PYSEC-2019-125

Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\SYSTEM. This could lead to denial of service, elevation of privilege, or unspecified other impact...

CVE-2019-16941

NSA Ghidra through 9.0.4, when experimental mode is enabled, allows arbitrary code execution if the Read XML Files feature of Bit Patterns Explorer is used with a modified XML document. This occurs in Features/BytePatterns/src/main/java/ghidra/bitpatterns/info/FileBitPatternInfoReader.java. An...

DEBIAN-CVE-2019-3689

The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and managed by root. If...

MGASA-2019-0263 Updated sympa packages fix security vulnerability

Updated sympa packages fix security vulnerability: Michael Kaczmarczik discovered a vulnerability in the web interface template editing function of Sympa, a mailing list manager. Owner and listmasters could use this flaw to create or modify arbitrary files in the server with privileges of sympa...

CVE-2019-1939

A vulnerability in the Cisco Webex Teams client for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. This vulnerability is due to improper restrictions on software logging features used by the application on Windows operating systems. An...

Design/Logic Flaw

A vulnerability in the Cisco Webex Teams client for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. This vulnerability is due to improper restrictions on software logging features used by the application on Windows operating systems. An...

Cisco Webex Teams Injection Vulnerability

Cisco Webex Teams is a team collaboration application from Cisco USA. The program includes video conferencing, group messaging and file sharing features. An injection vulnerability exists in Cisco Webex Teams. A remote attacker could exploit this vulnerability to modify files and execute arbitrar...

CVE-2019-1973

A vulnerability in the web portal framework of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to improper input validation of log file...

Unrestricted file upload

A file upload restriction bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to the import feature can make modifications to a configuration file, resulting in potentially unauthorized removal o...

Code injection

It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local...

CVE-2018-20892

cPanel before 74.0.0 allows arbitrary zone file modifications because of incorrect CAA record handling SEC-439...

CVE-2018-20888

cPanel before 74.0.0 allows file modification in the context of the root account because of incorrect HTTP authentication SEC-424...

CVE-2018-20888

cPanel before 74.0.0 allows file modification in the context of the root account because of incorrect HTTP authentication SEC-424...

Authentication flaw

cPanel before 74.0.0 allows file modification in the context of the root account because of incorrect HTTP authentication SEC-424...

CVE-2018-20888

CVE-2018-20888 affects cPanel prior to 74.0.0, where an incorrect HTTP authentication context allows file modification by the root account. This is a local vulnerability with impact on integrity (as per the mounted CVSS data) and does not appear to have publicly documented exploitation details or...

CVE-2018-20888

cPanel before 74.0.0 allows file modification in the context of the root account because of incorrect HTTP authentication SEC-424...

cPanel Access Control Error Vulnerability

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. An access control error vulnerability exists in cPanel versions prior to 80.0.5, which can be exploited by an attacker to modify...

CVE-2019-14397

cPanel before 80.0.5 allows demo accounts to modify arbitrary files via the extractfile API1 call SEC-496...

CVE-2019-14397

cPanel before 80.0.5 allows demo accounts to modify arbitrary files via the extractfile API1 call SEC-496...

The vulnerability of the virDomainManagedSaveDefineXML function in the libvirtd library allows a hacker to modify any files they desire.

The vulnerability of the virDomainManagedSaveDefineXML function in the libvirtd library is related to access control deficiencies. Exploiting this vulnerability could allow an attacker to modify arbitrary files by sending a specially crafted request...