security flaw

Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452...

Low: Red Hat Security Advisory: perl security update

Updated Perl packages that fix security issues and contain several bug fixes are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. Perl is a high-level programming language commonly used for system...

File absolute path to access that support non-８ ０ port-vulnerability warning-the black bar safety net

Get the current asp implementation file where the absolute path support with port absolute path to/end in solving some ofXMLdocuments called useful． Or applied to the thief program, the program is as follows //poweredBy Airzen //qq:3 9 1 9 2 1 7 0 //e mail:[email protected] //date:2004-12-03 //repo...

Fedora Core 3 : perl-5.8.5-14.FC3 (2005-600)

Paul Szabo discovered another vulnerability in the File::Path::rmtree function of perl, the popular scripting language. When a process is deleting a directory tree, a different user could exploit a race condition to create setuid binaries in this directory tree, provided that he already had write...

Intruder Client 1.00 - Remote Command Execution Denial of Service

Intruder Client 1.00 - Remote Command Execution Denial of Service !/usr/bin/perl Intruder Command Execution DOS Exploit -------------------------------------- Infam0us Gr0up - Securiti Research ? Version: libwww-perl-5.76 + Connecting to 127.0.0.1.. + Connected + Backup for files..DONE + Build...

CVE-2002-1990

Resin 2.0.5 through 2.1.2 allows remote attackers to reveal physical path information via a URL request for the example Java class file HelloServlet...

FreeBSD : perl -- File::Path insecure file/directory permissions (c418d472-6bd1-11d9-93ca-000a95bc6fae)

Jeroen van Wolffelaar reports that the Perl module File::Path contains a race condition wherein traversed directories and files are temporarily made world-readable/writable. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

CVE-2005-1688

Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in 1 wp-content/themes/, 2 wp-includes/, or 3 wp-admin/, which reveal the path in an error message...

CVE-2005-1616

viewforum.php in Ultimate PHP Board UPB 1.8 through 1.9.6 allows remote attackers to obtain sensitive information via an invalid 1 id or possibly 2 postorder parameter, which reveals the path in an error message when a file can not be opened...

CVE-2005-1616

viewforum.php in Ultimate PHP Board UPB 1.8 through 1.9.6 allows remote attackers to obtain sensitive information via an invalid 1 id or possibly 2 postorder parameter, which reveals the path in an error message when a file can not be opened...

DEBIAN-CVE-2005-0448

Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452...

ARPUSCe - Local Overflow (setuid) (Perl)

ARPUSCe - Local Overflow setuid Perl !/usr/bin/perl -w Setuid ARPUS/ce exploit by KF - kflistsatdigitalmunitiondotcom - 4/21/05 Copyright Kevin Finisterre kfinisterre@threat:/tmp$ ./ceex.pl sh-2.05b id uid=0root gid=1000kfinisterre groups=20dialout,24cdrom,25floppy,29audio,44video,1000kfinisterre...

Debian DSA-696-1 : perl - design flaw

Paul Szabo discovered another vulnerability in the File::Path::rmtree function of perl, the popular scripting language. When a process is deleting a directory tree, a different user could exploit a race condition to create setuid binaries in this directory tree, provided that he already had write...

DSA-696-1 perl - design flaw

Bulletin has no description...

USN-94-1: Perl vulnerability

Paul Szabo discovered another vulnerability in the rmtree function in File::Path.pm. While a process running as root or another user was busy deleting a directory tree, a different user could exploit a race condition to create setuid binaries in this directory tree, provided that he already had...

security flaw

Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack...

security flaw

Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack...

CVE-2004-1064

The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing the data to the realpath function, which could allow attackers to bypass safe mode. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute...

CVE-2004-1064

The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing the data to the realpath function, which could allow attackers to bypass safe mode. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute...

CVE-2004-0452

Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack...