Lucene search
K

70 matches found

OSV
OSV
added 2020/02/27 5:15 p.m.4 views

CVE-2019-5326

An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform. This is possible due to the ability to overwrite a file on disk which is subsequently deserialized by the Java application component...

7.2CVSS7.5AI score0.01936EPSS
Exploits0References1
Metasploit
Metasploit
added 2020/01/18 2:12 a.m.94 views

WordPress InfiniteWP Client Authentication Bypass

This module exploits an authentication bypass in the WordPress InfiniteWP Client plugin to log in as an administrator and execute arbitrary PHP code by overwriting the file specified by PLUGINFILE. The module will attempt to retrieve the original PLUGINFILE contents and restore them after payload...

8.4AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2020/01/15 12:0 a.m.30 views

Microsoft Windows Device Management Enrollment Service Hard Link Denial-of-Service Vulnerability

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within t...

7.3CVSS4.3AI score0.01658EPSS
Exploits0References1
OSV
OSV
added 2019/12/06 9:15 p.m.5 views

CVE-2019-18575

Dell Command Configure versions prior to 4.2.1 contain an uncontrolled search path vulnerability. A locally authenticated malicious user could exploit this vulnerability by creating a symlink to a target file, allowing the attacker to overwrite or corrupt a specified file on the system...

7.1CVSS5.8AI score0.0034EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2019/11/13 12:0 a.m.36 views

Microsoft Windows IP Helper Service Hard Link Denial-of-Service Vulnerability

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within t...

5.3CVSS3.4AI score0.02076EPSS
Exploits0References1
Prion
Prion
added 2019/11/07 8:15 p.m.12 views

Code injection

Gource through 0.26 logs to a predictable file name /tmp/gource-$UID.tmp, enabling attackers to overwrite an arbitrary file via a symlink attack...

5.5CVSS7.1AI score0.01702EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/11/07 7:46 p.m.14 views

CVE-2010-2449

Gource through 0.26 logs to a predictable file name /tmp/gource-$UID.tmp, enabling attackers to overwrite an arbitrary file via a symlink attack...

6.5AI score0.01702EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2019/11/07 7:46 p.m.17 views

CVE-2010-2449

Gource through 0.26 logs to a predictable file name /tmp/gource-$UID.tmp, enabling attackers to overwrite an arbitrary file via a symlink attack...

6.5CVSS6.5AI score0.01702EPSS
Exploits0
OSV
OSV
added 2019/09/21 12:0 a.m.1 views

UBUNTU-CVE-2019-16680

An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction...

4.3CVSS6.1AI score0.02132EPSS
Exploits1References6
CVE
CVE
added 2018/12/20 2:0 p.m.40 views

CVE-2018-5199

CVE-2018-5199 affects Veraport G3 ALL on macOS. The root cause is insufficient domain validation, enabling an attacker to overwrite an installation file with a malicious file and potentially execute arbitrary code. Exploitation details are not provided in the documents beyond the high-level descr...

8.8CVSS8.6AI score0.01671EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2018/10/26 12:0 a.m.33 views

Ubuntu: Security Advisory (USN-3439-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.1AI score0.29442EPSS
Exploits6References2
OSV
OSV
added 2018/09/19 2:29 p.m.2 views

DEBIAN-CVE-2018-11762

In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline --extract-dir= and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file...

5.9CVSS6.8AI score0.05449EPSS
Exploits0References1
OSV
OSV
added 2018/09/19 2:29 p.m.3 views

UBUNTU-CVE-2018-11762

In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline --extract-dir= and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file...

5.9CVSS6.6AI score0.05449EPSS
Exploits0References4
CNVD
CNVD
added 2017/10/26 12:0 a.m.4 views

Apache Derby Overwrite Arbitrary File Vulnerability

Apache Derby is the United States Apache Apache Software Foundation developed a set of open source database management system. A security vulnerability exists in the export process in Apache Derby. A remote attacker could exploit the vulnerability to overwrite an existing file...

7.5CVSS7.6AI score0.03797EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/10/06 12:0 a.m.48 views

Ubuntu 14.04 LTS : Ruby vulnerabilities (USN-3439-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3439-1 advisory. It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a buffer overrun. CVE-2017-0898 Yusuke Endoh discover...

9.8CVSS7.5AI score0.29442EPSS
Exploits6References8
CVE
CVE
added 2017/08/27 4:0 p.m.60 views

CVE-2017-13709

CVE-2017-13709 affects FlightGear prior to version 2017.3.1. The FGLogger subsystem’s Main/logger.cxx allows overwriting arbitrary files via a resource that can alter the contents of the global Property Tree, enabling an attacker with write access to cause data corruption or disclosure in affecte...

7.5CVSS7.1AI score0.01058EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2017/08/27 4:0 p.m.18 views

CVE-2017-13709

In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree...

7.2AI score0.01058EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2016/06/09 12:0 a.m.47 views

Scientific Linux Security Update : ntp on SL6.x i386/x86_64 (20160510)

Security Fixes : - It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP's ntpcrypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. A remote attacker coul...

7.5CVSS7.3AI score0.12282EPSS
Exploits0References14
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.24 views

IRIX 6.5.x inpview Race Condition Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1530/info Certain versions of IRIX ship with a version of inpview that creates files in '/var/tmp/' in an insecure manner and is therefore prone to a race condition. InPerson's 'inpview' is a networked multimedia...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

Drummond Miles A1Stats 1.0 a1disp2.cgi Traversal Arbitrary File Read

No description provided by source. source: http://www.securityfocus.com/bid/2705/info A1Stats is a CGI product by Drummon Miles used to report on a website's visitor traffic. Versions of this product fail to properly validate user-supplied input submitted as querystrings to the A1Stats script. An...

7.1AI score
Exploits0
Rows per page
Query Builder