49 matches found
Meesho Online Shopping 加密问题漏洞
Meesho Online Shopping is an e-commerce system developed by the Meesho company. Versions of Meesho Online Shopping prior to 27.3 contained a security vulnerability related to encrypted data handling. This vulnerability stemmed from incorrect operations with files and API endpoints, potentially...
CVE-2026-23592
Insecure file operations in HPE Aruba Networking Fabric Composer’s backup functionality could allow authenticated attackers to achieve remote code execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system...
CVE-2026-23592
Insecure file operations in HPE Aruba Networking Fabric Composer’s backup functionality could allow authenticated attackers to achieve remote code execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system...
CVE-2026-23592
Insecure file operations in HPE Aruba Networking Fabric Composer’s backup functionality could allow authenticated attackers to achieve remote code execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system...
open-vm-tools: Insecure file handling
A vulnerability was found in open-vm-tools. A malicious actor with non-administrative privileges on a guest virtual machine VM may tamper with the local files to trigger insecure file operations within that VM...
CVE-2025-42883 Insecure File Operations vulnerability in SAP NetWeaver Application Server for ABAP (Migration Workbench)
Migration Workbench DX Workbench in SAP NetWeaver Application Server for ABAP fails to trigger a malware scan when an attacker with administrative privileges uploads files to the application server. An attacker could leverage this and upload a malicious file into the system. This results in a low...
EUVD-2020-5991
Malware in sbrugna...
EUVD-2023-44597
Malicious code in bioql PyPI...
USN-7508-2: Open VM Tools vulnerability
USN-7508-1 fixed a vulnerability in Open VM Tools. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS Original advisory details: It was discovered that Open VM Tools incorrectly handled certain file operations. An attacker in a guest could use this issue to...
CVE-2020-13774
An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx file. The issue is caused by insufficient file extension validation and insecure file operations ...
CVE-2018-20945
bin/csvprocess in cPanel before 68.0.27 allows insecure file operations SEC-354...
USN-7508-1 open-vm-tools vulnerability
It was discovered that Open VM Tools incorrectly handled certain file operations. An attacker in a guest could use this issue to perform insecure file operations and possibly elevate privileges in the guest...
AZL-67797 CVE-2025-22247 affecting package open-vm-tools for versions less than 11.3.0-4
VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM...
CVE-2025-22247
CVE-2025-22247 affects open-vm-tools ( VMware Tools open-source components) and can be triggered by a non-administrative guest-VM user due to insecure file handling that may tamper local files, potentially enabling partial integrity impact within the guest. Several advisories confirm affected pac...
CVE-2023-32190
A flaw was found in the mlocate package of OpenSUSE and derived distributions. This issue occurs due to a insecure chmod call in the %post section of the mlocate package, allowing users to obtain read/write access to arbitrary files on the system when the mlocate package is re-installed or upgrad...
CVE-2023-32190
mlocate's %post script allows RUNUPDATEDBAS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges...
CVE-2023-32190 mlocate's %post script allows RUN_UPDATEDB_AS user to make arbitrary files world readable
mlocate's %post script allows RUNUPDATEDBAS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges...
CVE-2023-32190
CVE-2023-32190 affects the mlocate package (notably OpenSUSE-derived distributions). The vulnerability stems from an insecure chmod/permissions handling in the %post script, allowing a local attacker to abuse root-run file operations to make arbitrary files world-readable. Impact is localized to ...
CVE-2023-32190
mlocate's %post script allows RUNUPDATEDBAS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges...
openSUSE Tumbleweed 安全漏洞
openSUSE Tumbleweed is an open source system from SUSE Germany. A security vulnerability exists in openSUSE Tumbleweed that originates from allowing a user to make arbitrary files readable by everyone by abusing insecure file operations run with root privileges...