CVE-2018-18812

The CVE-2018-18812 vulnerability affects TIBCO Spotfire Analytics Platform for AWS Marketplace (and TIBCO Spotfire Server) when using external storage for the Spotfire Library. The issue may theoretically allow users with read-only access to modify files stored in the Spotfire Library, under affe...

CleanMyMac X removeDiagnosticLogs privilege escalation vulnerability

Summary The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access can use this vulnerability to modify the file system as root. Tested Versions Clean My Mac X 4.04 Product URLs https://macpaw.com/cleanmymac...

imcat Arbitrary PHP Code Execution Vulnerability

imcat is a PHP-based open source website building system . A security vulnerability exists in imcat version 4.4. Remote attackers can use root/run/adm.php file to modify the boot/bootskip.php file to exploit the vulnerability to execute arbitrary PHP code...

The vulnerability of the Cisco Digital Network Architecture (DNA) Center’s network management system is related to the insecure default configuration settings. This allows attackers to bypass authentication procedures, gain access to system files, and modify them.

The vulnerability of the Cisco Digital Network Architecture DNA Center network management system arises from insecure default configuration settings. Exploiting this vulnerability could allow a malicious actor to bypass authentication procedures, gain access to system files, and modify them...

Design/Logic Flaw

In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file...

CVE-2017-1418

CVE-2017-1418 affects IBM Integration Bus and WebSphere Message Broker, with insecure file permissions on certain files that allow a local attacker to modify or delete them. Affected products/versions per the sources: IBM Integration Bus V10.0.0.0–10.0.0.11 and V9.0.0.0–9.0.0.10; WebSphere Messag...

Code injection

IBM Integration Bus 9.0.0.0, 9.0.0.11, 10.0.0.0, and 10.0.0.14 including IBM WebSphere Message Broker 8.0.0.0 and 8.0.0.9 has insecure permissions on certain files. A local attacker could exploit this vulnerability to modify or delete these files with an unknown impact. IBM X-Force ID: 127406...

Apple macOS file modification vulnerability

macOS is Apple's proprietary operating system for the Mac line of products. A file modification vulnerability exists in the EFI component in Apple macOS High Sierra 10.13.6, macOS Mojave 10.14. A local user can exploit the vulnerability to modify protected portions of the file system...

Photo Nettoyeur 1.4.5 Insecure File Permission Vulnerability

Exploit for windows platform in category local exploits i?-------------------------------------------------------- Exploit Title: Photo Nettoyeur 1.4.5 - Insecure File Permission Exploit Author : ZwX Vendor Homepage : http://www.marseillesoft.com/ Link Software :...

CVE-2018-14808

Emerson AMS Device Manager (AMS DM) versions 12.0–13.5 are affected by CVE-2018-14808 (CWE-269). The root cause is improper privilege management, allowing non-administrative users to overwrite or modify executable and library files, potentially impacting integrity and availability as per NVD/ICS ...

CVE-2018-14808

Emerson AMS Device Manager v12.0 to v13.5. Non-administrative users are able to change executable and library files on the affected products...

HPE enhanced Internet Usage Manager Arbitrary File Modification Vulnerability

HPE enhanced Internet Usage Manager eIUM is a real-time billing platform from Hewlett Packard Enterprise HPE, USA. The platform provides features such as charge control and session management. An arbitrary file modification vulnerability exists in HPE eIUM version 9.0FP1 including other user...

CVE-2018-7109

HPE has addressed a remote arbitrary file modification vulnerability in HPE enhanced Internet Usage Manager eIUM v9.0FP1 with the cumulative patch for v9.0FP1 - eIUM90FP01XXX.YYYYMMDD-HHMM...

CVE-2018-7109

HPE has addressed a remote arbitrary file modification vulnerability in HPE enhanced Internet Usage Manager eIUM v9.0FP1 with the cumulative patch for v9.0FP1 - eIUM90FP01XXX.YYYYMMDD-HHMM...

CVE-2018-7102

A security vulnerability in HPE Intelligent Management Center iMC PLAT E0506P09, createFabricAutoCfgFile could be remotely exploited via directory traversal to allow remote arbitrary file modification...

Directory traversal

A security vulnerability in HPE Intelligent Management Center iMC PLAT E0506P09, createFabricAutoCfgFile could be remotely exploited via directory traversal to allow remote arbitrary file modification...

CVE-2018-7102

A security vulnerability in HPE Intelligent Management Center iMC PLAT E0506P09, createFabricAutoCfgFile could be remotely exploited via directory traversal to allow remote arbitrary file modification...

CVE-2018-7109

HPE has addressed a remote arbitrary file modification vulnerability in HPE enhanced Internet Usage Manager eIUM v9.0FP1 with the cumulative patch for v9.0FP1 - eIUM90FP01XXX.YYYYMMDD-HHMM...

CVE-2018-7102

A security vulnerability in HPE Intelligent Management Center iMC PLAT E0506P09, createFabricAutoCfgFile could be remotely exploited via directory traversal to allow remote arbitrary file modification...

CVE-2018-7109

HPE eIUM (enhanced Internet Usage Manager), a real-time billing platform, is affected by CVE-2018-7109. The vulnerability is described as a remote arbitrary file modification vulnerability in eIUM v9.0FP1 (and related 9.0 FP01-based builds). The root cause details are not fully disclosed in the p...