Arbitrary File Modification Vulnerability in WMCMS

WMCMS is based on PHP + MYSQL as the core development, free + open source professional Chinese labeling system. WMCMS arbitrary file modification vulnerability, an attacker can use the vulnerability to modify any file...

Cisco Webex Teams Logging Feature Command Execution Vulnerability

According to its self-reported version, Cisco Webex Teams client for Windows is affected by a command execution vulnerability due to improper restrictions on software logging features. An unauthenticated, remote attacker could exploit this vulnerability by convincing a targeted user to visit a...

Access Control Error Vulnerability in Multiple ABB Products

ABB OPCServer for AC800M and others are products of ABB Switzerland.ABB OPCServer for AC800M is an OPC OLE for Process Control server for AC800M.Control Builder M Professional is a Compact Control Builder. MMSServer for AC800M is an MMS server for AC800M. An Access Control Error vulnerability...

CVE-2020-8961

An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825. The Self-Protection feature does not prohibit a write operation from an external process. Thus, code injection can be used to turn off this feature. After that, one can construct an event that will modify a file at a specific...

Design/Logic Flaw

An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their...

cPanel File Modification Vulnerability

cPanel is a set of Web-based host control management system of the U.S. cPanel. A file modification vulnerability exists in cPanel versions prior to 84.0.20. An attacker can use a demo account to exploit this vulnerability to modify files via Branding API calls...

CVE-2020-10118

cPanel before 84.0.20 allows a demo account to modify files via Branding API calls SEC-543...

CVE-2020-10118

CVE-2020-10118 affects cPanel before 84.0.20 via the Branding API, where a demo account can modify files. The Red Hat/CNVD entries corroborate the same issue (file modification via Branding API). The vulnerability is tied to cPanel’s Branding API handling, enabling unauthorized file changes with ...

Hubei Tao code thousand dimensional information technology limited company gold micro cell phone mall system exists arbitrary file modification vulnerability

Jinwei mobile mall system is suitable for micro-business customers with public number, imitating the page layout of the hand Tao, support embedded video playback. Support customized model specifications, the main specifications support attached pictures, each subdivided model support inventory...

CVE-2020-8658

The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.php&action=htaccesseditor CSRF. The flag htccssnoncename passes the nonce to WordPress but the plugin does not validate it correctly, resulting in a wrong implementation of anti-CSRF protection. In...

VulnCheck KEV: CVE-2019-9489

A directory traversal vulnerability in Trend Micro Apex One, OfficeScan versions XG and 11.0, and Worry-Free Business Security versions 10.0, 9.5 and 9.0 could allow an attacker to modify arbitrary files on the affected product's management console...

CVE-2012-3808

Samsung Kies before 2.5.0.120942711 has arbitrary file modification...

Design/Logic Flaw

Samsung Kies before 2.5.0.120942711 has arbitrary file modification...

CVE-2012-3808

CVE-2012-3808 concerns Samsung Kies. The connected docs confirm a vulnerability class of Arbitrary File Modification in Kies versions prior to 2.5.0.12094_27_11, caused by insecure operations in the CmdAgentLib/CmdAgent dlls (ICommandAgent interface) used by Kies’ firmware update component. The a...

CVE-2012-3808

Samsung Kies before 2.5.0.120942711 has arbitrary file modification...

CVE-2019-6854

A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert ClearSCADA -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the...

CVE-2019-6854

CVE-2019-6854 concerns an improper authentication vulnerability in EcoStruxure Geo SCADA Expert (ClearSCADA). The issue is located in a folder within the product and, if exploited by a low-privilege user who has OS filesystem access, could allow deletion or modification of database, settings, or ...

CVE-2019-6854

A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert ClearSCADA -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the...

CVE-2019-19695

A privilege escalation vulnerability in Trend Micro Antivirus for Mac 2019 v9.0.1379 and below could potentially allow an attacker to create a symbolic link to a target file and modify it...

Trend Micro Antivirus for Mac power lifting vulnerability (CNVD-2020-03732)

Trend Micro Antivirus for Mac is a set of antivirus software based on Mac platform from Trend Micro. A boost vulnerability exists in Trend Micro Antivirus for Mac 2019 9.0.1379 and earlier versions, which can be exploited by an attacker to create a symbolic link to a target file and modify the fi...