Nikola Pepelishev

**Name of the Vulnerable Software and Affected Versions** XeroSecurity Sn1per version 9.0 **Description** The issue arises from insecure permissions set during application execution, allowing an unprivileged user to modify the application, its modules, and configuration files. This results in arbitrary code execution with root privileges. **Recommendations** For XeroSecurity Sn1per version 9.0, consider changing the permissions from 0777 to a more secure setting to prevent unauthorized modifications and arbitrary code execution. As a temporary workaround, restrict access to the application and its configuration files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** XeroSecurity Sn1per version 9.0 **Description** The issue is related to insecure directory permissions set during installation, allowing an unprivileged user to modify the main application and its configuration file. This results in arbitrary code execution with root privileges. **Recommendations** For XeroSecurity Sn1per version 9.0, consider changing the directory permissions to a more secure setting to prevent unauthorized modifications. As a temporary workaround, restrict access to the application's configuration file to minimize the risk of exploitation.