Vulnerabilities > Incorrect Default Permissions
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-21 | CVE-2019-19392 | Incorrect Default Permissions vulnerability in Fordnn Usersexportimport The forDNN.UsersExportImport module before 1.2.0 for DNN (formerly DotNetNuke) allows an unprivileged user to import (create) new users with Administrator privileges, as demonstrated by Roles="Administrators" in XML or CSV data. | 9.8 |
| 2020-01-17 | CVE-2019-14601 | Incorrect Default Permissions vulnerability in Intel Raid web Console 3 4.186/7.009.011.000 Improper permissions in the installer for Intel(R) RWC 3 for Windows before version 7.010.009.000 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
| 2020-01-14 | CVE-2020-5196 | Incorrect Default Permissions vulnerability in Cerberusftp FTP Server Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permission to zip and download (or unzip and upload) files. | 8.1 |
| 2020-01-10 | CVE-2019-19475 | Incorrect Default Permissions vulnerability in Zohocorp Manageengine Applications Manager 14.3 An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. | 8.8 |
| 2020-01-09 | CVE-2012-4434 | Incorrect Default Permissions vulnerability in Cipherdyne Fwknop 2.0/2.0.1/2.0.2 fwknop before 2.0.3 allow remote authenticated users to cause a denial of service (server crash) or possibly execute arbitrary code. | 8.8 |
| 2020-01-09 | CVE-2020-6166 | Incorrect Default Permissions vulnerability in Webfactoryltd Minimal Coming Soon & Maintenance Mode A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.15, allows authenticated users with basic access to export settings and change maintenance-mode themes. | 5.4 |
| 2020-01-08 | CVE-2019-11765 | Incorrect Default Permissions vulnerability in Mozilla Firefox A compromised content process could send a message to the parent process that would cause the 'Click to Play' permission prompt to be shown. | 6.5 |
| 2020-01-08 | CVE-2020-0009 | Incorrect Default Permissions vulnerability in multiple products In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. | 5.5 |
| 2020-01-06 | CVE-2019-16716 | Incorrect Default Permissions vulnerability in Open-Xchange Appsuite OX App Suite through 7.10.2 has Incorrect Access Control. | 6.6 |
| 2019-12-27 | CVE-2013-4859 | Incorrect Default Permissions vulnerability in Insteon HUB Firmware 2242222 INSTEON Hub 2242-222 lacks Web and API authentication | 8.1 |