CVE-2019-14362

Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewAttachment inpKey value...

CVE-2019-14657

Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. They execute tar as root to extract files, but do not validate the extraction directory. Creating a tar file with ../../../../ allows replacement of almost any file on a phone. This leads to password replacement and arbitra...

CVE-2019-19382

Max Secure Anti Virus Plus 19.0.4.020 has Insecure Permissions on the installation directory. Local attackers can replace a .exe or .dll file to achieve privilege escalation...

CVE-2010-4732

cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to execute arbitrary code by using a config.html 2.conf action to...

CVE-2025-3519

An authorization bypass in Unblu Spark allows a participant of a conversation to replace an existing, uploaded file. Every uploaded file in Unblu gets assigned with a randomly generated Universally Unique ID UUID. In case a participant of this or another conversation gets access to such a file ID...

CVE-2025-3519

An authorization bypass in Unblu Spark allows a participant of a conversation to replace an existing, uploaded file. Every uploaded file in Unblu gets assigned with a randomly generated Universally Unique ID UUID. In case a participant of this or another conversation gets access to such a file ID...

CVE-2025-3519 Replace uploaded files knowing the file upload ID

An authorization bypass in Unblu Spark allows a participant of a conversation to replace an existing, uploaded file. Every uploaded file in Unblu gets assigned with a randomly generated Universally Unique ID UUID. In case a participant of this or another conversation gets access to such a file ID...

CVE-2025-3519

Summary: CVE-2025-3519 is an authorization bypass in Unblu Spark that allows a conversation participant to replace an existing uploaded file by using the file’s UUID. The issue affects Unblu Spark versions 8.0.0–8.12.1 and 8.13.1, enabling file replacement without altering the file name, uploader...

Unblu Spark 安全漏洞

Unblu Spark is a key component in a conversation-centered digital customer experience platform from Swiss company Unblu. A security vulnerability exists in Unblu Spark that stems from the ability of conversation participants to replace uploaded files...

CVE-2020-27228

An incorrect default permissions vulnerability exists in the installation functionality of OpenClinic GA 5.173.3. Overwriting the binary can result in privilege escalation. An attacker can replace a file to exploit this vulnerability...

CVE-2025-24814

Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that 1 use the "FileSystemConfigSetService" component the default in "standalone" or "user-managed" mode, and 2 are running without authentication and authorization are vulnerable to a sort...

Bucket "h2o-release" publicly writable, allowing an attacker to replace any file

The S3 bucket "h2o-release" where you host docs and which you instruct your users to use as a Maven repo e.g. in here https://github.com/h2oai/h2o-3?tab=readme-ov-file3-using-h2o-3-artifacts is publicly writable. It is possible to overwrite any file in that bucket. As a PoC I created the followin...

Huawei EMUI and HarmonyOS File Replacement Vulnerability

Huawei EMUI is a mobile operating system developed based on Android.Huawei HarmonyOS is an operating system. Provides a full-scene distributed operating system based on a microkernel. A file replacement vulnerability exists in Huawei EMUI and HarmonyOS. An attacker could exploit this vulnerabilit...

CVE-2024-54099

File replacement vulnerability on some devices Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality...

CVE-2024-54099

File replacement vulnerability on some devices Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality...

CVE-2024-54099

CVE-2024-54099 concerns a file replacement vulnerability in Huawei EMUI and HarmonyOS. Multiple connected sources describe impact to integrity and confidentiality with local exploitation paths. The NVD entry lists a Local/Low-Complexity attack with Low privileges required (varies by source), and ...

CVE-2024-54099

File replacement vulnerability on some devices Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality...

CVE-2024-54099

File replacement vulnerability on some devices Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality...

Huawei EMUI和Huawei HarmonyOS 安全漏洞

Huawei EMUI is a mobile operating system developed based on Android.Huawei HarmonyOS is an operating system. Provides a full-scene distributed operating system based on a microkernel. A file replacement vulnerability exists in Huawei EMUI and HarmonyOS. An attacker could exploit this vulnerabilit...

PT-2024-36030 · Huawei · Emui +1

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue is related to a file replacement vulnerability on some devices. Successful exploitation of this vulnerability will affect integrity and confidentiality. Recommendations: At the...