CVE-2026-34909

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account...

CVE-2026-21668

A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository...

CVE-2026-21668

A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository...

CVE-2026-22624

Due to inadequate access control, authenticated users of certain HIKSEMI NAS products can manipulate other users' file resources without proper authorization...

CVE-2025-58097

CVE-2025-58097 concerns LogStare Collector where the installation directory has incorrect access permissions. The issue allows a non-administrative user to manipulate files in the installation path and execution of arbitrary code with administrative privileges (local attack). The CVSS metrics ind...

EUVD-2007-5430

Malware in sbrugna...

CVE-2025-23054

A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer could allow an authenticated low privilege operator user to perform operations not allowed by their privilege level. Successful exploitation could allow an attacker to manipulate user generated files,...

CVE-2024-22034

Attackers could put the special files in .osc into the actual package sources e.g. apiurl. This allows the attacker to change the configuration of osc for the victim...

Information disclosure

A vulnerability, which was classified as problematic, has been found in Maiwei Safety Production Control Platform 4.1. This issue affects some unknown processing of the file /TC/V2.7/ha.html of the component Intelligent Monitoring. The manipulation leads to information disclosure. The attack may ...

TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions

Exploit Title: TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://tsplus.net/ Version: Up to 16.0.2.14 Tested on: Windows CVE : CVE-2023-31067 TSplus Remote Access v...

CVE-2023-0284

Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server. Checkmk = 2.1.0p19, Checkmk = 2.0.0p32, and all versions of Checkmk 1.6.0 EOL are affected...

The vulnerability of the web application for managing phpMyAdmin databases lies in the authentication procedures’ deficiencies, which allow attackers to view and execute files on the server.

The vulnerability in the web application for managing phpMyAdmin databases is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to remotely access and manipulate files on the server...

Cross site request forgery (csrf)

A CSRF issue was found in var/www/html/files.php in DanWin hosting through 2018-02-11 that allows arbitrary remote users to add/delete/modify any files in any hosting account...

Mozilla Firefox ESR < 52.2 Multiple Vulnerabilities

The version of Mozilla Firefox ESR installed on the remote Windows host is prior to 52.2. It is, therefore, affected by multiple vulnerabilities : - Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to execute arbitrary code by convincing a user to visit a...

CVE-2016-0394

IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files...

VHD Driver Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Virtual Hard Disk Drive fails to properly handle user access to certain files. An attacker who successfully exploited the vulnerability could manipulate files in locations not intended to be available to the user. To exploit the...

CVE-2016-8565

Siemens Automation License Manager ALM before 5.3 SP3 allows remote attackers to write to files, rename files, create directories, or delete directories via crafted packets...

CVE-2012-0871

The sessionlinkx11socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/...

QNAP Turbo NAS privilege escalation

It's possible to manipulate files by absolute path...

McAfee LinuxShield privilege escalation

nailsd TCP/65443 service allows authenticated user to manipulate files with nailsd permissions...