2666 matches found
Design/Logic Flaw
The BrightSign Digital Signage 4k242 device Firmware 6.2.63 and below allows renaming and modifying files via /tools.html...
CVE-2017-17738
The BrightSign Digital Signage 4k242 device Firmware 6.2.63 and below allows renaming and modifying files via /tools.html...
CVE-2017-17738
Summary: CVE-2017-17738 affects BrightSign Digital Signage (4k242) devices with firmware 6.2.63 and earlier. The vulnerability allows renaming and modifying files via the web page /tools.html, as described in CNVD/NVD entries for this device. Public write-access via a web interface is indicated, ...
CVE-2017-7501
It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to...
The vulnerability of the ServerProtect security tool, which arises due to insufficient validation of input data, allows a perpetrator to execute arbitrary code with root privileges or modify any files as desired.
The vulnerability of the ServerProtect security tool exists due to insufficient verification of input data. Exploiting this vulnerability allows a malicious actor to modify arbitrary files or execute arbitrary code with root privileges, by exploiting the absence of software update checks...
Security Update for Microsoft SharePoint Enterprise Server 2013 (KB4011170) farm-deployment
A security vulnerability exists in Microsoft SharePoint Enterprise Server 2013 that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability...
DEBIAN-CVE-2017-1000115
Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository...
CVE-2017-1000115
Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository...
Command injection
The server daemons in Kannel 1.5.0 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill cat /pathname"...
The vulnerability of the component supported by Git-style software, the GNU Patch Unix utility for operating systems like Ubuntu and Fedora, allows a hacker to modify any files they desire.
The vulnerability of the Git-style programmatic Unix utility GNU Patch for operating systems like Ubuntu and Fedora is related to deficiencies in pathname restrictions for directories. Exploiting this vulnerability allows a malicious actor to remotely modify arbitrary files with the target user’s...
The vulnerability of the Apport service on the Ubuntu operating system allows a hacker to obtain root privileges and modify any files they desire.
The vulnerability of the Apport service on the Ubuntu operating system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor, operating locally, to obtain root privileges and modify arbitrary files by improperly handling permissions when creating...
CVE-2017-14159
slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill cat /pathname" command, ...
CVE-2017-14102
MIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill cat /pathname" command, as...
Privilege escalation
Privilege escalation in Replibit Backup Manager earlier than version 2017.08.04 allows attackers to gain root privileges via sudo command execution. The vi program can be accessed through sudo, in order to navigate the filesystem and modify a critical file such as /etc/passwd...
Command injection
UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill cat /pathname" command. NOTE: t...
LvyeCms CustompageController.class.php file has a logical design flaw
LvyeCms 旅烨cms is a php content management system based on ThinkPHP. A logical design vulnerability exists in the LvyeCms CustompageController.class.php file. An attacker can exploit the vulnerability to write, modify, or delete any file in the system...
Cisco StarOS for ASR 5000 Series Routers FTP Configuration File Modification Vulnerability
A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. The vulnerability is due to the inclusion of sensitive system files within specific FTP...
CVE-2017-11746
Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a root script executes a "kill cat /pathname/tenshi.pid" command...
CVE-2017-11746
Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a root script executes a "kill cat /pathname/tenshi.pid" command...
FineCMS multi vulnerablity
Reflected XSS in getimage.php Technical Description: file /application/lib/ajax/getimage.php the $POST'id' and $POST'name' and $GET'folder' without any validated, sanitised or output encoded. Proof of ConceptPoC http://yourfinecms/application/lib/ajax/getimage.php?folder=1 POST: id=1"alert1&name=...