6887 matches found
Microsoft Visual Studio Privilege Mobilization Vulnerability (CNVD-2020-24130)
Microsoft Visual Studio is a family of development tool suites from Microsoft and a largely complete set of development tools that includes most of the tools needed throughout the software lifecycle. A lift vulnerability exists in Microsoft Visual Studio that stems from a failure of the Updater...
Microsoft Windows Defender Antimalware Platform Elevation of Privilege Vulnerability
Microsoft Windows Defender Antimalware Platform is a suite of anti-malware platforms from Microsoft USA. A security vulnerability exists in Microsoft Windows Defender Antimalware Platform, which stems from the program's inability to handle hard-coded links. An attacker could exploit the...
Microsoft Windows Connected User Experiences and Telemetry Service elevation of privilege vulnerability (CNVD-2020-32585)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, U.S.A. Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system.Connected User Experiences and Telemetry Service is one of the components that can...
SAP Netweaver Path Traversal Vulnerability
SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A path traversal vulnerability exists in SAP NetWeaver Knowledge Management, which results from the program...
buildah: Crafted input tar file may lead to local file overwrite during image build process
A path traversal flaw was found in Buildah. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTPs server and then write files to the user's system anywhere that the user has permissions...
OneDrive for Windows Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file with an elevated status. To exploit this vulnerability, an attacker would...
Vastgota-Data ProVide Path Traversal Vulnerability
Vastgota-Data ProVide is a file transfer server with a graphical user interface from Vastgota-Data, Sweden. A security vulnerability exists in ajax/ImportCertificate in Vastgota-Data ProVide 13.1 and earlier versions. An attacker can exploit the vulnerability to load an arbitrary certificate in...
CVE-2020-11705
An issue was discovered in ProVide formerly zFTPServer through 13.1. /ajax/ImportCertificate allows an attacker to load an arbitrary certificate in .pfx format or overwrite arbitrary files via the fileName parameter...
CVE-2020-11705
The CVE-2020-11705 issue affects ProVide (formerly zFTPServer)
Arbitrary File Overwrite
php is vulnerable to arbitrary file overwrite. The vulnerability exists as an off-by-one flaw was found in PHP. If an attacker uploaded a file with a specially-crafted file name it could cause a PHP script to attempt to write a file to the root / directory. By default, PHP runs as the "apache"...
Arbitrary File Overwrite
gcc is vulnerable to arbitrary file overwrite. The vulnerability exists through two directory traversal flaws were found in the way fastjar extracted JAR archive files. If a local, unsuspecting user extracted a specially-crafted JAR file, it could cause fastjar to overwrite arbitrary files writab...
Arbitrary File Overwrite
gcc is vulnerable to arbitrary file overwrite. The vulnerability exists through two directory traversal flaws were found in the way fastjar extracted JAR archive files. If a local, unsuspecting user extracted a specially-crafted JAR file, it could cause fastjar to overwrite arbitrary files writab...
Arbitrary File Overwrite
fence is vulnerable to arbitrary file overwrite. The pservershutdown function in fenceegenera allows local users to overwrite arbitrary files via a symlink attack on the /tmp/eglog temporary file...
File Overwrite
firefox is vulnerable to file overwrite. The vulnerability exists as a flaw was found in the way Firefox creates temporary file names for downloaded files. If a local attacker knows the name of a file Firefox is going to download, they can replace the contents of that file with arbitrary contents...
Arbitrary File Overwrite
cman is vulnerable to arbitrary file overwrites. The vulnerability exists as multiple insecure temporary file use flaws were found in fenceapcsnmp and ccstool. A local attacker could use these flaws to overwrite an arbitrary file writable by a victim running those utilities typically root with th...
Arbitrary File Overwrite
openswan is vulnerable to arbitrary file overwrite. The vulnerability exists as Openswan's livetest script created temporary files in an insecure manner. A local attacker could use this flaw to overwrite arbitrary files owned by the user running the script...
Arbitrary File Overwrite
xen is vulnerable to arbitrary file overwrite. The vulnerability exists as it was discovered that the qemu-dm.debug script created a temporary file in /tmp in an insecure way. A local attacker in Dom0 could, potentially, use this flaw to overwrite arbitrary files via a symlink attack...
Arbitrary File Overwrite
setroubleshoot is vulnerable to arbitrary file overwrite. The vulnerability exists as a flaw was found in the way sealert wrote diagnostic messages to a temporary file. A local unprivileged user could perform a symbolic link attack, and cause arbitrary files, writable by other users, to be...
Arbitrary File Overwrite
tar is vulnerable to arbitrary file overwrite. The vulnerability exists as a path traversal flaw was discovered in the way GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar had write access...
Arbitrary File Overwrite
coolkey is vulnerable to arbitrary file overwrite. A local attacker could perform a symlink attack and cause arbitrary files to be overwritten...