CVE-2020-7518

CVE-2020-7518 affects Schneider Electric Easergy Builder (versions 1.4.7.2 and older). The vulnerability is caused by improper input validation (CWE-20) that could allow an attacker to modify project configuration files. The Red Hat, CNVD, and NVD entries align on the same vulnerability descripti...

Security Update for Microsoft SharePoint Foundation 2013 (KB4484448) farm-deployment

A security vulnerability exists in Microsoft SharePoint Foundation 2013 that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability...

Code injection

Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download...

CVE-2020-14971

Pi-hole through 5.0 allows code injection in piholedhcp the Static DHCP Leases section by modifying Teleporter backup files and then restoring them. This occurs in settings.php. To exploit this, an attacker would request a backup of limited files via teleporter.php. These are placed into a .tar.g...

Code injection

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 an...

Monstra CMS Operating System Command Injection Vulnerability

Monstra CMS is a lightweight PHP-based content management system CMS by Ukrainian software developer Sergey Romanenko. A security vulnerability exists in Monstra CMS version 3.0.4. The vulnerability can be exploited to execute arbitrary OS commands by modifying the .chunk.php file...

CVE-2019-20837

An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It allows signature validation bypass via a modified file or a file with non-standard signatures...

Cisco IOx Application Framework Input Validation Error Vulnerability

Cisco Iox is the U.S. Cisco Cisco a combination of Cisco IOS and Linux OS for secure network connectivity and the development of IOT applications for secure development environment. An input validation error vulnerability exists in Cisco IOx Application Framework versions prior to 1.9.0, which...

CVE-2020-3238

A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient input...

CVE-2020-3238

A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient input...

Cisco IOx Application Framework Arbitrary File Creation Vulnerability

A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient input...

Arbitrary File Modification Vulnerability in WMCMS

WMCMS is based on PHP + MYSQL as the core development, free + open source professional Chinese labeling system. WMCMS arbitrary file modification vulnerability, an attacker can use the vulnerability to modify any file...

Cisco Webex Teams Logging Feature Command Execution Vulnerability

According to its self-reported version, Cisco Webex Teams client for Windows is affected by a command execution vulnerability due to improper restrictions on software logging features. An unauthenticated, remote attacker could exploit this vulnerability by convincing a targeted user to visit a...

Access Control Error Vulnerability in Multiple ABB Products

ABB OPCServer for AC800M and others are products of ABB Switzerland.ABB OPCServer for AC800M is an OPC OLE for Process Control server for AC800M.Control Builder M Professional is a Compact Control Builder. MMSServer for AC800M is an MMS server for AC800M. An Access Control Error vulnerability...

CVE-2020-8961

An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825. The Self-Protection feature does not prohibit a write operation from an external process. Thus, code injection can be used to turn off this feature. After that, one can construct an event that will modify a file at a specific...

Design/Logic Flaw

An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their...

cPanel File Modification Vulnerability

cPanel is a set of Web-based host control management system of the U.S. cPanel. A file modification vulnerability exists in cPanel versions prior to 84.0.20. An attacker can use a demo account to exploit this vulnerability to modify files via Branding API calls...

CVE-2020-10118

cPanel before 84.0.20 allows a demo account to modify files via Branding API calls SEC-543...

CVE-2020-10118

CVE-2020-10118 affects cPanel before 84.0.20 via the Branding API, where a demo account can modify files. The Red Hat/CNVD entries corroborate the same issue (file modification via Branding API). The vulnerability is tied to cPanel’s Branding API handling, enabling unauthorized file changes with ...

Hubei Tao code thousand dimensional information technology limited company gold micro cell phone mall system exists arbitrary file modification vulnerability

Jinwei mobile mall system is suitable for micro-business customers with public number, imitating the page layout of the hand Tao, support embedded video playback. Support customized model specifications, the main specifications support attached pictures, each subdivided model support inventory...