CVE-2020-3763

Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to arbitrary file system write...

CVE-2020-3762

Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to arbitrary file system write...

Symantec Endpoint Protection Client 14.x < 14.2.5569.2100 Multiple Vulnerabilities (SYMSA1505)

The version of Symantec Endpoint Protection SEP Client installed on the remote host is 14.x prior to 14.2.5569.2100. It is, therefore, affected by multiple vulnerabilities: - A privilege escalation vulnerability exists. An unauthenticated, remote attacker can exploit this to compromise the softwa...

Adobe Acrobat and Reader Elevation of Privilege Vulnerability (CNVD-2020-10135)

Adobe Acrobat is a PDF editing software developed by Adobe.Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat and Reader have an elevation of privilege vulnerability. An attacker can exploit the vulnerability to write to an arbitrary file system...

CVE-2020-5825

Symantec Endpoint Protection SEP and Symantec Endpoint Protection Small Business Edition SEP SBE, prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an arbitrary file write vulnerability, which is a type of issue whereby an attacker is able to overwrite existing...

CVE-2020-5825

Symantec Endpoint Protection SEP and Symantec Endpoint Protection Small Business Edition SEP SBE, prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an arbitrary file write vulnerability, which is a type of issue whereby an attacker is able to overwrite existing...

Arbitrary file deletion

Symantec Endpoint Protection SEP and Symantec Endpoint Protection Small Business Edition SEP SBE, prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an arbitrary file write vulnerability, which is a type of issue whereby an attacker is able to overwrite existing...

CVE-2020-5825

Symantec Endpoint Protection SEP and Symantec Endpoint Protection Small Business Edition SEP SBE, prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an arbitrary file write vulnerability, which is a type of issue whereby an attacker is able to overwrite existing...

CVE-2020-5825

CVE-2020-5825 affects Symantec Endpoint Protection (SEP) and SEP SBE prior to 14.2 RU2 MP1 (14.2.5569.2100). It is an arbitrary file write vulnerability allowing overwriting of existing files without proper privileges (local access). Remediation is to upgrade to SEP/SEP SBE 14.2 RU2 MP1 (14.2.556...

macOS 10.15.x < 10.15.3 / 10.14.x < 10.14.6 / 10.13.x < 10.13.6

The remote host is running a version of macOS / Mac OS X that is 10.15.x prior to 10.15.3, 10.13.x prior to 10.13.6, 10.14.x prior to 10.14.6. It is, therefore, affected by multiple vulnerabilities: - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain...

npm: Symlink reference outside of node_modules folder through the bin field upon installation

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...

npm: Arbitrary file write via constructed entry in the package.json bin field

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...

Apache James Server 2.3.2 Insecure User Creation Arbitrary File Write

This module exploits a vulnerability that exists due to a lack of input validation when creating a user. Messages for a given user are stored in a directory partially defined by the username. By creating a user with a directory traversal payload as the username, commands can be written to a given...

Code injection

daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool ABRT, when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on 1 /var/spool/abrt or 2 /var/tmp/abrt...

Command Execution Vulnerability in AppCMS

APPCMS is a professional APP content management system that provides a variety of extension modules, such as information, recommended positions, topics, friendly links, body internal links and so on, to help webmasters better personalize their own websites. AppCMS has a command execution...

CVE-2019-16776

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...

Yandex ClickHouse Arbitrary File Write Vulnerability

Yandex ClickHouse is a set of open source columnar databases for online analytical processing of the Russian company Yandex. A security vulnerability exists in Yandex ClickHouse versions prior to 19.14.3. An attacker can exploit this vulnerability to cause clickhouse-server to perform a write...

Design/Logic Flaw

In all versions of ClickHouse before 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the network where ClickHouse runs, can create a custom-built malicious server that will act as a ClickHouse replica and register it in ZooKeeper. When...

CVE-2019-15024

CVE-2019-15024 affects ClickHouse before 19.14.3. An attacker with write access to ZooKeeper who can run a network-accessible custom server can register a malicious replica in ZooKeeper. When another replica fetches a data part from this server, clickhouse-server can be forced to write to an arbi...

CVE-2019-16896

In K7 Ultimate Security 16.0.0117, the module K7BKCExt.dll aka the backup module improperly validates the administrative privileges of the user, allowing an arbitrary file write via a symbolic link attack with file restoration functionality...