27 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-20066
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled...
CVE-2024-46464
In PRIMX ZED Enterprise up to 2024.3, technical files stored in local folders with common user access can be manipulated to render the host computer unavailable or to execute programs with an elevation of privilege...
CVE-2023-23342
If certain local files are manipulated in a certain manner, the validation to use the cryptographic keys can be circumvented...
PT-2023-18915 · Hcl +1 · Hcl Nomad For Web +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue allows the validation to use cryptographic keys to be circumvented if certain local files are manipulated in a specific manner. There is no...
K68562154: MySQL vulnerability CVE-2005-0004
Security Advisory Description The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files. CVE-2005-0004 Impact There ...
SUSE CVE-2019-11736
The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service executable, which is run with privileged access. Additionally, there was a race condition during...
Mozilla Firefox Security Advisory (MFSA2016-81) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
XStream Arbitrary File Deletion Vulnerability (CNVD-2021-28336)
XStream is a simple Java-based library , Java objects serialized to xml and vice versa i.e. : Java objects and xml documents can easily be converted to each other . XStream has an arbitrary file deletion vulnerability that can be exploited by an attacker to manipulate the processed input stream a...
CVE-2019-11736
The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service executable, which is run with privileged access. Additionally, there was a race condition during...
CVE-2019-11736
The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service executable, which is run with privileged access. Additionally, there was a race condition during...
CVE-2019-11736
The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service executable, which is run with privileged access. Additionally, there was a race condition during...
Input validation
A vulnerability has been identified in SIMATIC STEP 7 TIA Portal and WinCC TIA Portal V10, V11, V12 All versions, SIMATIC STEP 7 TIA Portal and WinCC TIA Portal V13 All versions V13 SP2 Update 2, SIMATIC STEP 7 TIA Portal and WinCC TIA Portal V14 All versions V14 SP1 Update 6, SIMATIC STEP 7 TIA...
Webmin < 0.85 Multiple Vulnerabilities
According to its self-reported version, the Webmin install hosted on the remote host is earlier than 0.85. It is, therefore, affected by multiple vulnerabilities: - A privilege escalation vulnerability which may make authentication information available to all CGI programs and allows local users ...
Security vulnerabilities fixed in Firefox ESR 45.5 — Mozilla
A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. Thi...
Information disclosure and local file manipulation through drag and drop — Mozilla
Security researcher Rafael Gieschke reported that file URIs dragged from a web page in Firefox to other software do not have their contents properly filtered before being passed to other programs, such as the local file manager. This can allow for the theft or manipulation of arbitrary local file...
The vulnerability of the Firefox browser, which allows a hacker to delete any files they want
The vulnerability of the Mozilla Maintenance Service updater for the Firefox browser is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to delete arbitrary files by manipulating local files...
CDRTools 2.0 RSCSI Debug File Arbitrary Local File Manipulation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8328/info It has been reported that the rscsi utility may provide for the modification of ownership and the corruption of arbitrary attacker specified files. It has been reported that a local attacker may invoke the rscsi...
Design/Logic Flaw
VMware ESXi 4.0 through 5.5 and ESX 4.0 and 4.1 allow local users to read or modify arbitrary files by leveraging the Virtual Machine Power User or Resource Pool Administrator role for a vCenter Server Add Existing Disk action with a 1 -flat, 2 -rdm, or 3 -rdmp filename...
CVE-2012-3454
eXtplorer 2.1.0b6 uses world writable permissions for the /var/lib/extplorer/ftptmp directory, which allows local users to delete or overwrite arbitrary files...
CVE-2012-3453
CVE-2012-3453 affects logol 1.5.0, where the /var/lib/logol/results directory uses world-writable permissions, enabling local users to delete or overwrite arbitrary files. The root cause is insecure directory permissions. No explicit exploit details or active exploitation are provided in the conn...