race-condition-exploit

🔐 Race Condition Exploit & Mitigation TOCTOU This project d...

CVE-2025-64107 Cursor is Vulnerable to Path Manipulation Using Backslashes on Windows

Cursor is a code editor built for programming with AI. In versions 1.7.52 and below, manipulating internal settings may lead to RCE. Cursor detects path manipulation via forward slashes ./.cursor/./././././mcp.json etc., and requires human approval to complete the operation. However, the same kin...

vim: Vim path traversal

A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive...

github.com/golang/glog: Vulnerability when creating log files in github.com/golang/glog

A flaw was found in glog, a logging library. This vulnerability allows an unprivileged attacker to overwrite sensitive files via a symbolic link planted in a widely writable directory, exploiting the log file path predictability...

Q-Free MAXTIME Suite 安全漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A security vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions. An attacker could exploit the vulnerability to overwrite sensitive files via a specially crafted HTTP request...

CVE-2024-45339 Vulnerability when creating log files in github.com/golang/glog

When logs are written to a widely-writable directory the default, an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that...

Pre-Auth Path traversal in pimcore_log, leading potential DOS

Description A path traversal vulnerability exists in the CMS, which allows an attacker to overwrite or modify sensitive files by manipulating the pimcorelog parameter. This can lead to potential denial of service---key file overwrite. Proof of Concept - As a prequisition, pimcore must be installe...

USN-4139-1 file-roller vulnerability

It was discovered that File Roller incorrectly handled certain TAR files. An attacker could possibly use this issue to overwrite sensitive files during extraction...

CVE-2019-6617

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, a user with the Resource Administrator role is able to overwrite sensitive low-level files such as /etc/passwd using SFTP to modify user permissions, without Advanced Shell access. This is contrary to o...

PT-2019-18199 · F5 · F5 Big-Ip

Name of the Vulnerable Software and Affected Versions: F5 BIG-IP versions 11.5.2 through 11.5.8 F5 BIG-IP versions 11.6.1 through 11.6.3.4 F5 BIG-IP versions 12.1.0 through 12.1.4 F5 BIG-IP versions 13.0.0 through 13.1.1.4 F5 BIG-IP versions 14.0.0 through 14.1.0.1 Description: A user with the...

CVE-2017-14091

A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange directory...

CVE-1999-0371

CVE-1999-0371 impacts Lynx: a local user can overwrite sensitive files via /tmp symlinks. The issue is a local-auth, race/symlink-related flaw in Lynx’s handling of /tmp, with a low base score (CVSSv2 1.2) and partial confidentiality impact. No exploit details are provided in the connected docume...

CVE-1999-0096

Sendmail decode alias can be used to overwrite sensitive files...