The vulnerability of the iphlpsvc.dll library in the Windows operating system allows a hacker to elevate their privileges and modify arbitrary files.

The vulnerability of the iphlpsvc.dll library in the Windows operating system is related to errors during file creation. Exploiting this vulnerability can allow attackers to enhance their privileges and modify arbitrary files using a specially created application...

CVE-2019-7194

CVE-2019-7194 is a QNAP Photo Station path-traversal vulnerability (external control of file name/path) that allows remote access to or modification of files. Affected: QNAP Photo Station (versions 5.2.11, 5.4.9, 5.7.10, and 6.0.3 or earlier). Impact per sources: remote access/modification of sys...

CVE-2019-7195

This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker...

QNAP Photo Station Multiple Vulnerabilities (NAS-201911-25)

QNAP Photo Station is prone to multiple vulnerabilities. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

PT-2019-6063 · Qnap · Qnap Photo Station

Name of the Vulnerable Software and Affected Versions: QNAP Photo Station affected versions not specified Description: The issue allows remote attackers to access or modify system files due to an external control of file name or path vulnerability. This vulnerability is related to incorrect...

The vulnerability of the DIGSI 5 software and SIPROTEC 5 devices lies in the insufficient validation of input data. This allows attackers to obtain, modify, and delete files within the system.

The vulnerability of the DIGSI 5 software and the SIPROTEC 5 devices is related to insufficient verification of input data. Exploiting this vulnerability allows a remote attacker to obtain, modify, and delete files in certain parts of the system by sending specially crafted packets to port 443/TC...

WordPress orbisius-child-theme-creator plugin arbitrary file modification vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. orbisius-child-theme-creator is a child theme builder plugin used in it. An arbitrary file modification vulnerability exists in the...

CVE-2015-9456

The orbisius-child-theme-creator plugin before 1.2.8 for WordPress has incorrect access control for file modification via the wp-admin/admin-ajax.php?action=orbisiusctcthemeeditorajax&subcmd=savefile theme1, theme1file, or theme1filecontents parameter...

Design/Logic Flaw

The orbisius-child-theme-creator plugin before 1.2.8 for WordPress has incorrect access control for file modification via the wp-admin/admin-ajax.php?action=orbisiusctcthemeeditorajax&subcmd=savefile theme1, theme1file, or theme1filecontents parameter...

CVE-2015-9456

The CVE concerns the WordPress plugin “orbisius-child-theme-creator” (before version 1.2.8). The issue is incorrect access control on file modification via wp-admin/admin-ajax.php?action=orbisius_ctc_theme_editor_ajax&sub_cmd=save_file with parameters theme_1, theme_1_file, or theme_1_file_conten...

PYSEC-2019-125

Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\SYSTEM. This could lead to denial of service, elevation of privilege, or unspecified other impact...

Design/Logic Flaw

Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\SYSTEM. This could lead to denial of service, elevation of privilege, or unspecified other impact...

CVE-2019-16941

NSA Ghidra through 9.0.4, when experimental mode is enabled, allows arbitrary code execution if the Read XML Files feature of Bit Patterns Explorer is used with a modified XML document. This occurs in Features/BytePatterns/src/main/java/ghidra/bitpatterns/info/FileBitPatternInfoReader.java. An...

DEBIAN-CVE-2019-3689

The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and managed by root. If...

MGASA-2019-0263 Updated sympa packages fix security vulnerability

Updated sympa packages fix security vulnerability: Michael Kaczmarczik discovered a vulnerability in the web interface template editing function of Sympa, a mailing list manager. Owner and listmasters could use this flaw to create or modify arbitrary files in the server with privileges of sympa...

CVE-2019-1939

A vulnerability in the Cisco Webex Teams client for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. This vulnerability is due to improper restrictions on software logging features used by the application on Windows operating systems. An...

Design/Logic Flaw

A vulnerability in the Cisco Webex Teams client for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. This vulnerability is due to improper restrictions on software logging features used by the application on Windows operating systems. An...

Cisco Webex Teams Injection Vulnerability

Cisco Webex Teams is a team collaboration application from Cisco USA. The program includes video conferencing, group messaging and file sharing features. An injection vulnerability exists in Cisco Webex Teams. A remote attacker could exploit this vulnerability to modify files and execute arbitrar...

CVE-2019-1973

A vulnerability in the web portal framework of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to improper input validation of log file...

Unrestricted file upload

A file upload restriction bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to the import feature can make modifications to a configuration file, resulting in potentially unauthorized removal o...