7 matches found
Draytek VigorConnect 访问控制错误漏洞
VigorConnect is the local network management software for DrayTek devices.An arbitrary file deletion vulnerability exists in the file deletion feature of the Html5Servlet endpoint in Draytek VigorConnect version 1.6.0-B3. An attacker could use the vulnerability to arbitrarily delete files anywher...
UBUNTU-CVE-2021-27216
Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a deletepidfile race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options...
Exim 权限许可和访问控制问题漏洞
Exim was developed at Cambridge University as a Message Transfer Agent MTA for Unix systems connected to the Internet. Exim suffers from an arbitrary file deletion vulnerability that can be exploited by a local attacker to delete arbitrary files as root via the deletepidfile contention condition...
Arbitrary file deletion vulnerability in XiaoCms background template.php and database.php pages
Based on PHP+Mysql architecture, XiaoCms Enterprise Builder is a small, flexible, simple and easy-to-use lightweight cms. XIAOCMS background template.php and database.php page there are arbitrary file deletion vulnerability. Attackers can successfully delete files in the root directory by...
The vulnerability of the microprogramming software of the Trend Micro Threat Discovery Appliance lies in the improper restriction on the path to the restricted access catalog. This allows a malicious actor to delete arbitrary files with root privileges, bypass authentication procedures, or cause service failures.
The vulnerability of the microprogramming software of the Trend Micro Threat Discovery Appliance exists due to an incorrect restriction on the path name to the restricted catalog during the processing of the sessionid parameter from the cookie file. Exploiting this vulnerability allows a maliciou...
CVE-2016-7552
On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a sessionid cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS...
rm.racecondition
Synopsis: If root ever does "rm -rf /tmp/foo" for a directory structure not completely owned by root, a local user can delete all files that root can. Such deletions are common for a /tmp cleanup and b before creating a specific directory in /tmp/. Details: "rm -r" implementations Solaris 7, Gnu...