Dell Command Configure Elevation of Privilege Vulnerability

Dell Command Configure is a Dell application that provides configuration capabilities for business client platforms. Dell Command Configure version 4.8 and prior versions contain an elevation of privilege vulnerability that stems from incorrect folder permissions, which could be exploited to modi...

CVE-2022-23143

ZTE OTCP product is impacted by a permission and access control vulnerability. Due to improper permission settings, an attacker with high permissions could use this vulnerability to maliciously delete and modify files...

PT-2022-15881 · Zte · Zte Otcp

Name of the Vulnerable Software and Affected Versions: ZTE OTCP product affected versions not specified Description: The issue is related to improper permission settings, allowing an attacker with high permissions to maliciously delete and modify files. Recommendations: At the moment, there is no...

Shadow: TOCTOU Race

Background Shadow contains utilities to deal with user accounts Description A TOCTOU race condition was discovered in shadow. A local attacker with write privileges in a directory removed or copied by usermod/userdel could potentially exploit this flaw when the administrator invokes...

The vulnerability in the web interface of the Cisco Identity Services Engine allows a perpetrator to read and modify files on a vulnerable device.

The vulnerability of the Cisco Identity Services Engine’s web interface relates to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to read and modify files on the vulnerable device by sending a specially crafted HTTP request...

openSUSE 安全漏洞

openSUSE is a set of Linux-based free operating systems and open source community projects from SUSE Germany. A security vulnerability exists in openSUSE. An attacker can exploit this vulnerability to bypass SUSE privileged access restrictions via chkstat to read or change files...

HP ThinPro Linux 安全漏洞

HP ThinPro Linux is an operating system for HP thin clients from Hewlett-Packard HP in the United States. A security vulnerability exists in HP ThinPro Linux 7.2 Service Pack 8 SP8 that originates from an unauthorized attacker being able to modify certain files...

CVE-2021-30490

upsMonitor in ViewPower aka ViewPowerHTML 1.04-21012 through 1.04-21353 has insecure permissions for the service binary that enable an Authenticated User to modify files, allowing for privilege escalation...

Improper Access Control

octopoller is vulnerable to improper access control. The vulnerability exists because the files are given with world-writable permission without proper validations which allows a malicious attacker to modify files and change the existing behavior...

Exploit for OS Command Injection in Zyxel Usg_Flex_100W_Firmware

CVE-2022-30525 Zyxel Firewall Remote Command Injection A py...

CVE-2022-26041

Directory traversal vulnerability in RCCMD 4.26 and earlier allows a remote authenticated attacker with an administrative privilege to read or alter an arbitrary file on the server via unspecified vectors...

GENEREX RCCMD 路径遍历漏洞

GENEREX RCCMD is a multi-server shutdown software from GENEREX. GENEREX RCCMD suffers from a path traversal vulnerability that stems from the inclusion of a directory traversal issue. An attacker could view or alter arbitrary files on the server...

Privilege escalation

The affected product is vulnerable to misconfigured binaries, allowing users on the target PC with SYSTEM level privileges access to overwrite the binary and modify files to gain privilege escalation...

CVE-2022-25402

An incorrect access control issue in HMS v1.0 allows unauthenticated attackers to read and modify all PHP files...

CVE-2022-25402

An incorrect access control issue in HMS v1.0 allows unauthenticated attackers to read and modify all PHP files...

PT-2022-17265 · Hms · Hms

Name of the Vulnerable Software and Affected Versions: HMS version 1.0 Description: An issue with access control in HMS allows unauthenticated attackers to read and modify all PHP files. Recommendations: For HMS version 1.0, consider restricting access to PHP files until a fix is available. As a...

CVE-2021-44023

A link following denial-of-service DoS vulnerability in the Trend Micro Security Consumer 2021 familiy of products could allow an attacker to abuse the PC Health Checkup feature of the product to create symlinks that would allow modification of files which could lead to a denial-of-service...

OmniCore robot 访问控制错误漏洞

OmniCore robot is a robot application. OmniCore robot suffers from a security vulnerability that allows an attacker to read and modify files on the robot controller...

CVE-2021-29678

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files. IBM X-Force ID: 199914...

IBM Db2 安全漏洞

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from an Access Control Error vulnerability that originates when a networked system or...