3356 matches found
webcache.pl
Proof-of-concept exploit for Oracle9iAS Web Cache/2.0.0.1.0 Creates the file c:\defcom.iyd By [email protected] C2001 Since we do not control the space after what ESP points to, I was lazy and did a direct buffer jump. So, if it does not work, try changing the return addressstart of buffer in me...
Samba NETBIOS Name Traversal Arbitrary Remote File Creation
The remote Samba server, according to its version number, allows creation of arbitrary remote files. This vulnerability allows an attacker to overwrite arbitrary files by supplying an arbitrarily formed NetBIOS machine name to this server, and to potentially become root on the remote server. An...
Security Bulletin MS01-051
---------------------------------------------------------------------- Title: Malformed Dotless IP Address Can Cause Web Page to be Handled in Intranet Zone Date: 10 October 2001 Software: Internet Explorer Impact: Three vulnerabilities: - Cause web page to render a web page using inappropriate...
Slackware 7.07.18.0 - Manual Page Cache File Creation
Slackware 7.07.18.0 - Manual Page Cache File Creation // source: https://www.securityfocus.com/bid/3054/info Slackware Linux contains a configuration error that enables local users to create files in the directory used by the system manual pager 'man' for cache files. Due to the behaviour of the...
Slackware 7.0/7.1/8.0 - Manual Page Cache File Creation
// source: https://www.securityfocus.com/bid/3054/info Slackware Linux contains a configuration error that enables local users to create files in the directory used by the system manual pager 'man' for cache files. Due to the behaviour of the 'man' program, it may be possible for an attacker to...
Samsung ml85p Printer Driver 1.0 - Insecure Temporary File Creation (2)
Samsung ml85p Printer Driver 1.0 - Insecure Temporary File Creation 2 source: https://www.securityfocus.com/bid/3008/info ml85p is a Linux driver for Samsung ML-85G series printers. It may be bundled with distributions of Ghostscript. ml85p does not check for symbolic links when creating image...
Samsung ml85p Printer Driver 1.0 - Insecure Temporary File Creation (1)
Samsung ml85p Printer Driver 1.0 - Insecure Temporary File Creation 1 // source: https://www.securityfocus.com/bid/3008/info ml85p is a Linux driver for Samsung ML-85G series printers. It may be bundled with distributions of Ghostscript. ml85p does not check for symbolic links when creating image...
Проблема символьных линков в драйвере Samsung ML-85G (symbolic link)
При создании временного файла используется метка времени...
Samsung ml85p Printer Driver 1.0 - Insecure Temporary File Creation (1)
// source: https://www.securityfocus.com/bid/3008/info ml85p is a Linux driver for Samsung ML-85G series printers. It may be bundled with distributions of Ghostscript. ml85p does not check for symbolic links when creating image output files. These files are created in /tmp with a guessable naming...
Samsung ml85p Printer Driver 1.0 - Insecure Temporary File Creation (2)
source: https://www.securityfocus.com/bid/3008/info ml85p is a Linux driver for Samsung ML-85G series printers. It may be bundled with distributions of Ghostscript. ml85p does not check for symbolic links when creating image output files. These files are created in /tmp with a guessable naming...
lmail local root exploit
lmail is vulnerable to an insecure mktemp race which allows a user to overwrite or create a files. Offending code lmail.c: define MAILTMPFILE "/tmp/rmXXXXXX" ... static char tempfname = MAILTMPFILE; ... if fseekstdin, 0L, 0 != 0 mailfile = fopenmktemptempfname, "w+"; ... Patch: s/mktemp/mkstemp/g...
Various shells create temporary files insecurely when using << operator
Overview sh uses /tmp files of a predictable name in creating files for input redirection using the operator. Description When performing the "" redirection, /bin/sh creates a temporary file in /tmp with a name based on the process id, writes subsequent input out to that file, and then closes the...
[SECURITY] [DSA-065-1] samba remote file append/creation problem
Package : samba Problem type : remote file append/creation Debian-specific: no Michal Zalewski discovered that samba does not properly validate NetBIOS names from remote machines. By itself that is not a problem, except if Samba is configure to write log-files to a file that includes the NetBIOS...
Samba 2.0.x2.2 - Arbitrary File Creation
Samba 2.0.x2.2 - Arbitrary File Creation source: https://www.securityfocus.com/bid/2928/info Samba is a freely available file and printer sharing application maintained and developed by the Samba Development Team. Samba allows file and printer sharing between operating systems on the Unix and...
Samba 2.0.x/2.2 - Arbitrary File Creation
source: https://www.securityfocus.com/bid/2928/info Samba is a freely available file and printer sharing application maintained and developed by the Samba Development Team. Samba allows file and printer sharing between operating systems on the Unix and Microsoft platforms. A remote local user can...
CVE-2001-0403
/opt/JSparm/bin/perfmon program in Solaris allows local users to create arbitrary files as root via the Logging File option in the GUI...
CVE-2001-0265
ASCII Armor parser in Windows PGP 7.0.3 and earlier allows attackers to create files in arbitrary locations via a malformed ASCII armored file...
VMware symlink problems
Problem description ---------------------- There is symlink vulnerability in the vmware-mount.pl script which comes with lates VMware. 2. Details ---------- While mounting virtual disk drives using the vmware-mount.pl script, a temporary file named vmware-mount.pl.PID where PID is the current...
SuSE 7.0 - KFM Insecure .TMP File Creation
SuSE 7.0 - KFM Insecure .TMP File Creation source: https://www.securityfocus.com/bid/2629/info KFM is the KDE File Manager, included with version 1 of the KDE base package in most Linux installations. KFM is designed as a graphical, easily navigated interface to the Linux Filesystem. A problem wi...
SuSE 7.0 - KFM Insecure '.TMP' File Creation
source: https://www.securityfocus.com/bid/2629/info KFM is the KDE File Manager, included with version 1 of the KDE base package in most Linux installations. KFM is designed as a graphical, easily navigated interface to the Linux Filesystem. A problem with KFM could allow the overwriting of files...