CVE-2017-1000115

Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository...

AzeoTech DAQFactory Unauthorized Modification Vulnerability

AzeoTech DAQFactory is an HMI/SCADA software. An unauthorized modification vulnerability exists in AzeoTech DAQFactory, which can be exploited by a local, unmanaged user to maliciously replace or modify the original application files...

Advantech WebAccess Unauthorized Operation Vulnerability

Advantech WebAccess is a set of HMI/SCADA software from Advantech based on browser architecture. The software supports dynamic graphic display and real-time data control, and provides remote control and management of automation equipment. An unauthorized operation vulnerability exists in Advantec...

git: Escape out of git-shell

A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted...

OpenSSH xauth Input Authentication Vulnerability

OpenSSH OpenBSD Secure Shell is a set of connection tools maintained by the OpenBSD Project Group for secure access to remote computers. OpenSSH has a security vulnerability. A remotely authenticated user can read or modify files on the target system and can execute the xauth command on the targe...

Design/Logic Flaw

AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability."...

CVE-2017-3852

A vulnerability in the Cisco application-hosting framework CAF component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance running on the affected device. The vulnerability is due to insufficient input...

CVE-2017-5618

GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions...

Kodi Chorus2 Directory Traversal Vulnerability

Kodi formerly XBMC is a free and open source media player software application developed by the XBMC Foundation.Chorus is a web interface for controlling and interacting with Kodi. It is hosted by the Kodi installation. A directory traversal vulnerability exists in Kodi Chorus2 due to the program...

CA Common Services Local Elevation of Privilege Vulnerability (CNVD-2017-02393)

CA Client Automation and so on are products of CA Corporation in the U.S.A. CA Common Services is one of the common services bundled on the Unix/Linux platform. A local elevation of privilege vulnerability exists in CA Common Services, which can be exploited by a local attacker to alter arbitrary...

CVE-2016-5237

Valve Steam 3.42.16.13 uses weak permissions for the files in the Steam program directory, which allows local users to modify the files and possibly gain privileges as demonstrated by a Trojan horse Steam.exe file...

DEBIAN-CVE-2016-2087

Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. dot dot in the server name...

CVE-2016-9210

A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system. More Information: CSCvb61698. Known Affected Releases: 11.51.11007.2. Known Fixed Releases...

Novell Open Enterprise Server Information Disclosure Vulnerability

The Novell Open Enterprise Server OES is an enterprise-class server from the American company Novell that provides network services, file and print services, and network management capabilities. An information disclosure vulnerability exists in Novell OES. A remote attacker could exploit the...

kernel: overlayfs file truncation without permissions

An issue was discovered in the Linux kernel where an incorrect access check in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem...

The vulnerability of the Windows operating system allows a perpetrator to bypass the low-level security mechanisms and modify files.

The vulnerability of the Windows operating system’s kernel exists due to insufficient checks on the status of resources when they are allowed to be shared among processes. Exploiting this vulnerability allows an attacker acting locally to bypass low-level security mechanisms and modify files by...

Microsoft Windows Security Feature Bypass Vulnerability

Microsoft Windows is a series of operating systems released by Microsoft Corporation in the United States. kernel is one of the kernels. A security feature bypass vulnerability exists in the Microsoft Windows kernel. A local attacker can exploit this vulnerability to bypass the Low Integrity...

The vulnerability of the Junos operating system, which allows a hacker to read, delete, or modify any files at will

The vulnerability of the Remote Procedure Call RPC function in the Junos operating system exists due to insufficient checking of resource status when resources are allowed to be shared among multiple processes. Exploiting this vulnerability could allow a malicious actor, operating locally, to rea...

CVE-2016-1267

Race condition in the RPC functionality in Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D39, 13.3 before 13.3R7, 14.1 before 14.1R6, 14.1X53 before...

CVE-2014-3864

Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote attackers to modify files outside of the intended directories via a crafted source package that lacks a --- header line...