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting...Show more A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials.Show less
CVE-2023-32996 1Jenkins 1Saml Single Sign On Jan 23, 2025 May 16, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request with JSON body containing attacker-specified content, to...Show more A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails.Show less
CVE-2023-21107 1Google 1Android Jan 24, 2025 May 15, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 In retrieveAppEntry of NotificationAccessDetails.java, there is a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User int...Show more In retrieveAppEntry of NotificationAccessDetails.java, there is a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-259385017Show less
CVE-2023-21104 1Google 1Android Jan 24, 2025 May 15, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In applySyncTransaction of WindowOrganizer.java, a missing permission check could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Produ...Show more In applySyncTransaction of WindowOrganizer.java, a missing permission check could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-259938771Show less
CVE-2023-27382 1Intel 1Nuc P14e Laptop Element Nov 21, 2024 May 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Incorrect default permissions in the Audio Service for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.0.0.156 may allow an authenticated user to potentially enable escalation of privilege...Show more Incorrect default permissions in the Audio Service for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.0.0.156 may allow an authenticated user to potentially enable escalation of privilege via local access.Show less

Previous 1...353637...76 Next