177 matches found
CVE-2019-17575
CVE-2019-17575 applies to WBCE CMS 1.4.0 and earlier. A vulnerability in the admin/media/rename.php file forms a file-rename filter bypass, enabling an authenticated admin to rename a media file and extension in a way that results in executing arbitrary PHP code on the server. The documented exam...
Information Disclosure
php is vulnerable to information disclosire. File rename across filesystems may allow unintended access to the file being renamed while the process is on-going...
php: File rename across filesystems may allow unwanted access during processing
An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to...
CVE-2017-18449
cPanel before 64.0.21 allows certain file-rename operations in the context of the root account via scripts/convertroundcubemysql2sqlite SEC-254...
CVE-2017-18449
cPanel before 64.0.21 allows certain file-rename operations in the context of the root account via scripts/convertroundcubemysql2sqlite SEC-254...
Code injection
cPanel before 64.0.21 allows certain file-rename operations in the context of the root account via scripts/convertroundcubemysql2sqlite SEC-254...
CVE-2017-18449
cPanel before 64.0.21 allows certain file-rename operations in the context of the root account via scripts/convertroundcubemysql2sqlite SEC-254...
CVE-2017-18449
CVE-2017-18449 affects cPanel prior to 64.0.21. The issue enables certain file-rename operations in the context of the root account via scripts/convert_roundcube_mysql2sqlite (SEC-254). The vulnerability is caused by insufficient validation of file rename actions within the specified script path,...
CVE-2018-20893
cPanel before 74.0.0 allows file-rename operations during account renames SEC-442...
CVE-2018-20893
cPanel before 74.0.0 allows file-rename operations during account renames SEC-442...
Design/Logic Flaw
cPanel before 74.0.0 allows file-rename operations during account renames SEC-442...
CVE-2018-20893
cPanel before 74.0.0 allows file-rename operations during account renames SEC-442...
CVE-2018-20893
Affected software: cPanel. Vulnerability: core issue allows file-rename operations during account renames (SEC-442) prior to version 74.0.0. Root cause details are not expanded beyond this description in the provided documents. Impact: exposes unintended file-rename behavior during account rename...
The vulnerability of the ext4_xattr_set_entry() function in the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the ext4xattrsetentry function in the Linux operating system is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to cause a service failure during the renaming of a file in a specially created ext4 file system image...
CVE-2019-9637
An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to...
CVE-2019-9637
An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to...
Unspecified Vulnerability in WordPress Media File Manager
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.Media File Manager plugin is a media library folder/category management plugin used in it. An unspecified vulnerability exis...
kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4xattrsetentry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image...
AppArmor Filesystem Blacklisting Bypass
AppArmor: filesystem blacklisting can be bypassed by moving parents Some AppArmor policies attempt to blacklist access to specific directories while broadly granting write access to everything else. For example, the Firefox profile uses the user-files abstraction, which broadly permits write acce...
Google gVisor File Renaming Vulnerability
gVisor is Google's open source new sandbox container runtime environment . A file renaming vulnerability exists in Google gVisor. The vulnerability stems from Google gVisor's seccomp sandbox allowing access to the renameat system call. An attacker could exploit this vulnerability to rename files ...