6886 matches found
CVE-2018-1799
IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 could allow a local unprivileged user to overwrite files on the system which could cause damage to the database. IBM X-Force ID: 149429...
IBM DB2 Privilege Mobilization Vulnerability (CNVD-2018-22924)
IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBM i, z/OS, and Windows server versions. A lift vulnerability exists in all revision packages of several versions of IBM DB2 including DB2...
Cisco Prime Collaboration Assurance Arbitrary File Overwrite Vulnerability
Cisco Prime Collaboration Assurance PCA is the United States Cisco Cisco a set of enterprise collaboration network management solutions. The program supports a unified management console to simplify the management of unified communications and video collaboration network, as well as rapid...
CVE-2018-1799
Summary : IBM DB2 for Linux/UNIX/Windows (DB2 Connect Server) versions 9.7, 10.1, 10.5, and 11.1 are affected by CVE-2018-1799 due to a symbolic-link/privilege escalation path. A local unprivileged user could overwrite files, potentially damaging the database; some entries describe escalation to ...
CVE-2018-15450
A vulnerability in the web-based UI of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to overwrite files on the file system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using a specific UI input fiel...
CVE-2018-19044
keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protectedsymlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or...
CVE-2018-15450 Cisco Prime Collaboration Assurance File Overwrite Vulnerability
A vulnerability in the web-based UI of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to overwrite files on the file system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using a specific UI input fiel...
CVE-2018-15450 Cisco Prime Collaboration Assurance File Overwrite Vulnerability
A vulnerability in the web-based UI of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to overwrite files on the file system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using a specific UI input fiel...
CVE-2018-19044
CVE-2018-19044 applies to keepalived 2.0.8, where improper pathname validation allows local users to overwrite arbitrary files via symlinks when writing to a temporary file (examples: /tmp/keepalived.data or /tmp/keepalived.stats symlinked to /etc/passwd) if fs.protected_symlinks is 0. Connected ...
CVE-2018-15450
Cisco Prime Collaboration Assurance (PCA) web-based UI is affected by a vulnerability that allows an authenticated, remote attacker to overwrite files on the filesystem due to insufficient input validation. The issue arises when a crafted value is supplied in a UI input field to specify a path lo...
CVE-2018-15705
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code...
The vulnerability of the X.Org Server software arises from errors in processing and checking command-line parameters, allowing an attacker to gain root privileges and overwrite any file in the operating system.
Vulnerability of the X.Org Server software, caused by errors in processing and checking command-line parameters. Exploiting this vulnerability can allow a remote attacker to gain root privileges and rewrite any file in the operating system using the modulepath and logfile parameters when running...
X.Org Flaw Allows Privilege Escalation in Linux Systems
A local privilege-escalation and file-overwrite vulnerability in X.Org X server opens the door to trivial compromise in Linux systems that use the open-source software. The X server is a core graphics and windowing technology that can be found in most Linux and BSD distributions that use a...
Debian DSA-4328-1 : xorg-server - security update
Narendra Shinde discovered that incorrect command-line parameter validation in the Xorg X server may result in arbitary file overwrite, which can result in privilege escalation. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...
SUSE-SU-2018:3456-1 Security update for xorg-x11-server
This update for xorg-x11-server provides the following fix: Security issue fixed: - CVE-2018-14665: Local attackers could overwrite system files in any directory using the -logfile option and gain privileges bsc1111697 Non security issues fixed: - Do not write past the allocated buffer. bsc107838...
SUSE-SU-2018:1972-2 Security update for perl
This update for perl fixes the following issues: These security issue were fixed: - CVE-2018-6913: Fixed space calculation issues in pppack.c bsc1082216. - CVE-2018-6798: Fixed heap buffer overflow in regexec.c bsc1082233. - CVE-2018-6797: Fixed sharp-s regexp overflow bsc1082234. - CVE-2018-1201...
GHSA-RHQ2-2574-78MC Unzip function in ZipUtil.java in Hutool allows remote attackers to overwrite arbitrary files via directory traversal
The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive...
Perl Archive Tar Arbitrary File Overwrite (CVE-2018-12015)
An arbitrary file overwrite vulnerability exists in the Perl Tar Archive module. The vulnerability is due to improper handling of a tar archive. Successful exploitation could result in arbitrary file overwrite in the target user's system...
CVE-2018-17828
Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. dot dot in a zip file, because of the function unzzipcat in the bins/unzzipcat-mem.c file...
CVE-2018-17828
Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. dot dot in a zip file, because of the function unzzipcat in the bins/unzzipcat-mem.c file...