CVE-2020-16602

Razer Chroma SDK Rest Server through 3.12.17 allows remote attackers to execute arbitrary programs because there is a race condition in which a file created under "%PROGRAMDATA%\Razer Chroma\SDK\Apps" can be replaced before it is executed by the server. The attacker must have access to port 54236...

CVE-2020-16602

Razer Chroma SDK Rest Server through 3.12.17 allows remote attackers to execute arbitrary programs because there is a race condition in which a file created under "%PROGRAMDATA%\Razer Chroma\SDK\Apps" can be replaced before it is executed by the server. The attacker must have access to port 54236...

A Google Drive 'Feature' Could Let Attackers Trick You Into Installing Malware

An unpatched security weakness in Google Drive could be exploited by malware attackers to distribute malicious files disguised as legitimate documents or images, enabling bad actors to perform spear-phishing attacks comparatively with a high success rate. The latest security issue—of which Google...

PT-2020-18887 · Zonealarm · Zonealarm Anti-Ransomware

Name of the Vulnerable Software and Affected Versions: ZoneAlarm Anti-Ransomware versions prior to 1.0.713 Description: The issue allows a sophisticated timed attacker to replace files with malicious content, enabling an unprivileged user to escalate privileges via local access. This can be...

cae input validation error vulnerability (CNVD-2021-25664)

cae is a compression/decompression software package. An input validation error vulnerability exists in the ExtractTo feature in all versions of cae, which stems from the program failing to properly escape the path to a file in a zip archive, and can be exploited by an attacker to add or replace...

UBUNTU-CVE-2020-7668

In all versions of the package github.com/unknwon/cae/tz, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide...

The vulnerability of the Buildah command-line tool arises from an incorrect path limitation for the restricted access directory. This allows a malicious actor to create a malicious container image and replace arbitrary files on the user’s system.

The vulnerability of the Buildah command-line tool exists due to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability could allow a malicious actor to create a malicious container image and replace arbitrary files on the user’s system...

CVE-2020-9046

A vulnerability in all versions of Kantech EntraPass Editions could potentially allow an authorized low-privileged user to gain full system-level privileges by replacing critical files with specifically crafted files...

Opto 22 SoftPAC Project Code Issue Vulnerability

Opto 22 SoftPAC Project is an automation software suite from Opto 22 USA. The product is capable of providing industrial automation, process control, building automation, remote monitoring, data acquisition and industrial IoT. A code issue vulnerability exists in Opto 22 SoftPAC Project 9.6 and...

Unauthorized Replacement

SeaMonkey is vulnerable to unauthorized replacement. Due to a law found in the way SeaMonkey creates temporary file names for downloaded files. If a local attacker knows the name of a file SeaMonkey is going to download, they can replace the contents of that file with arbitrary contents...

CVE-2019-5469

An IDOR vulnerability exists in GitLab v12.1.2, v12.0.4, and v11.11.6 that allowed uploading files from project archive to replace other users files potentially allowing an attacker to replace project binaries or other uploaded assets...

Code injection

An IDOR vulnerability exists in GitLab v12.1.2, v12.0.4, and v11.11.6 that allowed uploading files from project archive to replace other users files potentially allowing an attacker to replace project binaries or other uploaded assets...

CVE-2019-5469

An IDOR vulnerability exists in GitLab v12.1.2, v12.0.4, and v11.11.6 that allowed uploading files from project archive to replace other users files potentially allowing an attacker to replace project binaries or other uploaded assets...

CVE-2019-5469

CVE-2019-5469 corresponds to an IDOR in GitLab prior to 12.1.2, before 12.0.4, and before 11.11.6 that lets an attacker upload a file from a project archive to replace another user’s files, potentially enabling replacement of project binaries or other uploaded assets. Public disclosures in multip...

CVE-2019-5469

Removed by vendor...

Max Secure Anti Virus Plus Elevation of Privilege Vulnerability

Max Secure Software Anti Virus Plus is a suite of antivirus software from Max Secure Software India. A security vulnerability exists in Max Secure Software Anti Virus Plus version 19.0.4.020. The vulnerability can be exploited by an attacker to replace .exe or .dll files and elevate privileges...

Max Secure Anti Virus Plus 19.0.4.020 - Insecure File Permissions Vulnerability

Exploit Title: Max Secure Anti Virus Plus 19.0.4.020 - Insecure File Permissions Discovery by: hyp3rlinx Vendor Homepage: www.maxpcsecure.com Tested Version: 19.0.4.020 CVE: N/A + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

Max Secure Anti Virus Plus 19.0.4.020 - Insecure File Permissions

Max Secure Anti Virus Plus 19.0.4.020 - Insecure File Permissions Exploit Title: Max Secure Anti Virus Plus 19.0.4.020 - Insecure File Permissions Discovery by: hyp3rlinx Date: 2019-12-02 Vendor Homepage: www.maxpcsecure.com Tested Version: 19.0.4.020 CVE: N/A + Credits: John Page aka hyp3rlinx +...

IBM Workload Scheduler Distributed Elevation of Privilege Vulnerability

IBM Workload Scheduler Distributed is a suite of enterprise task scheduling software from IBM in the United States. The software automates the control of workloads. An elevation of privilege vulnerability exists in IBM Workload Scheduler Distributed, which can be exploited by a local attacker to...

Uplay 92.0.0.6280 - Local Privilege Escalation Vulnerability

Exploit Title: Uplay 92.0.0.6280 - Local Privilege Escalation Exploit Author: Kusol Watchara-Apanukorn, Pongtorn Angsuchotmetee, Manich Koomsusi Vendor Homepage: https://uplay.ubisoft.com/ Version: 92.0.0.6280 Tested on: Windows 10 x64 CVE : N/A Vulnerability Description: "C:\Program Files...