CVE-2005-1941
HIGHSilverCity < 0.9.5_r1 - Local Arbitrary Code Execution via Insecure File Permissions
Title source: llmDescription
SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) cgi-styler.py, and (3) source2html.py with read and write world permissions, which allows local users to execute arbitrary code.
References (4)
Core 4
Core References
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1014153
Issue Tracking x_refsource_misc
http://bugs.gentoo.org/show_bug.cgi?id=93558
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200506-05.xml
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/15632
Scores
CVSS v3
7.8
EPSS
0.0034
EPSS Percentile
25.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-276
Status
published
Products (1)
silvercity_project/silvercity
< 0.9.5_r1
Published
Jun 08, 2005
Tracked Since
Feb 18, 2026