CVE-2020-35513

A flaw incorrect umask during file or directory modification in the Linux kernel NFS network file system functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with...

1E Client Privilege Permission and Access Control Issues Vulnerability (CNVD-2021-02032)

1E Client is an agent-less endpoint management software from 1E 1E Client USA. A security vulnerability exists in 1E Client versions 5.0.0.745, 4.1.0.267, which originates in the %PROGRAMDATA%1EClient directory that allows remote authenticated and local users to create and modify files in...

CVE-2020-35948

An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xclonerrestore.php writefileaction could...

CVE-2020-27643

Affected product: 1E Client (versions 4.1.0.267 and 5.0.0.745). Root cause: MSI installer and related components allow creation of a junction point to a system directory via unreferenced paths, enabling remote authenticated or local users to create/modify files in protected directories. Result: p...

PT-2020-6829 · Unknown · C-Bus Toolkit

Name of the Vulnerable Software and Affected Versions: C-Bus Toolkit versions 1.15.9 and prior Description: A vulnerability exists that could allow remote code execution when an unprivileged user modifies a file. This issue is related to incorrect permission assignment for critical resources, whi...

CVE-2020-8258

Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows an attacker to modify arbitrary files...

Input validation

Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows an attacker to modify arbitrary files...

phpMyAdmin 4.0.x < 4.0.10.10 / 4.2.x < 4.2.13.3 / 4.3.x < 4.3.13.1 / 4.4.x < 4.4.6.1 Multiple Vulnerabilities (PMASA-2015-2, PMASA-2015-3)

According to its self-reported version, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.10, 4.2.x prior to 4.2.13.3, 4.3.x prior to 4.3.13.1, or 4.4.x prior to 4.4.6.1. It is, therefore, affected by multiple vulnerabilities. - Multiple cross-site request forger...

Kata Containers Security Vulnerability

Kata Containers is an open source lightweight virtual machine builder from the Kata Containers community. A security vulnerability exists in Kata Containers versions prior to 1.11.5 that stems from an improper file permission vulnerability affecting Kata containers. When using a Kubernetes hostPa...

SAP ERP Client E-Bilanz Access Control Error Vulnerability

SAP ERP is a series of software for ERP management from SAP in Germany. An Access Control Error vulnerability exists in SAP ERP Client E-Bilanz version 1.0, which stems from an installation setting incorrectly setting the default file system permissions in its installation folder, allowing anyone...

Security Update for Microsoft Office 2013 (KB4486725) 32-Bit Edition

A security vulnerability exists in Microsoft Office 2013 32-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability...

WordPress Child Theme Creator by Orbisius plugin <= 1.5.1 - Cross-Site Request Forgery (CSRF) to Arbitrary File Modification/Creation vulnerability

Cross-Site Request Forgery CSRF to Arbitrary File Modification/Creation vulnerability found by Chloe Chamberland in WordPress Child Theme Creator by Orbisius plugin versions = 1.5.1. Solution Update the WordPress Child Theme Creator by Orbisius plugin to the latest available version at least 1.5....

Child Theme Creator by Orbisius < 1.5.2 - CSRF to Arbitrary File Modification/Creation

This flaw gave attackers the ability to forge requests on behalf of an administrator in order to modify arbitrary theme files and create new PHP files, which could allow an attacker to achieve remote code execution RCE on a vulnerable site’s server. PoC The following will create hello.php in the...

Child Theme Creator by Orbisius < 1.5.2 - CSRF to Arbitrary File Modification/Creation

This flaw gave attackers the ability to forge requests on behalf of an administrator in order to modify arbitrary theme files and create new PHP files, which could allow an attacker to achieve remote code execution RCE on a vulnerable site’s server. The following will create hello.php in the...

CVE-2020-18185

class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment...

CVE-2020-18185

Removed by vendor...

CVE-2020-24046

A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. This restricted shell can be bypassed after changing the properties of the user admin in the operating...

CVE-2020-7119

A vulnerability exists in the Aruba Analytics and Location Engine ALE web management interface 2.1.0.2 and earlier firmware that allows an already authenticated administrative user to arbitrarily modify files as an underlying privileged operating system user...

CVE-2020-7119

A vulnerability exists in the Aruba Analytics and Location Engine ALE web management interface 2.1.0.2 and earlier firmware that allows an already authenticated administrative user to arbitrarily modify files as an underlying privileged operating system user...

Design/Logic Flaw

A vulnerability exists in the Aruba Analytics and Location Engine ALE web management interface 2.1.0.2 and earlier firmware that allows an already authenticated administrative user to arbitrarily modify files as an underlying privileged operating system user...