F5 BIG-IP Permission License and Access Control Issues Vulnerability (CNVD-2019-32034)

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A vulnerability exists in F5 BIG-IP with privilege permission and access control issues. An attacker can exploit this...

HP Support Assistant elevation of privilege vulnerability (CNVD-2019-23307)

HP Support Assistant is a utility program included in all HP computers to diagnose technical problems and manage updates. An elevation of privilege vulnerability exists in HP Support Assistant 8.7.50 and earlier versions. An attacker could use this vulnerability to gain system privileges and make...

CVE-2019-6328

HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6329...

CVE-2019-6328

CVE-2019-6328 affects HP Support Assistant 8.7.50 and earlier. Connected exploit details describe a local privilege escalation via the HP Support Framework service: the HPSAObjUtil8 component changes permissions of XML files under C:\ProgramData\Hewlett-Packard\HP Support Framework\Logs\Temp\HPSA...

CVE-2019-6328

HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6329...

HPSBGN03620 rev. 4 - HP Support Assistant Escalation of Privilege Vulnerability

Potential Security Impact Elevation of privilege and unauthorized modification of directories or files. Source: HP, HP Product Security Response Team PSRT Reported by: Philippe Laulheret McAfee Advanced Threat Research, ManhNDd Bkav Corporation VULNERABILITY SUMMARY The vulnerability allows a use...

CVE-2019-12289

An issue was discovered in upgradefirmware.cgi on VStarcam 100T C7824WIP CH-sys-48.53.75.119123 and 200V C38S CH-sys-48.53.203.119123 devices. A remote command can be executed through a system firmware update without authentication. The attacker can modify the files within the internal firmware o...

Command injection

An issue was discovered in upgradefirmware.cgi on VStarcam 100T C7824WIP CH-sys-48.53.75.119123 and 200V C38S CH-sys-48.53.203.119123 devices. A remote command can be executed through a system firmware update without authentication. The attacker can modify the files within the internal firmware o...

Denial Of Service

wildfly is vulnerable to denial of service attacks. Locally authenticated attacker could modify the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root...

kernel: userfaultfd bypasses tmpfs file permissions

A flaw was found in the Linux kernel with files on tmpfs and hugetlbfs. An attacker is able to bypass file permissions on filesystems mounted with tmpfs/hugetlbs to modify a file and possibly disrupt normal system behavior. At this time there is an understanding there is no crash or privilege...

CVE-2019-5585

An improper access control vulnerability in FortiClientMac before 6.0.5 may allow an attacker to affect the application's performance via modifying the contents of a file used by several FortiClientMac processes...

CVE-2019-5585

An improper access control vulnerability in FortiClientMac before 6.0.5 may allow an attacker to affect the application's performance via modifying the contents of a file used by several FortiClientMac processes...

Improper access control

An improper access control vulnerability in FortiClientMac before 6.0.5 may allow an attacker to affect the application's performance via modifying the contents of a file used by several FortiClientMac processes...

CVE-2019-5585

An improper access control vulnerability in FortiClientMac before 6.0.5 may allow an attacker to affect the application's performance via modifying the contents of a file used by several FortiClientMac processes...

CVE-2019-3827

CVE-2019-3827 affects gvfs prior to 1.39.4. A flawed permission check in the admin backend allows reading and modifying arbitrary files by privileged users when no authentication agent is running, enabling local privilege escalation under certain system configurations. Multiple connected advisori...

elFinder PHP Connector < 2.1.48 - exiftran Command Injection Exploit

This Metasploit module exploits a command injection vulnerability in elFinder versions prior to 2.1.48. The PHP connector component allows unauthenticated users to upload files and perform file modification operations, such as resizing and rotation of an image. The file name of uploaded files is...

Tar: Denial of service

Background The Tar program provides the ability to create and manipulate tar archives. Description The sparsedumpregion function in sparse.c file in Tar allows an infinite loop using the --sparse option. Impact A local attacker could cause a Denial of Service condition by modifying a file that is...

Arbitrary File Modification

github.com/go-gitea/gitea is vulnerable to arbitrary file deletion. The vulnerability exists due to a lack of check on file path values, allowing DeleteFilePost to cause arbitrary deletion, and EditFilePost/UploadFilePost to cause arbitrary file modification...

The vulnerability of the Vim text editor on the Astra Linux operating system allows a hacker to circumvent the restrictions imposed by the given security policy.

The vulnerability of the Vim text editor in the Astra Linux operating system is related to the improper saving of security attributes when files are modified. Exploiting this vulnerability allows an attacker to circumvent the security restrictions imposed by the specified security policy...

The vulnerability of the programmatically defined Cisco SD-WAN network, which arises due to insufficient validation of input data, allows a hacker to modify arbitrary files and increase their privileges.

The vulnerability of the programmatically defined Cisco SD-WAN network exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to modify arbitrary files and elevate their privileges to root by changing the “save” command in the command interface...