CWE-732

An incorrect access control vulnerability in the FTP configuration of WiFiRanger devices with firmware version 7.0.8rc3 and earlier allows an attacker with adjacent network access to read the SSH Private Key and log in to the root account.

Seqrite End Point Security v7.4 has “Everyone: (F)” permission for %PROGRAMFILES%SeqriteSeqrite, which allows local users to gain privileges by replacing an executable file with a Trojan horse.

PCProtect Anti-Virus v4.8.35 has “Everyone: (F)” permission for %PROGRAMFILES(X86)%PCProtect, which allows local users to gain privileges by replacing an executable file with a Trojan horse.

Ingenico Telium 2 POS Telium2 OS allow bypass of file-reading restrictions via the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N.

IBM Security Key Lifecycle Manager 3.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 148511.

UiPath Orchestrator through 2018.2.4 allows any authenticated user to change the information of arbitrary users (even administrators) leading to privilege escalation and remote code execution.