143 matches found
CVE-2021-25160
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below...
CVE-2021-25155
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below...
CVE-2019-19349
CVE-2019-19349 describes an insecure modification vulnerability in the /etc/passwd file within the container operator-framework/operator-metering as shipped in Red Hat OpenShift 4 . An attacker with access to the container could modify /etc/passwd and escalate privileges. The connected documents ...
GHSA-PJ4G-4488-WMXM Dynamic modification of RPyC service due to missing security check
Impact Version 4.1.0 of RPyC has a vulnerability that affects custom RPyC services making it susceptible to authenticated remote attacks. Patches Git commits between September 2018 and October 2019 and version 4.1.0 are vulnerable. Use a version of RPyC that is not affected. Workarounds The commi...
CVE-2019-10679
Thomson Reuters Eikon 4.0.42144 allows all local users to modify the service executable file because of weak %PROGRAMFILESX86%\Thomson Reuters\Eikon permissions...
Vertiv UPS Management Module FTP Service Arbitrary File Modification Vulnerability
Vertiv Technologies Limited Vertiv, was founded in 2000. Vertiv designs, manufactures and provides services for critical infrastructure equipment to keep data centers, communication networks, commercial and industrial facilities running well, and provides power supply and distribution, thermal...
Cisco AnyConnect Secure Mobility Client Configuration File Modification Vulnerability
The Cisco AnyConnect Secure Mobility Client is a virtual private network VPN client for a variety of operating systems and hardware configurations. A configuration file modification vulnerability exists in the Inter-Process Communication IPC channel in Cisco AnyConnect Secure Mobility Client...
CVE-2020-14693
Vulnerability in the Oracle Insurance Accounting Analyzer product of Oracle Financial Services Applications component: User Interface. Supported versions that are affected are 8.0.6-8.0.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...
Zhengzhou Soter Information Technology Co., Ltd. digital campus management platform has a logic flaw vulnerability
Zhengzhou Sothe Information Technology Co., Ltd. is a software technology as the core, is committed to providing customers with software products, perfect technical support and software outsourcing services company. Zhengzhou Soter Information Technology Co., Ltd. digital campus management platfo...
CVE-2020-7608
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload...
Odoo Access Control Error Vulnerability (CNVD-2019-30570)
Odoo is an open source commercial system from the Belgian company Odoo. An access control error vulnerability exists in the password encryption module in Odoo version 9.0 Community and Enterprise, which can be exploited by an attacker to modify another user's password...
CVE-2019-2594
Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products subcomponent: Application Server. Supported versions that are affected are 8.55, 8.56 and 8.57. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to...
Intel Converged Security and Management Engine and Intel TXE Content Protection Subsystem Unauthorized Data Modification Vulnerability
Intel Converged Security and Management Engine CSME and Intel TXE are both products of Intel Corporation.Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trust enforcement engine with hardware authentication capabilities used in the CPU Central...
CVE-2019-8408
OneFileCMS 3.6.13 allows remote attackers to modify onefilecms.php by clicking the Copy button twice...
CVE-2019-1003017
The CVE-2019-1003017 entry concerns Jenkins Job Import Plugin (3.0 and earlier). The vulnerability stems from a data modification flaw in JobImportAction.java that enables attackers to copy jobs from a preconfigured external Jenkins instance, potentially installing additional plugins needed to lo...
CVE-2019-1003017
A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job's configuration...
Apple macOS file modification vulnerability
macOS is Apple's proprietary operating system for the Mac line of products. A file modification vulnerability exists in the EFI component in Apple macOS High Sierra 10.13.6, macOS Mojave 10.14. A local user can exploit the vulnerability to modify protected portions of the file system...
Design/Logic Flaw
A data modification vulnerability exists in Jenkins Agiletestware Pangolin Connector for TestRail Plugin 2.1 and earlier in GlobalConfig.java that allows attackers with Overall/Read permission to override this plugin's configuration by sending crafted HTTP requests to an unprotected endpoint...
CVE-2018-1999037
CVE-2018-1999037 affects Jenkins Resource Disposer Plugin up to version 0.11. The vulnerability is in AsyncResourceDisposer.java and allows an attacker to stop tracking a resource (data modification). Related advisories confirm an additional CSRF weakness in the API endpoint prior to version 0.12...
October CMS Apache Configuration Modification Vulnerability
OctoberCMS is a CMS system based on Laravel PHP development framework. October CMS build 412 suffers from an Apache configuration modification vulnerability. The vulnerability can be exploited to compromise a website and other applications on the server via the file upload feature...