Ivanti Secure Access Client Security Vulnerability

Ivanti Secure Access Client is a security software client from Ivanti. A security vulnerability exists in Ivanti Secure Access Client versions prior to 22.5R1 that originated from allowing logged in users to modify specific files, which could result in unauthorized changes to system-wide...

Path traversal

PrestaShop blockreassurance adds an information block aimed at offering helpful information to reassure customers that the store is trustworthy. When adding a block in blockreassurance module, a BO user can modify the http request and give the path of any file in the project instead of an image...

CVE-2023-47109 PrestaShop blockreassurance BO User can remove any file from server when adding a and deleting a block

PrestaShop blockreassurance adds an information block aimed at offering helpful information to reassure customers that the store is trustworthy. When adding a block in blockreassurance module, a BO user can modify the http request and give the path of any file in the project instead of an image...

CVE-2022-2441

The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the 'clipath' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to run arbitrary commands leading to remote command execution, granted they can trick a site...

CVE-2023-27133

TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILESX86%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remot...

The vulnerability of the software development environment for automating and managing production processes in Omron Sysmac Studio, related to access control errors, allows a perpetrator to modify arbitrary files.

The vulnerability of Omron Sysmac Studio, a software for automating and managing manufacturing processes, is related to access control errors. Exploiting this vulnerability could allow an attacker to modify arbitrary files...

CVE-2023-42819

JumpServer is an open source bastion host. Logged-in users can access and modify the contents of any file on the system. A user can use the 'Job-Template' menu and create a playbook named 'test'. Get the playbook id from the detail page, like 'e0adabef-c38f-492d-bd92-832bacc3df5f'. An attacker ca...

Jumpserver Path Traversal Vulnerability

Jumpserver is an open source bastion machine from China's Hangzhou Feizhiyun Information Technology Co. JumpServer suffers from a path traversal vulnerability that originates when a logged in user can access and modify the contents of any file on the system...

PT-2023-7007 · Unknown · Jumpserver

Name of the Vulnerable Software and Affected Versions: JumpServer versions prior to 3.6.5 Description: The issue is related to incorrect restriction of a directory path with limited access in the JumpServer security audit system. This can allow a remote attacker to gain unauthorized access to...

CVE-2022-47558

Devices ekorCCP and ekorRCI are vulnerable due to access to the FTP service using default credentials. Exploitation of this vulnerability can allow an attacker to modify critical files that could allow the creation of new users, delete or modify existing users, modify configuration files, install...

open-vm-tools security update

11.0.5-3.0.1 - fix spaces in vmware udev rule for scsi devices Orabug: 24461968 - Fix vmware udev rule in 99-vmware-scsi-timeout.rules file. Orabug: 22815019 - Increase timeout for scsi devices on VMWare guests by adding a udev rule. - Created a new file 99-vmware-scsi-timeout.rules - Modified sp...

PT-2023-5880 · Omron · Omron Sysmac Studio

Name of the Vulnerable Software and Affected Versions: Omron Sysmac Studio affected versions not specified Description: The issue is related to poor permissions in a directory where executables are installed, allowing a locally-authenticated attacker to overwrite files. This can result in code...

GHSA-CGWF-W82Q-5JRR Apache Commons Compress denial of service vulnerability

Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons Compress: from 1.22 before 1.24.0. Users are recommended to upgrade to version 1.24.0, which fixes the issue. A third party can create a malformed...

CVE-2023-42503 Apache Commons Compress: Denial of service via CPU consumption for malformed TAR file

Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons Compress: from 1.22 before 1.24.0. Users are recommended to upgrade to version 1.24.0, which fixes the issue. A third party can create a malformed...

CVE-2023-35845

Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certificate validation by modifying the cacert.pem file used by the installed pip program. This occurs because many files are installed as world-writable on Linux, ignoring umask, even when these files are installed as root. Miniconda i...

The vulnerability of the CryptoService function in software for monitoring the status of devices connected to a network allows a hacker to modify arbitrary files.

The vulnerability of the CryptoService function in software for monitoring the status of devices connected to a network, Cisco Duo Device Health, is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow an attacker to modify...

Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification Vulnerability

Cisco ThousandEyes Enterprise Agent Virtual Appliance version thousandeyes-va-64-18.04 0.218 suffers from an unpatched vulnerability in sudoedit, allowed by sudo configuration, which permits a low-privilege user to modify arbitrary files as root and subsequently execute arbitrary commands as root...

Dell PowerScale OneFS License Issue Vulnerability (CNVD-2023-64215)

Dell PowerScale OneFS is an operating system from Dell USA. PowerScale OneFS operating system that provides horizontal scaling of NAS. Dell PowerScale OneFS suffers from an authorization issue vulnerability that stems from incorrect default permissions. An attacker could exploit this vulnerabilit...

Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification

KL-001-2023-003: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification via sudoedit Title: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification via sudoedit Advisory ID: KL-001-2023-003 Publication Date: 2023.08.17 Publication URL:...

Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification via sudoedit

Vulnerability Details Affected Vendor: ThousandEyes Affected Product: ThousandEyes Enterprise Agent Virtual Appliance Affected Version: thousandeyes-va-64-18.04 0.218 Platform: Linux / Ubuntu 18.04 CWE Classification: CWE-1395: Dependency on Vulnerable Third-Party Component CVE ID:...