Lucene search
K

7 matches found

CNNVD
CNNVD
added 2021/10/13 12:0 a.m.2 views

Draytek VigorConnect 访问控制错误漏洞

VigorConnect is the local network management software for DrayTek devices.An arbitrary file deletion vulnerability exists in the file deletion feature of the Html5Servlet endpoint in Draytek VigorConnect version 1.6.0-B3. An attacker could use the vulnerability to arbitrarily delete files anywher...

8.5CVSS5.8AI score0.01095EPSS
Exploits1References2
OSV
OSV
added 2021/05/04 1:30 p.m.3 views

UBUNTU-CVE-2021-27216

Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a deletepidfile race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options...

6.3CVSS7.2AI score0.00984EPSS
Exploits4References4
CNNVD
CNNVD
added 2021/05/04 12:0 a.m.3 views

Exim 权限许可和访问控制问题漏洞

Exim was developed at Cambridge University as a Message Transfer Agent MTA for Unix systems connected to the Internet. Exim suffers from an arbitrary file deletion vulnerability that can be exploited by a local attacker to delete arbitrary files as root via the deletepidfile contention condition...

7.8CVSS5.8AI score0.00984EPSS
Exploits4References7
CNVD
CNVD
added 2018/01/25 12:0 a.m.1 views

Arbitrary file deletion vulnerability in XiaoCms background template.php and database.php pages

Based on PHP+Mysql architecture, XiaoCms Enterprise Builder is a small, flexible, simple and easy-to-use lightweight cms. XIAOCMS background template.php and database.php page there are arbitrary file deletion vulnerability. Attackers can successfully delete files in the root directory by...

7.1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2017/11/23 12:0 a.m.7 views

The vulnerability of the microprogramming software of the Trend Micro Threat Discovery Appliance lies in the improper restriction on the path to the restricted access catalog. This allows a malicious actor to delete arbitrary files with root privileges, bypass authentication procedures, or cause service failures.

The vulnerability of the microprogramming software of the Trend Micro Threat Discovery Appliance exists due to an incorrect restriction on the path name to the restricted catalog during the processing of the sessionid parameter from the cookie file. Exploiting this vulnerability allows a maliciou...

10CVSS7.7AI score0.93249EPSS
Exploits15References3Affected Software1
OSV
OSV
added 2017/04/12 10:59 a.m.0 views

CVE-2016-7552

On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a sessionid cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS...

9.8CVSS5.9AI score0.93249EPSS
Exploits15References2
Packet Storm
Packet Storm
added 2000/05/17 12:0 a.m.30 views

rm.racecondition

Synopsis: If root ever does "rm -rf /tmp/foo" for a directory structure not completely owned by root, a local user can delete all files that root can. Such deletions are common for a /tmp cleanup and b before creating a specific directory in /tmp/. Details: "rm -r" implementations Solaris 7, Gnu...

7.4AI score
Exploits0
Rows per page
Query Builder