7184 matches found
CVE-2019-3970
Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Arbitrary File Write due to Cavwp.exe handling of Comodo's Antivirus database. Cavwp.exe loads Comodo antivirus definition database in unsecured global section objects, allowing a local low privileged process to modify this data direct...
CVE-2019-3970
Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Arbitrary File Write due to Cavwp.exe handling of Comodo's Antivirus database. Cavwp.exe loads Comodo antivirus definition database in unsecured global section objects, allowing a local low privileged process to modify this data direct...
Code injection
Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Arbitrary File Write due to Cavwp.exe handling of Comodo's Antivirus database. Cavwp.exe loads Comodo antivirus definition database in unsecured global section objects, allowing a local low privileged process to modify this data direct...
CVE-2019-3970
CVE-2019-3970 affects Comodo Antivirus up to 12.0.0.6810. The vulnerability arises from Cavwp.exe loading the antivirus definition database into unsecured global section objects, enabling a local, low-privileged process to modify the in-memory data and alter virus signatures. Impact described in ...
CVE-2019-3970
Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Arbitrary File Write due to Cavwp.exe handling of Comodo's Antivirus database. Cavwp.exe loads Comodo antivirus definition database in unsecured global section objects, allowing a local low privileged process to modify this data direct...
CVE-2019-10352
A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary fil...
CVE-2019-10352
A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary fil...
Path traversal
A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary fil...
CVE-2019-10352
CVE-2019-10352 describes a path-traversal flaw in Jenkins core up to version 2.185 and LTS up to 2.176.1, in FileParameterValue.java, allowing attackers with Job/Configure permission to define a file parameter whose name escapes the intended directory. This can lead to arbitrary file writes on th...
EUVD-2022-5019
A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary fil...
CVE-2019-10352
A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary fil...
File Write Vulnerability in Ziggy's Fortress
Zhejiang Qiji Technology Co., Ltd. is a company mainly engaged in computer hardware and software, network products, technology development and other projects. A file write vulnerability exists in Qiji Fortress, which can be exploited by an attacker to gain control of a web server...
Unspecified vulnerability in deepin-clone (CNVD-2019-23972)
deepin-clone is a disk and partition backup/recovery tool. A security vulnerability exists in deepin-clone versions prior to 1.1.3. An attacker can exploit the vulnerability to create or overwrite files at arbitrary locations on the file system...
Unspecified vulnerability in deepin-clone (CNVD-2019-23981)
deepin-clone is a disk and partition backup/recovery tool. A security vulnerability exists in deepin-clone versions prior to 1.1.3. An attacker can exploit the vulnerability to create or overwrite files anywhere on the file system...
CVE-2019-1894 Cisco Enterprise NFV Infrastructure Software Arbitrary File Read and Write Vulnerability
A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker with administrator privileges to overwrite or read arbitrary files on the underlying operating system OS of an affected device. The vulnerability is due to improper input validation...
CVE-2019-1894 Cisco Enterprise NFV Infrastructure Software Arbitrary File Read and Write Vulnerability
A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker with administrator privileges to overwrite or read arbitrary files on the underlying operating system OS of an affected device. The vulnerability is due to improper input validation...
File write vulnerability in YzmCmsV5.3 backend
YzmCMS is a lightweight and open source content management system based on PHP+Mysql architecture, running on Linux, Windows, MacOSX, Solaris and other platforms. YzmCmsV5.3 backend file writing vulnerability , attackers can exploit the vulnerability can be obtained server privileges...
UBUNTU-CVE-2019-13241
FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ dot dot slash in a ZIP archive entry that is mishandled during extraction...
Cisco Enterprise NFV Infrastructure Software Arbitrary File Read and Write Vulnerability
A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker with administrator privileges to overwrite or read arbitrary files on the underlying operating system OS of an affected device. The vulnerability is due to improper input validation...
File Write Vulnerability in Deep Throat CMS v4.2
DeepThroat CMS is a set of web tool software, mainly used for small and medium-sized web site construction and management. A file write vulnerability exists in Deep Throat CMS v4.2, which can be exploited by attackers to gain control of a web server...