34 matches found
Mozilla Firefox Input Validation Error Vulnerability (CNVD-2020-46333)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in versions of Mozilla Firefox prior to 28 for iOS-based platforms. An attacker can exploit the vulnerability to modify file extensions...
CVE-2020-9820
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5. A remote attacker may be able to modify the file system...
Code injection
An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825. The Self-Protection feature does not prohibit a write operation from an external process. Thus, code injection can be used to turn off this feature. After that, one can construct an event that will modify a file at a specific...
CVE-2019-8408
OneFileCMS 3.6.13 allows remote attackers to modify onefilecms.php by clicking the Copy button twice...
Vulnerability of the Server: Optimizer component of the MySQL database management system, which allows attackers to alter file access rights or cause service interruptions.
The vulnerability of the Server: Optimizer component of the Oracle MySQL database management system is related to insufficient access control. Exploiting this vulnerability could allow an attacker to modify file access rights or cause service interruptions...
GNU tar has been updated to fix CVE-2018-20482
GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service infinite read loop in sparsedumpregion in sparse.c by modifying a file that is supposed to be archived by a different user's process e.g., a system back...
PT-2018-2401 · Oracle +1 · Mysql Server
Name of the Vulnerable Software and Affected Versions: Oracle MySQL versions 8.0.12 and prior Description: The issue is related to insufficient access control in the Server: DDL component of Oracle MySQL, allowing a remote attacker to modify file permissions or cause a denial of service. Successf...
CVE-2016-2288
Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file...
X.Org X Server: Multiple vulnerabilities
Background The X Window System is a graphical windowing system based on a client/server model. Description vladz reported the following vulnerabilities in the X.Org X server: The X.Org X server follows symbolic links when trying to access the lock file for a X display, showing a predictable...
CVE-2010-3867
Multiple directory traversal vulnerabilities in the modsitemisc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a 1 SITE MKDIR, 2 SITE RMDIR, 3 SITE SYMLINK...
Cross site scripting
wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a configuration file in the page parameter to obtain sensitive information or modify this file, as...
Code injection
ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a 1 PHP or 2 CGI script...
AutositePHP 2.0.3 LFI/XSRF/File Editing
AutositePHP v2.0.3 LFI/CSRF/Edit File Multiple Remote Vulnerabilities + Discovered By SirGod + Greetz : All my friends + Download Script : http://sourceforge.net/projects/autositephp/ + Local File Inclusion PoC 1 : http://target/path/index.php?page=users/Local File Example 1 :...
IRIX 5.2/6.0 - Permissions File Manipulation
source: https://www.securityfocus.com/bid/1751/info The IRIX's /usr/lib/desktop/permissions tool is a suid and sgid root applications normally used by users to modify permissions of their files and files they are privileged for. A vulnerability in the permissions tool allows local malicious users...