CVE-2023-28483

An issue was discovered in Tigergraph Enterprise 3.7.0. The GSQL query language provides users with the ability to write data to files on a remote TigerGraph server. The locations that a query is allowed to write to are configurable via the GSQL.FileOutputPolicy configuration setting. GSQL querie...

PT-2023-24016 · Prtg · Prtg

Name of the Vulnerable Software and Affected Versions: PRTG versions 23.2.84.1566 and earlier Description: A command injection issue was identified in the Dicom C-ECHO sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially...

CVE-2023-35801

A directory traversal vulnerability in Safe Software FME Server before 2022.2.5 allows an attacker to bypass validation when editing a network-based resource connection, resulting in the unauthorized reading and writing of arbitrary files. Successful exploitation requires an attacker to have acce...

CVE-2023-35801

A directory traversal vulnerability in Safe Software FME Server before 2022.2.5 allows an attacker to bypass validation when editing a network-based resource connection, resulting in the unauthorized reading and writing of arbitrary files. Successful exploitation requires an attacker to have acce...

CVE-2023-2270

The Netskope client service running with NT\SYSTEM privileges accepts network connections from localhost to start various services and execute commands. The connection handling function of Netskope client before R100 in this service utilized a relative path to download and unzip configuration fil...

PT-2023-18643 · Netskope · Netskope Client

Name of the Vulnerable Software and Affected Versions: Netskope client versions prior to R100 Description: The Netskope client service, running with NTSYSTEM privileges, accepts network connections from localhost to start various services and execute commands. A connection handling function in th...

CVE-2023-0142

Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager DSM before 6.2.4-25556-8, 7.0.1-42218-7 and 7.1-42661 allows remote authenticated users with administrator privileges to read or write arbitrary files via unspecified vectors...

The vulnerability of Hitachi software lies in improper default permissions, which allow attackers to read and write certain files.

The vulnerability of Hitachi software products is related to incorrect default permissions. Exploiting this vulnerability allows an attacker to read and write certain files...

InsightCloudSec 安全漏洞

InsightCloudSec is a fully integrated cloud-native security platform from InsightCloudSec, Inc. A security vulnerability exists in versions of InsightCloudSec prior to 23.3.21, which originates from an attacker being able to read and write arbitrary files from disk using an exposed "box" object...

VulnCheck KEV: CVE-2022-41328

Fortinet FortiOS contains a path traversal vulnerability that may allow a local privileged attacker to read and write files via crafted CLI commands...

The vulnerabilities in the web interface of FortiOS, the local software product FortiSwitch Manager, and the proxy server FortiProxy, designed for protecting against internet attacks, allow attackers to read and write files on a basic Linux system.

The vulnerability in the web interface of FortiOS operating systems, the local software management platform FortiSwitch Manager, and the proxy server for internet attack protection, FortiProxy, is related to errors in processing the relative path to the directory. Exploiting this vulnerability...

The vulnerability of the resource management application for Hitachi Tuning Manager lies in its default access settings, which allow attackers to read and write certain files.

The vulnerability of the Hitachi Tuning Manager resource management application relates to the default access rights settings. Exploiting this vulnerability could allow an attacker to read and write certain files...

CVE-2022-3884

Incorrect Default Permissions vulnerability in Hitachi Ops Center Analyzer on Windows Hitachi Ops Center Analyzer RAID Agent component allows local users to read and write specific files.This issue affects Hitachi Ops Center Analyzer: from 10.9.0-00 before 10.9.0-01...

Hitachi Ops Center Analyzer 安全漏洞

Hitachi Ops Center Analyzer is a data center management software from Hitachi, Japan. It monitors, reports, and correlates end-to-end performance from servers to storage. A security vulnerability exists in Hitachi Ops Center Analyzer version 10.9.0-00 through versions prior to 10.9.0-01 that stem...

SUSE CVE-2004-0792

Directory traversal vulnerability in the sanitizepath function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files...

SUSE CVE-2007-2438

The sandbox for vim allows dangerous functions such as 1 writefile, 2 feedkeys, and 3 system, which might allow user-assisted attackers to execute shell commands and write files via modelines...

SUSE CVE-2008-0657

Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted 1 application or 2 applet, as demonstrated by an application or applet that grants...

SUSE CVE-2010-2548

IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read and write arbitrary files...

SUSE CVE-2015-1324

Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root...

CVE-2023-21445

Improper access control vulnerability in MyFiles prior to versions 12.2.09 in Android R11, 13.1.03.501 in Android S12 and 14.1.00.422 in Android T13 allows local attacker to write file with MyFiles privilege via implicit intent...