CWE-276— Incorrect Default Permissions

Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions.

A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publish_posts' permiss…

Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default

fwknop before 2.0.3 allow remote authenticated users to cause a denial of service (server crash) or possibly execute arbitrary code.

Python keyring lib before 0.10 created keyring files with world-readable permissions.

Python keyring has insecure permissions on new databases allowing world-readable files to be created

tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes.

ldap-git-backup before 1.0.4 exposes password hashes due to incorrect directory permissions.

In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker to read this file.

Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission.

Samsung Galaxy S3/S4 exposes an unprotected component allowing an unprivileged app to send arbitrary SMS texts to arbitrary destinations without permission.

INSTEON Hub 2242-222 lacks Web and API authentication

In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configura…

In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configura…

In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configura…

SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading /etc/odapw.

SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to change the permissions of arbitrary files by executing /opt/sgi/sgimc/bin/vx.

SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading etc/dbdump.db.

The Simpolio theme 1.3.2 for WordPress has insufficient restrictions on option updates.

The Pont theme 1.5 for WordPress has insufficient restrictions on option updates.

The Teardrop theme 1.8.1 for WordPress has insufficient restrictions on option updates.

The Vernissage theme 1.2.8 for WordPress has insufficient restrictions on option updates.

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it.

In createFromParcel of ViewPager.java, there is a possible read/write serialization issue leading to a permissions bypass. This could lead to local escalation of privilege where an app can start an activity with system privileges with no a…

In the read() function of ProcessStats.java, there is a possible read/write serialization issue leading to a permissions bypass. This could lead to local escalation of privilege where an app can start an activity with system privileges wit…

In createFromParcel of MediaCas.java, there is a possible parcel read/write mismatch due to improper input validation. This could lead to local escalation of privilege where an app can start an activity with system privileges with no addit…

In setAllowOnlyVpnForUids of NetworkManagementService.java, there is a possible security settings bypass due to a missing permission check. This could lead to local escalation of privilege allowing users to access non-VPN networks, when th…

It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enter…

The module pandora-doomsday infects other modules. It's since been unpublished from the registry.

The module npm-script-demo opened a connection to a command and control server. It has been removed from the npm registry.

An issue was discovered on Samsung mobile devices with M(6.0) software. Attackers can prevent users from making outbound calls and sending outbound text messages. The Samsung ID is SVE-2017-8706 (June 2017).

An issue was discovered on Samsung mobile devices with N(7.x) software. Persona has an unprotected API that allows launch of any activity with system privileges. The Samsung ID is SVE-2017-9000 (June 2017).

Digi XBee 2 devices do not have an effective protection mechanism against remote AT commands, because of issues related to the network stack upon which the ZigBee protocol is built.

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. After a restart of a server, an attacker might suddenly gain API Endpoint access.

The DBPOWER U818A WIFI quadcopter drone provides FTP access over its own local access point, and allows full file permissions to the anonymous user. The DBPower U818A WIFI quadcopter drone runs an FTP server that by default allows anonymou…

Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secur…

The Mozilla Maintenance Service "helper.exe" application creates a temporary directory writable by non-privileged users. When this is combined with creation of a junction (a form of symbolic link), protected files in the target directory o…

On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local file system and no write permissions. Note: This attack only …

JSNAPy is an open source python version of Junos Snapshot Administrator developed by Juniper available through github. The default configuration and sample files of JSNAPy automation tool versions prior to 1.3.0 are created world writable.…

SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malic…

Martem TELEM GW6/GWM versions prior to 2.0.87-4018403-k4 may allow unprivileged users to modify/upload a new system configuration or take the full control over the RTU using default credentials to connect to the RTU.

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) a…

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) a…

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a security concern with default privileged access to ADB and debug-fs.

DLL injection vulnerability in software installer for Intel Data Center Migration Center Software v3.1 and before may allow an authenticated user to potentially execute code using default directory permissions via local access.

Default install directory permissions in Intel Distribution for Python (IDP) version 2018 may allow an unprivileged user to escalate privileges via local access.

The CorsairService Service in Corsair Utility Engine is installed with insecure default permissions, which allows unprivileged local users to execute arbitrary commands via modification of the CorsairService BINARY_PATH_NAME, leading to co…

Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.

Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.

An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file.