CVE-2023-38544

A logged in user can modify specific files that may lead to unauthorized changes in system-wide configuration settings. This vulnerability could be exploited to compromise the integrity and security of the network on the affected system...

CVE-2023-43070

Dell SmartFabric Storage Software v1.4 and earlier contains a Path Traversal Vulnerability in the HTTP interface. A remote authenticated attacker could potentially exploit this vulnerability, leading to modify or write arbitrary files to arbitrary locations in the license container...

Path traversal

Dell SmartFabric Storage Software v1.4 and earlier contains a Path Traversal Vulnerability in the HTTP interface. A remote authenticated attacker could potentially exploit this vulnerability, leading to modify or write arbitrary files to arbitrary locations in the license container...

The vulnerability of the Fusion File Manager component in the PHP-Fusion CMS system allows a hacker to gain access to read and modify files.

The vulnerability of the Fusion File Manager CMS system’s PHP-Fusion component is related to an incorrect limitation on the path name of the restricted directory. Exploiting this vulnerability allows a malicious actor to gain access to and modify files through a specially created HTTP request...

Oracle Linux 5 : gfs2-utils (ELSA-2009-1337)

The remote Oracle Linux 5 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2009-1337 advisory. 0.1.62-1 - Fix man page references to fsck.gfs2. - Resolves: rhbz477072 0.1.61-1 - fsck.gfs2 no longer segfaults when fixing 'EA leaf block type' problems. -...

CVE-2023-32492

Dell PowerScale OneFS 9.5.0.x contains an incorrect default permissions vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to information disclosure or allowing to modify files...

Design/Logic Flaw

Dell PowerScale OneFS 9.5.0.x contains an incorrect default permissions vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to information disclosure or allowing to modify files...

CVE-2023-32492

Dell PowerScale OneFS 9.5.0.x contains an incorrect default permissions vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to information disclosure or allowing to modify files...

CVE-2022-43701

When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code...

Vulnerability fixed in Xwiki

The developers of Xwiki have fixed a vulnerability in the CKEditor of Xwiki. An authenticated malicious person with editing privileges in the CKeditor could exploit the vulnerability to modify arbitrary files in Xwiki, including those for which it is not authorized. This allows the malicious pers...

The vulnerability of Juniper Networks’ Junos OS Evolved operating system, related to the lack of standard permission mechanisms, allows attackers to modify existing files or execute arbitrary commands on behalf of users.

The vulnerability of Juniper Networks’ Junos OS Evolved operating system is related to the lack of a mechanism for standard permissions. Exploiting this vulnerability allows an attacker to modify existing files or execute arbitrary commands on behalf of the user...

CVE-2023-34204

imapsync through 2.229 uses predictable paths under /tmp and /var/tmp in its default mode of operation. Both of these are typically world-writable, and thus for example an attacker can modify imapsync's cache and overwrite files belonging to the user who runs it...

Encourage Technologies ESS REC Agent Server 路径遍历漏洞

Encourage Technologies ESS REC Agent Server is a software system from Encourage Technologies for receiving, processing, and managing audio and video data from surveillance devices. A security vulnerability exists in Encourage Technologies ESS REC Agent Server that stems from the presence of a...

CVE-2022-4224 CODESYS: Exposure of Resource to Wrong Sphere in CODESYS V3

In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device...

K22691834: Linux kernel vulnerability CVE-2018-16597

Security Advisory Description An issue was discovered in the Linux kernel through 4.18.6. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem. CVE-2018-16597 Impact There is no impact; F5 products are not affected...

K28622040: Python vulnerability CVE-2019-9948

Security Advisory Description urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call. CVE-2019-9948 Impac...

K68652018: iControl REST vulnerability CVE-2021-22974

Security Advisory Description An authenticated attacker with access to iControl REST over the control plane may be able to take advantage of a race condition to execute commands with an elevated privilege level. This vulnerability is due to an incomplete fix for CVE-2017-6167. CVE-2021-22974...

SUSE CVE-2001-1593

The tempnameensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spyuser function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file...

SUSE CVE-2008-5076

htop 0.7 writes process names to a terminal without sanitizing non-printable characters, which might allow local users to hide processes, modify arbitrary files, or have unspecified other impact via a process name with "crazy control strings."...

SUSE CVE-2018-16597

An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem...