CVE-2018-1000607

A arbitrary file write vulnerability exists in Jenkins Fortify CloudScan Plugin 1.5.1 and earlier in ArchiveUtil.java that allows attackers able to control rulepack zip file contents to overwrite any file on the Jenkins master file system, only limited by the permissions of the user the Jenkins...

CVE-2009-4013

Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving 1 control field names, 2 control field values, and 3 control file...

CVE-2003-1281

cgihtml 1.69 allows local users to overwrite arbitrary files via a symlink attack on certain temporary files...

CVE-2003-1246

NtCreateSymbolicLinkObject in ntdll.dll in Integrity Protection Driver IPD 1.2 and 1.3 allows local users to create and overwrite arbitrary files via a symlink attack on \winnt\system32\drivers using the subst command...

CVE-2016-10848

cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck SEC-81...

CVE-2016-10804

The SQLite journal feature in cPanel before 57.9999.54 allows arbitrary file-overwrite operations during Horde Restore SEC-58...

CVE-2022-42002

SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete...

CVE-2022-26659

Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run elevated, will write its log...

CVE-2017-18464

cPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor SEC-226...

CVE-2017-18416

cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update SEC-303...

CVE-2017-18458

cPanel before 62.0.17 allows file overwrite when renaming an account SEC-219...

CVE-2020-12851

Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’s personal and cells folders repositories by uploading a custom generated ZIP file and leveraging the file extraction feature present in the web application. The extracted files will be placed in t...

CVE-2023-25168

Wings is Pterodactyl's server control plane. This vulnerability can be used to delete files and directories recursively on the host system. This vulnerability can be combined with GHSA-p8r3-83r8-jwj5 to overwrite files on the host system. In order to use this exploit, an attacker must have an...

CVE-2023-49788

Collabora Online is a collaborative online office suite based on LibreOffice technology. Unlike a standalone dedicated Collabora Online server, the Built-in CODE Server richdocumentscode is run without chroot sandboxing. Vulnerable versions of the richdocumentscode app can be susceptible to attac...

CVE-2025-23365

A vulnerability has been identified in TIA Administrator All versions V3.0.6. The affected application allows low-privileged users to trigger installations by overwriting cache files and modifying the downloads path. This would allow an attacker to escalate privilege and exceute arbitrary code...

CVE-2025-23051

An authenticated parameter injection vulnerability exists in the web-based management interface of the AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated user to leverage parameter injection to overwrite arbitrary system files...

CVE-2024-34033

Delta Electronics DIAEnergie has insufficient input validation which makes it possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten...

CVE-2024-41183

Trend Micro VPN, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite under specific conditions that can lead to elevation of privileges...

CVE-2024-41971

A low privileged remote attacker can overwrite an arbitrary file on the filesystem leading to a DoS and data loss...

CVE-2019-25295

The WP Cost Estimation plugin for WordPress is vulnerable to Upload Directory Traversal in versions before 9.660 via the uploadFormFiles function. This allows attackers to overwrite any file with a whitelisted type on an affected site...