300 matches found
CVE-2020-10118
cPanel before 84.0.20 allows a demo account to modify files via Branding API calls SEC-543...
Design/Logic Flaw
cPanel before 84.0.20 allows a demo account to modify files via Branding API calls SEC-543...
Path traversal
Multiple relative path traversal vulnerabilities in the oneup/uploader-bundle before 1.9.3 and 2.1.5 allow remote attackers to upload, copy, and modify files on the filesystem potentially leading to arbitrary code execution via the 1 filename parameter to BlueimpController.php; the 2 dzchunkindex...
The vulnerability of the node-tar and fstream packages in Microsoft Visual Studio software allows a hacker to modify any files they choose.
The vulnerability of the node-tar and fstream packages in the Microsoft Visual Studio development environment is related to errors during the checking of hard links when extracting archive files. Exploiting this vulnerability allows a remote attacker to modify arbitrary files by loading a malicio...
Aviatrix VPN Client Privilege Handling Elevation of Privilege Vulnerability
Aviatrix VPN Client is a VPN Virtual Private Network client application that provides SAML authentication. A security vulnerability exists in Aviatrix VPN Client version 2.2.10 and earlier, which stems from the program assigning weak file permissions to the installation path. A local attacker can...
PT-2019-6064 · Qnap · Qnap Photo Station
Name of the Vulnerable Software and Affected Versions: QNAP Photo Station affected versions not specified Description: This issue allows remote attackers to access or modify system files due to external control of file name or path. It is related to incorrect limitation of the directory path name...
CVE-2019-1939 Cisco Webex Teams Logging Feature Command Execution Vulnerability
A vulnerability in the Cisco Webex Teams client for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. This vulnerability is due to improper restrictions on software logging features used by the application on Windows operating systems. An...
gvfs: Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password
An incorrect permission check in the admin backend in gvfs was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users...
Code injection
cPanel before 80.0.5 allows demo accounts to modify arbitrary files via the extractfile API1 call SEC-496...
gvfs: Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password
An incorrect permission check in the admin backend in gvfs was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users...
DEBIAN-CVE-2019-3827
An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running unde...
Invision Power Board Stored Cross-Site Scripting Vulnerability
Invision Power Board is a popular forum program. Invision Power Board suffers from a stored cross-site scripting vulnerability. An attacker can exploit the vulnerability to gain access to the backend administrator's After obtaining administrator access to the backend, an attacker can modify...
Updated gvfs packages fix security vulnerability
The backend currently allows to access and modify files without prompting for password if any polkit authentication agent isn't available. This affects only users which belong to wheel group i.e. those who are already allowed to use sudo. It doesn't allow privilege escalation for users, who don't...
UBUNTU-CVE-2019-3827
An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running unde...
CVE-2018-18812
The Spotfire Library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability that might theoretically fail to restrict users with read-only access from modifying files stored in the Spotfire Library, only when th...
World Writable Permissions
augeas is vulnerable to world writable permissions. The vulnerability exists as the transformsave function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be used for new files...
CVE-2018-18332
A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on some key files to modify other files and folders on vulnerable installations...
IBM Integration Bus Override Access Vulnerability
IBM Integration Bus formerly known as IBM WebSphere Message Broker is an enterprise service bus ESB product from IBM. The product provides connectivity and common data transformations for Service Oriented Architecture SOA environments and non-SOA environments. A security vulnerability exists in I...
CVE-2018-15386
A vulnerability in Cisco Digital Network Architecture DNA Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions. The vulnerability is due to an insecure default configuration of the affected system. An...
CVE-2018-0422
A vulnerability in the folder permissions of Cisco Webex Meetings client for Windows could allow an authenticated, local attacker to modify locally stored files and execute code on a targeted device with the privilege level of the user. The vulnerability is due to folder permissions that grant a...