CVE-2019-11736

The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service executable, which is run with privileged access. Additionally, there was a race condition during...

Directory traversal

Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewAttachment inpKey value...

CVE-2019-14362

Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewAttachment inpKey value...

CVE-2019-14362

Openbravo ERP prior to 3.0PR19Q1.3 is affected by a Directory Traversal vulnerability. The issue allows remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewAttachment inpKey value. Affected component is Openbravo ERP (web application) with directory ...

CVE-2019-7588

A vulnerability in the exacqVision Enterprise System Manager ESM v5.12.2 application whereby unauthorized privilege escalation can potentially be achieved. This vulnerability impacts exacqVision ESM v5.12.2 and all prior versions of ESM running on a Windows operating system. This issue does not...

PT-2019-2860

Name of the Vulnerable Software and Affected Versions node-tar versions prior to 4.4.2 node-tar version 2.2.2 is not affected, but versions prior to 2.2.2 are affected Description The issue is related to incorrect link resolution before file access in the node-tar module of the Node.js library...

thunderbird security update

60.2.1-4.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 60.2.1-4 - Fixing minor issues 60.2.1-3 - Reverting deleting of key3db 60.2.1-2 - Update to 60.2.1 - Added fix for rhbz1546988 60.0-1 - Rebase to version 60...

The compatibility subsystem’s vulnerability allows for the execution of Linux applications on Windows operating systems, enabling attackers to replace or delete any files they desire.

The vulnerability of the compatibility subsystem for running Linux applications on Windows operating systems is related to errors in character registry handling. Exploiting this vulnerability allows an attacker to replace or delete any files using a specially created application...

CVE-2018-14795

DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files...

Security Bulletin: Vulnerability in Apache Commons FileUpload DiskFileItem File Manipulation affects IBM Spectrum Conductor with Spark 2.2.0 (CVE-2016-1000031)

Summary A security vulnerability relating to remote code execution CVE-2016-1000031 has been reported against Apache Commons FileUpload DiskFileItem File Manipulation, which IBM Spectrum Conductor with Spark 2.2.0 uses as a framework for some services. Commons FileUpload 1.3.3 addresses this...

CVE-2017-5397

The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This allows for the possibility of an installed malicious application or tools with write access to the file system to replace files used by Firefox with their own...

CVE-2017-5397

The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This allows for the possibility of an installed malicious application or tools with write access to the file system to replace files used by Firefox with their own...

CVE-2017-5397

The CVE-2017-5397 issue affects Mozilla Firefox, specifically versions earlier than 51.0.3. The root cause is a world-writable cache directory on the local filesystem, which Firefox uses to extract libraries. This configuration allows a local attacker with write access (e.g., a malicious installe...

ntfserver file download vulnerability

The ntfserver is a centralized server for collecting and displaying ntfd data. A security vulnerability exists in ntfserver that originates when a program downloads binary resources over the HTTP protocol. A remote attacker could exploit the vulnerability by replacing the requested binary file wi...

Shopify: Replace other user files in Inbox messages

Summary When a store publishes their listing, a user can message them if they are interested. Company can reply to this query and also add a file. When a file is uploaded, the link looks like this: https://shopify-exchange-private.s3.amazonaws.com/attachments/. This file can be replaced if the...

Design/Logic Flaw

IBM Remote Control v9 could allow a local user to use the component to replace files to which he does not have write access and which he can cause to be executed with Local System or root privileges. IBM X-Force ID: 123912...

CVE-2017-1233

IBM Remote Control v9 could allow a local user to use the component to replace files to which he does not have write access and which he can cause to be executed with Local System or root privileges. IBM X-Force ID: 123912...

UBUNTU-CVE-2017-18018

In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition...

CVE-2017-9966

A privilege escalation vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. By replacing certain files, an unauthorized user can obtain system privileges and the inserted code would execute at an elevated privilege level...

Schneider Electric Pelco VideoXpert Enterprise Elevation of Privilege Vulnerability

Pelco VideoXpert Enterprise is an enterprise video management system. An elevation of privilege vulnerability exists in Schneider Electric Pelco VideoXpert Enterprise, where an attacker can gain system privileges by replacing certain files and inserting code that will execute with the elevated...