The vulnerability of the component supported by Git-style software, the GNU Patch Unix utility for operating systems like Ubuntu and Fedora, allows a hacker to modify any files they desire.

The vulnerability of the Git-style programmatic Unix utility GNU Patch for operating systems like Ubuntu and Fedora is related to deficiencies in pathname restrictions for directories. Exploiting this vulnerability allows a malicious actor to remotely modify arbitrary files with the target user’s...

CVE-2017-14159

slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill cat /pathname" command, ...

CVE-2017-14102

MIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill cat /pathname" command, as...

Privilege escalation

Privilege escalation in Replibit Backup Manager earlier than version 2017.08.04 allows attackers to gain root privileges via sudo command execution. The vi program can be accessed through sudo, in order to navigate the filesystem and modify a critical file such as /etc/passwd...

Command injection

UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill cat /pathname" command. NOTE: t...

LvyeCms CustompageController.class.php file has a logical design flaw

LvyeCms 旅烨cms is a php content management system based on ThinkPHP. A logical design vulnerability exists in the LvyeCms CustompageController.class.php file. An attacker can exploit the vulnerability to write, modify, or delete any file in the system...

Cisco StarOS for ASR 5000 Series Routers FTP Configuration File Modification Vulnerability

A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. The vulnerability is due to the inclusion of sensitive system files within specific FTP...

CVE-2017-11746

Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a root script executes a "kill cat /pathname/tenshi.pid" command...

CVE-2017-11746

Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a root script executes a "kill cat /pathname/tenshi.pid" command...

FineCMS multi vulnerablity

Reflected XSS in getimage.php Technical Description: file /application/lib/ajax/getimage.php the $POST'id' and $POST'name' and $GET'folder' without any validated, sanitised or output encoded. Proof of ConceptPoC http://yourfinecms/application/lib/ajax/getimage.php?folder=1 POST: id=1"alert1&name=...

Improper File Validation

Drupal is vulnerable to improper file validations. The library does not validate uploaded REST files, allowing an authenticated malicious user to modify the file resource...

CVE-2017-6690

A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify arbitrary files on an affected system. More Information: CSCvd73726. Known Affected...

Cisco StarOS Arbitrary File Modification Vulnerability

A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify arbitrary files on an affected system. The vulnerability is due to insufficient input...

Unauthorized Modification of Arbitrary Files Vulnerability in 'DataBaseBackup_Edit.aspx' of MicroXia E-learning Platform

Micro Xia Online Learning Platform is an online education system based on B/S architecture. An unauthorized modification of arbitrary files vulnerability exists in 'DataBaseBackupEdit.aspx' of the Weixia Online Learning Platform. An attacker using this vulnerability to modify the db.config file i...

WordPress WP Editor plugin <= 1.2.5.3 - Authenticated File Modification Vulnerability

Authenticated File Modification Vulnerability was found in WordPress WP Editor plugin in 1.2.5.3 version. Any logged in user can edit files because there's no check for that. Solution Update the plugin...

Unspecified Vulnerability in SaltStack

SaltStack is a set of open source tools for managing infrastructure from SaltStack, Inc. in the United States. The tool provides configuration management, remote execution and other functions, able to manage tens of thousands of servers, with the ability to quickly complete the data transfer. A...

Authentication flaw

A firewall bypass vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to bypass firewall policies, leading to authentication bypass methods, information disclosure, modification of system files, and...

CVE-2017-2331

A firewall bypass vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to bypass firewall policies, leading to authentication bypass methods, information disclosure, modification of system files, and...

CentOS Update for java CESA-2017:1109 centos6

Check the version of java SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882705";...

CVE-2015-8258

AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability."...