CVE-2016-9210

CVE-2016-9210 affects Cisco Unified Communications Manager’s Unified Reporting Upload Tool . The vulnerability is a directory traversal flaw that allows an unauthenticated, remote attacker to plant/modify arbitrary files on the affected system by submitting a crafted POST request via the CUCM Uni...

CVE-2016-2877

IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses weak permissions for unspecified directories under the web root, which allows local users to modify data by writing to a file...

Avast Endpoint Protection Suite Plus Sandbox Escape Security Bypass Vulnerability

Avast Endpoint Protection Suite Plus is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2016-5763

Vulnerability in Novell Open Enterprise Server OES2015 SP1 before Scheduled Maintenance Update 10992, OES2015 before Scheduled Maintenance Update 10990, OES11 SP3 before Scheduled Maintenance Update 10991, OES11 SP2 before Scheduled Maintenance Update 10989 might allow authenticated remote...

CVE-2016-5763

CVE-2016-5763 concerns a vulnerability in Novell Open Enterprise Server (OES) . Multiple OES versions (OES2015 SP1 before maintenance update 10992; OES2015 before 10990; OES11 SP3 before 10991; OES11 SP2 before 10989) are described as susceptible. Public sources indicate a file inclusion vulnerab...

SAP TREX Arbitrary File Modification Vulnerability

SAP TREX is a search engine from SAP for the SAP NetWeaver integrated technology platform. An arbitrary file modification vulnerability exists in SAP TREX, which can be exploited by a remote attacker to read and write arbitrary files on the file system...

Server: Edit permission check not enforced on WebDAV COPY action

The WebDAV endpoint was not properly checking the permission on a WebDAV "COPY" action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files. For more information please consult the official advisory. This...

The vulnerability of the GNU Wget download manager, which allows a hacker to modify any files at will

The vulnerability of the GNU Wget download manager is related to security configuration errors. Exploiting this vulnerability allows a malicious actor to remotely modify any files by redirecting requests from HTTP to a specially created FTP server...

IBM Security Privileged Identity Manager Virtual Appliance Arbitrary File Modification Vulnerability

IBM Security Privileged Identity Manager is an identity management product within IBM Identity Governance and Management, an identity governance solution from IBM USA, that protects, automates, and audits the use of privileged identities to help defend against insider threats and improve security...

Vulnerability of the 1C-Bitrix web project management system: Website management that allows malicious actors to bypass access restrictions

Vulnerability of the 1C-Bitrix web project management system: Website management related to errors in the integrity control mechanism of the control scripts. Exploiting this vulnerability allows a malicious actor to manipulate the integrity check mechanism and modify files within the system witho...

Cisco 8800 Series IP Phone Filesystem Permission Enforcement Unauthorized Access Vulnerability

A vulnerability in the mounted filesystem of Cisco 8800 Series IP Phones could allow an authenticated, remote attacker to access any file, including the right to change the file mode, on a targeted device. The vulnerability is due to insufficient enforcement of filesystem permissions. An attacker...

CVE-2016-2826

The maintenance service in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows does not prevent MAR extracted-file modification during updater execution, which might allow local users to gain privileges via a Trojan horse file...

CVE-2016-2826

The maintenance service in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows does not prevent MAR extracted-file modification during updater execution, which might allow local users to gain privileges via a Trojan horse file...

CVE-2016-2826

The maintenance service in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows does not prevent MAR extracted-file modification during updater execution, which might allow local users to gain privileges via a Trojan horse file...

The vulnerability of the PHP interpreter, allowing a hacker to modify arbitrary files

The vulnerability of the PharData PHP interpreter relates to deficiencies in pathname restrictions for directories. Exploiting this vulnerability allows an attacker to modify arbitrary files by adding the symbol “..” to the pathname of the ZIP archive during the extractTo operation...

Hexchat IRC Client Directory Traversal Vulnerability

Hexchat formerly known as XChat-WDK is a cross-platform IRC Instant Chat over the Internet communications software. Hexchat IRC Client is one of the IRC client products based on XChat. Hexchat IRC Client version 2.11.0 has a directory traversal vulnerability in the 'logcreatepathname' function in...

The vulnerability of the InfoSphere Information Server software platform, which allows a perpetrator to circumvent existing access restrictions

The vulnerability of the InfoSphere Information Server software is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to circumvent existing access restrictions by modifying the cookie file...

CVE-2016-2288

Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file...

CVE-2016-2288

Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file...

Android system vulnerability to mention the right-vulnerability warning-the black bar safety net

A preamble 1.1 what is the root Root-that is, we here that the system provides the right, typically is for Android system mobile phone, it makes it so that the user can get the Android operating system the super-user permissions. the root is generally used to help users over the phone to...