Design/Logic Flaw

ZTE OTCP product is impacted by a permission and access control vulnerability. Due to improper permission settings, an attacker with high permissions could use this vulnerability to maliciously delete and modify files...

CVE-2022-23143

ZTE OTCP product is impacted by a permission and access control vulnerability. Due to improper permission settings, an attacker with high permissions could use this vulnerability to maliciously delete and modify files...

CVE-2022-23143

ZTE OTCP product is impacted by a permission and access control vulnerability. Due to improper permission settings, an attacker with high permissions could use this vulnerability to maliciously delete and modify files...

ZTE OTCP 安全漏洞

ZTE OTCP is a set of next-generation network management platform products from ZTE Corporation ZTE in China. ZTE OTCP has a privilege and access control vulnerability, which originates from improper privilege settings and can be exploited by attackers to maliciously delete and modify files...

CryWiper Masquerading as Ransomware to Target Russian Courts

By Deeba Ahmed CryWiper showcases ransomware-like features, such as file modification, adding a .CRY extension to the files, leaving a ransom note, etc. This is a post from HackRead.com Read the original post: CryWiper Masquerading as Ransomware to Target Russian Courts...

WordPress Simple:Press plugin arbitrary file modification vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An arbitrary file...

QTIWorks 路径遍历漏洞

QTIWorks is a standards-based evaluation delivery software suite from Dave McKain's personal developer. A security vulnerability exists in versions of QTIWorks prior to QTIWorks 1.0-beta15 that stems from allowing users to upload QTI content packages as ZIP files, where the ZIP processing code do...

CVE-2022-22248 Junos OS Evolved: Incorrect file permissions can allow low-privileged user to cause another user to execute arbitrary commands

An Incorrect Permission Assignment vulnerability in shell processing of Juniper Networks Junos OS Evolved allows a low-privileged local user to modify the contents of a configuration file which could cause another user to execute arbitrary commands within the context of the follow-on user's...

CVE-2022-3124

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server...

CVE-2022-34429

Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification...

Stack overflow

A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file. This vulnerability can only be exploited by chaining it with another...

CVE-2022-27593

An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later...

CVE-2022-27593

An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later...

CVE-2022-30298

An improper privilege management vulnerability CWE-269 in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system files via another, unrelated and hypothetical exploit to execute arbitrary Python commands as root...

FortiADC -- Read-Only user able to modify system files

An improper privilege management vulnerability CWE-269 in FortiADC may allow a remote authenticated attacker with restricted user profile to modify the system files using the shell access...

Fortinet FortiADC 安全漏洞

Fortinet FortiADC is an application delivery controller from Fortinet, Inc. Fortinet FortiADC is vulnerable to an authorization issue, which stems from improper privilege management. An attacker could exploit the vulnerability to modify system files using a shell...

CVE-2021-31566

An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. ...

McAfee Security Scan Plus 安全漏洞

McAfee Security Scan Plus MSS+ is a tool from McAfee, Inc. that protects computers from spyware and viruses. A security vulnerability exists in versions of McAfee Security Scan Plus MSS+ prior to 4.1.262.1, which stems from a faulty privilege management that could allow a local user to modify...

CVE-2022-35954 Delimiter injection vulnerability in @actions/core exportVariable

The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The core.exportVariable function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write untrusted values t...

Exploit for CVE-2022-30190

CVE-2022-30190EXPPowerPoint This is exploit of CVE-2022-301...