Race condition

Nessus 8.5.2 and earlier on Windows platforms were found to contain an issue where certain system files could be overwritten arbitrarily, potentially creating a denial of service condition...

CVE-2019-1961

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system OS of an affected device. The vulnerability is due to the improper input validation of tar packages uploaded through the W...

gvfs: Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password

An incorrect permission check in the admin backend in gvfs was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users...

nodejs-tar: Arbitrary file overwrites when extracting tarballs containing a hard-link

A flaw was found in nodejs-tar in versions prior to 4.4.2. An arbitrary file overwrite can occur when extracting tarballs containing a hard-link to a file that already exists in the system. Further, a file that matches the hard-link may overwrite the system's files with the contents of the...

OPENSUSE-SU-2019:1752-1 Security update for libqb

This update for libqb fixes the following issue: Security issue fixed: - CVE-2019-12779: Fixed an insecure treatment of IPC temporary files which could have allowed a local attacker to overwrite privileged system files bsc1137835. This update was imported from the SUSE:SLE-15-SP1:Update update...

Security update for libqb (moderate)

openSUSE Security Update: Security update for libqb Announcement ID: openSUSE-SU-2019:1718-1 Rating: moderate References: 1137835 Cross-References: CVE-2019-12779 Affected Products: openSUSE Leap 15.0 An update that fixes one vulnerability is now available. Description: This update for libqb fixe...

WPZD-163(II) Distribution Grid Integration Measurement and Control Terminal has Logic Flaw Vulnerability

Xuji Group Co., Ltd. is a high-tech modern industrial group specializing in electric power, automation and intelligent manufacturing. WPZD-163II Power Distribution Grid Integration Measurement and Control Terminal suffers from a logic flaw vulnerability that can be exploited by attackers to...

SUSE SLED15 / SLES15 Security Update : libqb (SUSE-SU-2019:1812-1)

This update for libqb fixes the following issues : Security issue fixed : CVE-2019-12779: Fixed an issue where a local attacker could overwrite privileged system files bsc1137835. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security...

Karenderia Multiple Restaurant System 5.3 - Local File Inclusion Vulnerability

Exploit for php platform in category web applications =========================================================================================== Exploit Title: Karenderia CMS 5.1 - LFI Vuln. Dork: N/A Date: 04-07-2019 Exploit Author: Mehmet EMIROGLU Software Link:...

CVE-2018-18406

An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 build 1179Final. The Audit Report module is affected by a blind XXE vulnerability when a new Best Practices Report is saved using a special payload inside the xml input field. The XXE vulnerability is blind since the response...

Xxe

An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 build 1179Final. The Audit Report module is affected by a blind XXE vulnerability when a new Best Practices Report is saved using a special payload inside the xml input field. The XXE vulnerability is blind since the response...

CVE-2018-18406

An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 build 1179Final. The Audit Report module is affected by a blind XXE vulnerability when a new Best Practices Report is saved using a special payload inside the xml input field. The XXE vulnerability is blind since the response...

gvfs: Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password

An incorrect permission check in the admin backend in gvfs was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users...

Path traversal

An Improper Limitation of a Pathname to a Restricted Directory "Path Traversal" in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download syste...

CVE-2018-13379

An Improper Limitation of a Pathname to a Restricted Directory "Path Traversal" in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download syste...

CVE-2018-13379 Path Traversal in Fortinet FortiOS

An Improper Limitation of a Pathname to a Restricted Directory “Path Traversal” in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download syste...

Malicious Package

Overview Version 1.0.0 of rimrafall contains malicious code as a preinstall script. The package attempts to remove all files in the system's root folder. Recommendation If you installed this package it is likely your machine was erased. If not, remove the package from your system and verify if an...

Protect

A path traversal vulnerability in the FortiOS SSL VPN web portal may allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests...

Schneider Electric Modbus Serial Driver Resource Management Error Vulnerability

Schneider Electric Modbus Serial Driver is a serial driver from Schneider Electric France. A resource management error vulnerability exists in the Schneider Electric Modbus Serial Driver. An attacker could exploit this vulnerability to perform write operations to system files or other critical us...

Malicious Package

destroyer-of-worlds is a malicious package. A malicious bash script resides in the package which will execute as a postinstall script. The script deletes system files and creates a large file, fork bomb and an endless loop in an attempt to crash the host...