CVE-2019-19699

There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software through 19.10 via Pollers misconfiguration, leading to system compromise via apache crontab misconfiguration, This allows the apache user to modify an executable file executed by root at 22:30 every day. T...

CVE-2018-20888

cPanel before 74.0.0 allows file modification in the context of the root account because of incorrect HTTP authentication SEC-424...

CVE-2019-19695

A privilege escalation vulnerability in Trend Micro Antivirus for Mac 2019 v9.0.1379 and below could potentially allow an attacker to create a symbolic link to a target file and modify it...

CVE-2017-14610

bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root scrip...

CVE-2018-15906

SolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code by leveraging the Import feature and modifying a CSV file...

CVE-2018-20605

imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify the boot/bootskip.php file...

CVE-2011-4044

An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to modify files via calls to unknown methods...

CVE-2012-4121

Cisco NX-OS allows local users to gain privileges, and read or modify arbitrary files, via the sed 1 r and 2 w commands, aka Bug IDs CSCts56559, CSCts56565, CSCts56570, and CSCts56574...

CVE-2010-4068

Unspecified vulnerability in the Extension Manager in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allows remote authenticated administrators to read and possibly modify arbitrary files via a crafted parameter, a different vulnerability than CVE-2010-3714...

CVE-2012-5969

Multiple directory traversal vulnerabilities on the Huawei E585 device allow remote attackers to 1 read arbitrary files via a .. dot dot in the PATHINFO of an sdcard/ request or 2 modify arbitrary files via a .. dot dot in the reqpage parameter to en/sms.cgi...

CVE-2005-0576

Unknown vulnerability in Standard Type Services Framework STSF Font Server Daemon stfontserverd in Solaris 9 allows local users to modify or delete arbitrary files...

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition during the image unpack process. An attacker can modify the host file system by exploiting the time gap between checking and using a file or resource. Workarounds 1. Verify image integrity...

CVE-2025-48017

Improper limitation of pathname in Circuit Provisioning and File Import applications allows modification and uploading of files...

CVE-2025-48017

CVE-2025-48017 concerns an improper pathname restriction in Schweitzer Engineering Laboratories’ SEL Series software, specifically within the Circuit Provisioning and File Import applications . The root cause is a lax restriction on pathnames that can permit modification and uploading of files, p...

Rapid7 AppSpider Pro 安全漏洞

Rapid7 AppSpider Pro is a dynamic application security testing solution from Rapid7, Inc. that allows you to scan Web and mobile applications for vulnerabilities. A security vulnerability exists in Rapid7 AppSpider Pro versions prior to 7.5.018, which stems from a ScanName field stored cross-site...

CVE-2025-4447

A flaw was found in Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8. A stack based buffer overflow can be caused by modifying a file on disk that is read when the JVM starts...

CVE-2024-6648 Path Traversal in AP Page Builder

Absolute Path Traversal vulnerability in AP Page Builder versions prior to 4.0.0 could allow an unauthenticated remote user to modify the 'productitempath' within the 'config' JSON file, allowing them to read any file on the system...

CVE-2025-1056

Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location. Axis has released a patched version...

CVE-2025-1056

Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location. Axis has released a patched version...

CVE-2025-1056

Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location. Axis has released a patched version...