Lucene search
K

177 matches found

CVE
CVE
added 2019/10/14 2:7 p.m.75 views

CVE-2019-17575

CVE-2019-17575 applies to WBCE CMS 1.4.0 and earlier. A vulnerability in the admin/media/rename.php file forms a file-rename filter bypass, enabling an authenticated admin to rename a media file and extension in a way that results in executing arbitrary PHP code on the server. The documented exam...

7.2CVSS7.2AI score0.01437EPSS
Exploits1References1Affected Software1
Veracode
Veracode
added 2019/08/20 12:10 a.m.61 views

Information Disclosure

php is vulnerable to information disclosire. File rename across filesystems may allow unintended access to the file being renamed while the process is on-going...

7.5CVSS2.4AI score0.07347EPSS
Exploits0References16Affected Software2
RedHat Linux
RedHat Linux
added 2019/08/19 8:42 a.m.3 views

php: File rename across filesystems may allow unwanted access during processing

An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to...

7.5CVSS7.2AI score0.07347EPSS
Exploits0References4
OSV
OSV
added 2019/08/02 5:15 p.m.2 views

CVE-2017-18449

cPanel before 64.0.21 allows certain file-rename operations in the context of the root account via scripts/convertroundcubemysql2sqlite SEC-254...

5.5CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2019/08/02 5:15 p.m.17 views

CVE-2017-18449

cPanel before 64.0.21 allows certain file-rename operations in the context of the root account via scripts/convertroundcubemysql2sqlite SEC-254...

5.5CVSS5.6AI score0.0034EPSS
Exploits0References2
Prion
Prion
added 2019/08/02 5:15 p.m.24 views

Code injection

cPanel before 64.0.21 allows certain file-rename operations in the context of the root account via scripts/convertroundcubemysql2sqlite SEC-254...

2.1CVSS5.5AI score0.0034EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/08/02 4:23 p.m.18 views

CVE-2017-18449

cPanel before 64.0.21 allows certain file-rename operations in the context of the root account via scripts/convertroundcubemysql2sqlite SEC-254...

5.6AI score0.0034EPSS
Exploits0References1
CVE
CVE
added 2019/08/02 4:23 p.m.45 views

CVE-2017-18449

CVE-2017-18449 affects cPanel prior to 64.0.21. The issue enables certain file-rename operations in the context of the root account via scripts/convert_roundcube_mysql2sqlite (SEC-254). The vulnerability is caused by insufficient validation of file rename actions within the specified script path,...

5.5CVSS5.5AI score0.0034EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2019/08/01 2:15 p.m.21 views

CVE-2018-20893

cPanel before 74.0.0 allows file-rename operations during account renames SEC-442...

2.3CVSS3.9AI score0.00347EPSS
Exploits0References2
OSV
OSV
added 2019/08/01 2:15 p.m.2 views

CVE-2018-20893

cPanel before 74.0.0 allows file-rename operations during account renames SEC-442...

2.3CVSS5.8AI score0.00347EPSS
Exploits0References2
Prion
Prion
added 2019/08/01 2:15 p.m.17 views

Design/Logic Flaw

cPanel before 74.0.0 allows file-rename operations during account renames SEC-442...

2.1CVSS4.2AI score0.00347EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/08/01 1:10 p.m.23 views

CVE-2018-20893

cPanel before 74.0.0 allows file-rename operations during account renames SEC-442...

3.9AI score0.00347EPSS
Exploits0References1
CVE
CVE
added 2019/08/01 1:10 p.m.39 views

CVE-2018-20893

Affected software: cPanel. Vulnerability: core issue allows file-rename operations during account renames (SEC-442) prior to version 74.0.0. Root cause details are not expanded beyond this description in the provided documents. Impact: exposes unintended file-rename behavior during account rename...

2.3CVSS4.2AI score0.00347EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/03/13 12:0 a.m.5 views

The vulnerability of the ext4_xattr_set_entry() function in the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the ext4xattrsetentry function in the Linux operating system is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to cause a service failure during the renaming of a file in a specially created ext4 file system image...

7.8CVSS6.4AI score0.00861EPSS
Exploits1References40Affected Software1
OSV
OSV
added 2019/03/09 12:29 a.m.48 views

CVE-2019-9637

An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to...

7.5CVSS9.3AI score
Exploits0References15
AlpineLinux
AlpineLinux
added 2019/03/08 11:0 p.m.48 views

CVE-2019-9637

An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to...

7.5CVSS8.6AI score0.07347EPSS
Exploits0
CNVD
CNVD
added 2019/02/09 12:0 a.m.3 views

Unspecified Vulnerability in WordPress Media File Manager

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.Media File Manager plugin is a media library folder/category management plugin used in it. An unspecified vulnerability exis...

5.3CVSS6.8AI score0.10005EPSS
Exploits2References1
RedHat Linux
RedHat Linux
added 2018/10/30 10:4 a.m.7 views

kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4xattrsetentry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image...

7.8CVSS7AI score0.00861EPSS
Exploits1References4
Packet Storm
Packet Storm
added 2018/09/27 12:0 a.m.51 views

AppArmor Filesystem Blacklisting Bypass

AppArmor: filesystem blacklisting can be bypassed by moving parents Some AppArmor policies attempt to blacklist access to specific directories while broadly granting write access to everything else. For example, the Firefox profile uses the user-files abstraction, which broadly permits write acce...

0.2AI score
Exploits0
CNVD
CNVD
added 2018/09/03 12:0 a.m.5 views

Google gVisor File Renaming Vulnerability

gVisor is Google's open source new sandbox container runtime environment . A file renaming vulnerability exists in Google gVisor. The vulnerability stems from Google gVisor's seccomp sandbox allowing access to the renameat system call. An attacker could exploit this vulnerability to rename files ...

7.1CVSS6.6AI score0.00452EPSS
Exploits0References1
Rows per page
Query Builder