CVE-2023-29919

SolarView Compact = 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read or modified because texteditor.php is not restricted...

PT-2023-22476 · Unknown · Solarview Compact

Name of the Vulnerable Software and Affected Versions: SolarView Compact versions 6.0 and earlier Description: The issue allows any file on the server to be read or modified due to insecure permissions. This is because the texteditor.php file is not restricted, leading to potential unauthorized...

CVE-2023-25438

An issue was discovered in Genomedics MilleGP5 5.9.2, allows remote attackers to execute arbitrary code and gain escalated privileges via modifying specific files...

Code injection

An issue was discovered in Genomedics MilleGP5 5.9.2, allows remote attackers to execute arbitrary code and gain escalated privileges via modifying specific files...

CVE-2023-26244

An issue was discovered in the Hyundai Gen5WL in-vehicle infotainment system AEEPEEUR.S5WL001.001.211214. The AppDMClient binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check of AppUpgrade and .lge.upgrade.xml...

CVE-2023-29268

The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.'s...

CVE-2023-29268

The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.'s...

TIBCO Software Spotfire Statistics Services 代码问题漏洞

TIBCO Software Spotfire Statistics Services is a comprehensive library of statistics and data algorithms based on the TERR engine or other engines from TIBCO Software, USA. A security vulnerability exists in TIBCO Software Spotfire Statistics Services, which originates in the Splus Server compone...

PT-2023-9257 · Gogs · Gogs

Name of the Vulnerable Software and Affected Versions: Gogs versions 0.13.0 and earlier Description: The issue allows an attacker to delete or modify arbitrary files on a vulnerable Gogs server. This can be exploited by a remote attacker. Unprivileged user accounts can execute arbitrary commands ...

CVE-2023-28141 NTFS Junction

An NTFS Junction condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.8.0.31. Attackers may write files to arbitrary locations via a local attack vector. This allows attackers to assume the privileges of the process, and they may delete or otherwise on unauthorized...

Siemens SCALANCE W1750D Improper Input Validation (CVE-2021-25160)

A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below...

Siemens SCALANCE W1750D Improper Input Validation (CVE-2021-25159)

A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below...

Siemens SCALANCE W1750D Improper Input Validation (CVE-2021-25155)

A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below...

Improper access control

WisdomGarden Tronclass has improper access control when uploading file. An authenticated remote attacker with general user privilege can exploit this vulnerability to access files belonging to other users by modifying the file ID within URL...

CVE-2022-4224

In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device...

Security Bulletin: IBM Watson CloudPak for Data Data Stores is vulnerable to allowing a user with physical access and specific knowledge of the system to modify files or data on the system.(CVE-2023-26282)

Summary IBM Watson CP4D Data Stores could allow a user with physical access and specific knowledge of the system to modify files or data on the system. Vulnerability Details CVEID:CVE-2023-26282 DESCRIPTION: IBM Watson CP4D Data Stores could allow a user with physical access and specific knowledg...

CVE-2021-33639

REMAP cmd of SVM driver can be used to remap read only memory as read-write, then cause read only memory/file modified...

CVE-2022-27677

Failure to validate privileges during installation of AMD Ryzen™ Master may allow an attacker with low privileges to modify files potentially leading to privilege escalation and code execution by the lower privileged user...

CVE-2022-27677

Failure to validate privileges during installation of AMD Ryzen™ Master may allow an attacker with low privileges to modify files potentially leading to privilege escalation and code execution by the lower privileged user...

K16965: bzip2 vulnerabilities CVE-2005-0953 and CVE-2005-1260

Security Advisory Description CVE-2005-0953 Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete...