CVE-2020-8473

Insufficient folder permissions used by system functions in ABB System 800xA Base version 6.1 and earlier allow low privileged users to read, modify, add and delete system and application files. An authenticated attacker who successfully exploit the vulnerabilities could escalate his/her...

CVE-2020-35948

An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xclonerrestore.php writefileaction could...

CVE-2024-48645

In Minecraft mod "Command Block IDE" up to and including version 0.4.9, a missing authorization CWE-862 allows any user to modify "function" files used by the game when installed on a dedicated server...

CVE-2024-35209

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V1.2. The affected web server is allowing HTTP methods like PUT and Delete. This could allow an attacker to modify unauthorized files...

CVE-2025-0781

CVE-2025-0781 affects SimGear/FlightGear: a Nasal scripting sandbox bypass enables writing to arbitrary files the user can modify. Public advisories (Ubuntu USN-7965-1 and Fedora FEDORA-2025-725bba93b2, related Nessus entries) indicate remediation via updates; descriptions also note potential arb...

CVE-2025-24104

This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4. Restoring a maliciously crafted backup file may lead to modification of protected system files...

CVE-2025-24104

CVE-2025-24104 concerns Apple platforms (iPadOS 17.7.4, iOS 18.3, iPadOS 18.3) where the backup restore process could incorrectly handle symlinks, allowing a malicious backup to point system file reads/writes and potentially modify protected system files. Apple’s advisories indicate the issue is ...

Apple iOS和iPadOS 后置链接漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A backlink vulnerability exists in Apple iOS version 18.3 and iPadOS version 18.3, which stems from the fact that restorin...

PT-2025-5282 · Apple · Ios +1

Name of the Vulnerable Software and Affected Versions: iPadOS versions prior to 17.7.4 iOS versions prior to 18.3 iPadOS versions prior to 18.3 Description: The issue is related to the handling of symlinks, which could allow an attacker to modify protected system files by restoring a maliciously...

CVE-2024-55930

Xerox Workplace Suite has weak default folder permissions that allow unauthorized users to access, modify, or delete files...

PT-2025-3158

Name of the Vulnerable Software and Affected Versions Xerox Workplace Suite versions prior to 5.6.701.9 Description The issue concerns weak default folder permissions in the software, allowing unauthorized users to access, modify, or delete files. There is no information provided about the...

CVE-2024-52783

Insecure permissions in the XNetSocketClient component of XINJE XDPPro.exe v3.2.2 to v3.7.17c allows attackers to execute arbitrary code via modification of the configuration file...

CVE-2024-52783

This CVE affects XINJE XDPPro.exe, where versions 3.2.2 through 3.7.17c have insecure permissions in the XNetSocketClient component. The underlying issue is improper access controls on the configuration file, enabling an attacker to modify it and achieve arbitrary code execution. Evidence from mu...

CVE-2024-52783

Insecure permissions in the XNetSocketClient component of XINJE XDPPro.exe v3.2.2 to v3.7.17c allows attackers to execute arbitrary code via modification of the configuration file...

CVE-2024-46622

An Escalation of Privilege security vulnerability was found in SecureAge Security Suite software 7.0.x before 7.0.38, 7.1.x before 7.1.11, 8.0.x before 8.0.18, and 8.1.x before 8.1.18 that allows arbitrary file creation, modification and deletion...

Dell PowerStore Parameter Injection Vulnerability

Dell PowerStore is a scalable all-flash array storage from Dell USA. The Dell PowerStore suffers from a parameter injection vulnerability that originates from improper parameter delimiter neutralization, which can be exploited by an attacker to modify arbitrary system files...

CVE-2024-51532

Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files...

CVE-2024-51532

Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files...

CVE-2024-51532

Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files...

CVE-2024-51532

CVE-2024-51532 affects Dell PowerStore with a vulnerability described as improper neutralization of argument delimiters (parameter injection). The issue can be exploited by a low-privilege attacker with local access to modify arbitrary system files, tied to the PowerStore component handling comma...