Lucene search
K

6886 matches found

Prion
Prion
added 2020/02/27 5:15 p.m.18 views

Design/Logic Flaw

An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform. This is possible due to the ability to overwrite a file on disk which is subsequently deserialized by the Java application component...

6.5CVSS7.2AI score0.01936EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/02/27 4:23 p.m.58 views

CVE-2019-5326

CVE-2019-5326 affects Aruba Airwave VisualRF with code execution on the AMP platform due to the ability to overwrite a disk file that is later deserialized by a Java component. The vulnerability arises from improper deserialization of a file write, enabling an administrative user with write acces...

7.2CVSS7.2AI score0.01936EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2020/02/25 1:7 p.m.5 views

npm: Global node_modules Binary Overwrite

Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of...

7.7CVSS7.1AI score0.01984EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/02/24 12:55 p.m.3 views

npm: Global node_modules Binary Overwrite

Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of...

7.7CVSS7.1AI score0.01984EPSS
Exploits0References4
CNVD
CNVD
added 2020/02/24 12:0 a.m.2 views

Apple macOS Catalina PackageKit Input Validation Vulnerability Vulnerability

Apple macOS Catalina is a specialized operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in the PackageKit component of Apple macOS Catalina versions prior to 10.15.3. The vulnerability can be exploited by an attacker to overwrite arbitrary files with the...

3.6CVSS6.6AI score0.00326EPSS
Exploits0References1
CNVD
CNVD
added 2020/02/24 12:0 a.m.2 views

SmartClient File Overwrite Vulnerability

smartclient is an enterprise ajax framework , including very good UI library , tool library and client-server data binding and other features . The console functionality of SmartClient 12.0 suffers from a file overwrite vulnerability in the remote procedure call RPC saveFile provided at the...

7.5CVSS7.1AI score0.01176EPSS
Exploits1References1
OSV
OSV
added 2020/02/23 2:15 a.m.3 views

CVE-2020-9354

An issue was discovered in SmartClient 12.0. The Remote Procedure Call RPC saveFile provided by the console functionality on the /tools/developerConsoleOperations.jsp or /isomorphic/IDACall URL allows an unauthenticated attacker to overwrite files via vectors involving an XML comment and /.. path...

7.5CVSS7.2AI score0.01176EPSS
Exploits1References1
NVD
NVD
added 2020/02/23 2:15 a.m.10 views

CVE-2020-9354

An issue was discovered in SmartClient 12.0. The Remote Procedure Call RPC saveFile provided by the console functionality on the /tools/developerConsoleOperations.jsp or /isomorphic/IDACall URL allows an unauthenticated attacker to overwrite files via vectors involving an XML comment and /.. path...

7.5CVSS7.5AI score0.01176EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/02/23 1:32 a.m.21 views

CVE-2020-9354

An issue was discovered in SmartClient 12.0. The Remote Procedure Call RPC saveFile provided by the console functionality on the /tools/developerConsoleOperations.jsp or /isomorphic/IDACall URL allows an unauthenticated attacker to overwrite files via vectors involving an XML comment and /.. path...

7.5AI score0.01176EPSS
Exploits1References1
OSV
OSV
added 2020/02/21 3:15 p.m.5 views

CVE-2020-5324

Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability. The vulnerability is limited to the Dell Firmware Update Utility during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged...

4.4CVSS5.9AI score0.00252EPSS
Exploits0References1
Prion
Prion
added 2020/02/21 3:15 p.m.20 views

Arbitrary file deletion

Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability. The vulnerability is limited to the Dell Firmware Update Utility during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged...

2.6CVSS4.7AI score0.00252EPSS
Exploits0References1Affected Software113
Cvelist
Cvelist
added 2020/02/21 2:50 p.m.23 views

CVE-2020-5324

Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability. The vulnerability is limited to the Dell Firmware Update Utility during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged...

7.1CVSS6.8AI score0.00252EPSS
Exploits0References1
CVE
CVE
added 2020/02/21 2:50 p.m.87 views

CVE-2020-5324

CVE-2020-5324 describes an Arbitrary File Overwrite vulnerability in the Dell Firmware Update Utility. During the execution window by an administrator, a locally authenticated, low-privileged user could exploit a symlink attack to overwrite arbitrary files, though the vulnerability does not affec...

7.1CVSS4.7AI score0.00252EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2020/02/12 9:24 a.m.38 views

Unauthorized File Overwrite

github.com/containers/libpod is vulnerable to unauthorised file overwritten. The library fails to check if the volume is empty before copying even if the containers are mounted as read-only, allowing the existing files in the volumes to be overwritten...

5.9CVSS5AI score0.01849EPSS
Exploits0References8Affected Software2
CVE
CVE
added 2020/02/11 7:45 p.m.266 views

CVE-2020-1726

CVE-2020-1726 describes a Podman flaw where containers created with an attached volume could overwrite files in the volume, even when mounted read-only. The issue, introduced in version 1.6.0, occurs when running a malicious container or image whose volume is used for the first time, enabling tar...

5.9CVSS5.5AI score0.01849EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2020/02/11 12:0 a.m.30 views

CVE-2020-0668

An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0669, CVE-2020-0670, CVE-2020-0671, CVE-2020-0672. Recent assessments: bwatters-r7 at April 2...

7.8CVSS0.3AI score0.2605EPSS
Exploits8References5
0day.today
0day.today
added 2020/02/11 12:0 a.m.62 views

WordPress InfiniteWP Client Authentication Bypass Exploit

This Metasploit module exploits an authentication bypass in the WordPress InfiniteWP Client plugin to log in as an administrator and execute arbitrary PHP code by overwriting the file specified by PLUGINFILE. The module will attempt to retrieve the original PLUGINFILE contents and restore them...

8AI score
Exploits0
OSV
OSV
added 2020/02/07 3:15 p.m.4 views

CVE-2019-16155

A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted "BackupConfig" type IPC client requests to the fctsched process. Further more...

7.1CVSS5.9AI score0.00443EPSS
Exploits1References2
NVD
NVD
added 2020/01/30 2:15 p.m.16 views

CVE-2013-1866

OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerability...

6.3CVSS6.3AI score0.00422EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/01/29 12:0 a.m.35 views

Apple Mac OS X Security Update (HT210919 - 02)

Apple Mac OS X is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

10CVSS7.6AI score0.03243EPSS
Exploits0References1
Rows per page
Query Builder