Design/Logic Flaw

A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files...

CVE-2018-0349

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the request admin-tech command in the CLI of the affected...

CVE-2018-0349

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the request admin-tech command in the CLI of the affected...

CVE-2018-0349

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the request admin-tech command in the CLI of the affected...

CVE-2018-0349

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the request admin-tech command in the CLI of the affected...

CVE-2018-14329

In HTSlib 1.8, a race condition in cram/cramio.c might allow local users to overwrite arbitrary files via a symlink attack...

Race condition

In HTSlib 1.8, a race condition in cram/cramio.c might allow local users to overwrite arbitrary files via a symlink attack...

CVE-2018-14329

CVE-2018-14329: In HTSlib 1.8, a race condition in cram/cram_io.c can allow local users to overwrite arbitrary files via a symlink attack. Exploitation details are not described in the provided connected documents; no patch/version remediation is listed. Impact is local unauthorized file modifica...

Explzh vulnerable to directory traversal

Overview Explzh is a file compression/extraction software supporting multiple file formats. Explzh contains a directory traversal vulnerability CWE-22. Explzh is not vulnerable to relative path traversal but to absolute path traversal. Therefore, an attacker may create new files or overwrite...

CVE-2018-12979

An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. Weak permissions allow an authenticated user to overwrite critical files by abusing the unrestricted file upload in the WBM...

CVE-2018-13054

An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of for example other users' icon files in onfacebrowsemenuitemactivated and onfacemenuitemactivated. These icon files are written to the respective user's $HOME/.face...

GIMP File Creation Vulnerability

GIMP GNU Image Manipulation Program, GNU Image Manipulation Program is a cross-platform open source image processing software developed by the GIMP team. The software enables a variety of image processing, including photo retouching, image compositing and image creation. A security vulnerability...

Design/Logic Flaw

GIMP through 2.10.2 makes ggettmpdir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimpwriteandreadfile function in app/tests/test-xcf.c. This might be leveraged by attackers to overwrite files or read file content that was...

Security Bulletin: A vulnerability affects the IBM FlashSystem model V840

Summary There is a vulnerability which the IBM FlashSystem™ V840 is susceptible. An exploit of this vulnerability CVE-2018-1495 could make the system susceptible to attacks which could allow an attacker to overwrite arbitrary files. Vulnerability Details CVEID: CVE-2018-1495 DESCRIPTION: IBM...

CVE-2017-7767

The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files with junk data using the Mozilla Windows Updater, which runs with the Maintenance Service's privileged access. Note: This attack requires local system access and only affects Windows. Other operati...

DEBIAN-CVE-2018-12015

In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name...

Arbitrary File Write

maven-core is vulnerable to arbitrary file writes. The application does not properly validate the destination filepath when during zip file extraction, allowing a malicious user to control the write destination and overwrite files...

Arbitrary File Write

zip4j is vulnerable to arbitrary file write. The application does not properly validate the destination filepath during compressed file extraction, allowing a malicious user to overwrite files in the target directory...

CVE-2018-1002100

In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files...

PT-2018-9619 · Kubernetes · Kubernetes

Name of the Vulnerable Software and Affected Versions: Kubernetes versions 1.5.x through 1.9.5 Description: The issue concerns the insecure handling of tar data by the kubectl cp command, which can lead to the overwrite of arbitrary local files. This is a result of how the command manages data...