QTIWorks 路径遍历漏洞

QTIWorks is a standards-based evaluation delivery software suite from Dave McKain's personal developer. A security vulnerability exists in versions of QTIWorks prior to QTIWorks 1.0-beta15 that stems from allowing users to upload QTI content packages as ZIP files, where the ZIP processing code do...

CVE-2022-22248 Junos OS Evolved: Incorrect file permissions can allow low-privileged user to cause another user to execute arbitrary commands

An Incorrect Permission Assignment vulnerability in shell processing of Juniper Networks Junos OS Evolved allows a low-privileged local user to modify the contents of a configuration file which could cause another user to execute arbitrary commands within the context of the follow-on user's...

CVE-2022-3124

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server...

CVE-2022-34429

Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification...

Stack overflow

A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file. This vulnerability can only be exploited by chaining it with another...

CVE-2022-27593

An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later...

CVE-2022-27593

An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later...

CVE-2022-30298

An improper privilege management vulnerability CWE-269 in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system files via another, unrelated and hypothetical exploit to execute arbitrary Python commands as root...

FortiADC -- Read-Only user able to modify system files

An improper privilege management vulnerability CWE-269 in FortiADC may allow a remote authenticated attacker with restricted user profile to modify the system files using the shell access...

Fortinet FortiADC 安全漏洞

Fortinet FortiADC is an application delivery controller from Fortinet, Inc. Fortinet FortiADC is vulnerable to an authorization issue, which stems from improper privilege management. An attacker could exploit the vulnerability to modify system files using a shell...

CVE-2021-31566

An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. ...

McAfee Security Scan Plus 安全漏洞

McAfee Security Scan Plus MSS+ is a tool from McAfee, Inc. that protects computers from spyware and viruses. A security vulnerability exists in versions of McAfee Security Scan Plus MSS+ prior to 4.1.262.1, which stems from a faulty privilege management that could allow a local user to modify...

CVE-2022-35954 Delimiter injection vulnerability in @actions/core exportVariable

The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The core.exportVariable function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write untrusted values t...

Exploit for CVE-2022-30190

CVE-2022-30190EXPPowerPoint This is exploit of CVE-2022-301...

The vulnerability of the Data Server database in the interactive graphical SCADA system allows a intruder to gain access to read, modify, or delete files.

The vulnerability of the Data Server database in the Interactive Graphical SCADA System IGSS is related to the absence of authentication procedures. Exploiting this vulnerability could allow a malicious actor to gain access to read, modify, or delete files by sending specially crafted messages...

The vulnerability of the application deployment automation tool in Kubernetes ArgoCD, related to writing beyond the buffer in memory, allows a malicious actor to write or modify any YAML file.

The vulnerability of the Kubernetes ArgoCD application deployment automation tool relates to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to write or modify any YAML file...

GHSA-Q874-G24W-4Q9G Jupyter server Token bruteforcing

Affects: Notebook and Lab between 6.4.0?potentially earlier and 6.4.11 currently latest. Jupyter Server =1.16.0. If I am correct about the responsible code it will affect Jupyter-Server 1.17.0 and 2.0.0a0 as well. Description: If notebook server is started with a value of rootdir that contains th...

Jupyter Server 安全漏洞

Jupyter Server is a Jupyter community application used to provide back-end services for Jupyter web applications. A security vulnerability exists in Jupyter Server versions prior to 1.17.1. An attacker could exploit this vulnerability to disclose access tokens to a malicious third party and modif...

MGASA-2022-0216 Updated webmin packages fix security vulnerability

Less privileged Webmin users excluding those created by Virtualmin and Cloudmin can modify arbitrary files with root privileges, and so run commands as root CVE-2022-30708...

The vulnerability of the CLI component of Cisco SD-WAN microprogramming software allows a hacker to enhance their privileges.

The vulnerability of the CLI component of Cisco SD-WAN microprogramming software is related to access control deficiencies. Exploiting this vulnerability can allow attackers to enhance their privileges by modifying certain files on the vulnerable device...