CVE-2019-5585

An improper access control vulnerability in FortiClientMac before 6.0.5 may allow an attacker to affect the application's performance via modifying the contents of a file used by several FortiClientMac processes...

CVE-2019-5585

An improper access control vulnerability in FortiClientMac before 6.0.5 may allow an attacker to affect the application's performance via modifying the contents of a file used by several FortiClientMac processes...

Improper access control

An improper access control vulnerability in FortiClientMac before 6.0.5 may allow an attacker to affect the application's performance via modifying the contents of a file used by several FortiClientMac processes...

CVE-2019-5585

An improper access control vulnerability in FortiClientMac before 6.0.5 may allow an attacker to affect the application's performance via modifying the contents of a file used by several FortiClientMac processes...

CVE-2019-3827

CVE-2019-3827 affects gvfs prior to 1.39.4. A flawed permission check in the admin backend allows reading and modifying arbitrary files by privileged users when no authentication agent is running, enabling local privilege escalation under certain system configurations. Multiple connected advisori...

elFinder PHP Connector < 2.1.48 - exiftran Command Injection Exploit

This Metasploit module exploits a command injection vulnerability in elFinder versions prior to 2.1.48. The PHP connector component allows unauthenticated users to upload files and perform file modification operations, such as resizing and rotation of an image. The file name of uploaded files is...

Tar: Denial of service

Background The Tar program provides the ability to create and manipulate tar archives. Description The sparsedumpregion function in sparse.c file in Tar allows an infinite loop using the --sparse option. Impact A local attacker could cause a Denial of Service condition by modifying a file that is...

Arbitrary File Modification

github.com/go-gitea/gitea is vulnerable to arbitrary file deletion. The vulnerability exists due to a lack of check on file path values, allowing DeleteFilePost to cause arbitrary deletion, and EditFilePost/UploadFilePost to cause arbitrary file modification...

The vulnerability of the programmatically defined Cisco SD-WAN network, which arises due to insufficient validation of input data, allows a hacker to modify arbitrary files and increase their privileges.

The vulnerability of the programmatically defined Cisco SD-WAN network exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to modify arbitrary files and elevate their privileges to root by changing the “save” command in the command interface...

The vulnerability of the Vim text editor on the Astra Linux operating system allows a hacker to circumvent the restrictions imposed by the given security policy.

The vulnerability of the Vim text editor in the Astra Linux operating system is related to the improper saving of security attributes when files are modified. Exploiting this vulnerability allows an attacker to circumvent the security restrictions imposed by the specified security policy...

CVE-2018-18812

The CVE-2018-18812 vulnerability affects TIBCO Spotfire Analytics Platform for AWS Marketplace (and TIBCO Spotfire Server) when using external storage for the Spotfire Library. The issue may theoretically allow users with read-only access to modify files stored in the Spotfire Library, under affe...

CleanMyMac X removeDiagnosticLogs privilege escalation vulnerability

Summary The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access can use this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product URLs https://macpaw.com/cleanmymac...

imcat Arbitrary PHP Code Execution Vulnerability

imcat is a PHP-based open source website building system . A security vulnerability exists in imcat version 4.4. Remote attackers can use root/run/adm.php file to modify the boot/bootskip.php file to exploit the vulnerability to execute arbitrary PHP code...

The vulnerability of the Cisco Digital Network Architecture (DNA) Center’s network management system is related to the insecure default configuration settings. This allows attackers to bypass authentication procedures, gain access to system files, and modify them.

The vulnerability of the Cisco Digital Network Architecture DNA Center network management system arises from insecure default configuration settings. Exploiting this vulnerability could allow a malicious actor to bypass authentication procedures, gain access to system files, and modify them...

Design/Logic Flaw

In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file...

CVE-2017-1418

CVE-2017-1418 affects IBM Integration Bus and WebSphere Message Broker, with insecure file permissions on certain files that allow a local attacker to modify or delete them. Affected products/versions per the sources: IBM Integration Bus V10.0.0.0–10.0.0.11 and V9.0.0.0–9.0.0.10; WebSphere Messag...

Code injection

IBM Integration Bus 9.0.0.0, 9.0.0.11, 10.0.0.0, and 10.0.0.14 including IBM WebSphere Message Broker 8.0.0.0 and 8.0.0.9 has insecure permissions on certain files. A local attacker could exploit this vulnerability to modify or delete these files with an unknown impact. IBM X-Force ID: 127406...

Apple macOS file modification vulnerability

macOS is Apple's proprietary operating system for the Mac line of products. A file modification vulnerability exists in the EFI component in Apple macOS High Sierra 10.13.6, macOS Mojave 10.14. A local user can exploit the vulnerability to modify protected portions of the file system...

Photo Nettoyeur 1.4.5 Insecure File Permission Vulnerability

Exploit for windows platform in category local exploits i?-------------------------------------------------------- Exploit Title: Photo Nettoyeur 1.4.5 - Insecure File Permission Exploit Author : ZwX Vendor Homepage : http://www.marseillesoft.com/ Link Software :...

CVE-2018-14808

Emerson AMS Device Manager (AMS DM) versions 12.0–13.5 are affected by CVE-2018-14808 (CWE-269). The root cause is improper privilege management, allowing non-administrative users to overwrite or modify executable and library files, potentially impacting integrity and availability as per NVD/ICS ...