Vulnerabilities > Incorrect Default Permissions
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-02 | CVE-2017-6404 | Incorrect Default Permissions vulnerability in Veritas Netbackup and Netbackup Appliance An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup Appliance Before 2.7. | 5.5 |
| 2016-10-13 | CVE-2016-5425 | Incorrect Default Permissions vulnerability in Apache Tomcat The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group. | 7.8 |
| 2016-04-18 | CVE-2016-3943 | Incorrect Default Permissions vulnerability in Watchguard Panda Endpoint Administration Agent 7.49 Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which allows local users to gain SYSTEM privileges by modifying an executable module. | 7.8 |
| 2016-04-18 | CVE-2015-7378 | Incorrect Default Permissions vulnerability in Watchguard Panda URL Filtering 4.3.1.8 Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "Panda Security URL Filtering" directory and installed files, which allows local users to gain SYSTEM privileges by modifying Panda_URL_Filteringb.exe. | 7.8 |
| 2013-01-17 | CVE-2013-0632 | Incorrect Default Permissions vulnerability in Adobe Coldfusion administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as exploited in the wild in January 2013. | 9.8 |
| 2005-06-08 | CVE-2005-1941 | Incorrect Default Permissions vulnerability in Silvercity Project Silvercity SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) cgi-styler.py, and (3) source2html.py with read and write world permissions, which allows local users to execute arbitrary code. | 7.8 |
| 2002-12-31 | CVE-2002-1844 | Incorrect Default Permissions vulnerability in Microsoft Windows Media Player 6.3 Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges. | 7.8 |
| 2002-12-31 | CVE-2002-1713 | Incorrect Default Permissions vulnerability in Mandrakesoft Mandrake Linux 8.2 The Standard security setting for Mandrake-Security package (msec) in Mandrake 8.2 installs home directories with world-readable permissions, which could allow local users to read other user's files. | 5.5 |
| 2001-07-21 | CVE-2001-0497 | Incorrect Default Permissions vulnerability in ISC Bind dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates. | 7.8 |
| 1999-03-01 | CVE-1999-0426 | Incorrect Default Permissions vulnerability in Suse Linux 6.0 The default permissions of /dev/kmem in Linux versions before 2.0.36 allows IP spoofing. | 9.8 |