Lucene search
+L

103 matches found

CNVD
CNVD
added 2016/01/11 12:0 a.m.5 views

Debian Insecure Temporary File Handling Vulnerability

Debian is a free operating system. Debian uses an insecure way of handling temporary files, allowing a local attacker to exploit the vulnerability to overwrite arbitrary user files...

5.5CVSS6.8AI score0.00336EPSS
Exploits0References1
CNVD
CNVD
added 2015/07/21 12:0 a.m.5 views

OpenJDK Insecure Temporary File Handling Vulnerability

OpenJDK is the Java Platform, Standard Edition and related projects of the open source implementation of the collaborative platform . OpenJDK suffers from an insecure hsperfdata temporary file handling issue, the exploitation of which could allow an attacker to conduct a symbolic link attack to...

5.5CVSS8.6AI score0.00384EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2015/06/11 1:21 p.m.6 views

jar: directory traversal vulnerability

A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted...

5CVSS5.8AI score0.06717EPSS
Exploits1References4
CNVD
CNVD
added 2015/01/16 12:0 a.m.6 views

GNU Coreutils Insecure Temporary File Creation Vulnerability

The GNU Coreutils are the basic file, shell and text manipulation tools used by the GNU operating system. An insecure temporary file creation vulnerability exists in GNU Coreutils that allows a local access attacker to potentially obtain sensitive information or perform a symbolic link attack to...

4.4CVSS6.5AI score0.00379EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2014/08/27 12:0 a.m.53 views

PHP 5.4.x < 5.4.32 Multiple Vulnerabilities

According to its banner, the remote web server is running a version of PHP 5.4.x prior to 5.4.32. It is, therefore, affected by the following vulnerabilities : - LibGD contains a NULL pointer dereference flaw in its 'gdImageCreateFromXpm' function in the 'gdxpm.c' file. By using a specially craft...

6.8CVSS7.7AI score0.22319EPSS
Exploits6References16
OSV
OSV
added 2014/06/17 3:55 p.m.1 views

DEBIAN-CVE-2014-4038

ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a symlink attack related to 1 rtaserrd/diagsupport.c and /tmp/getdtfiles, 2 scripts/ppc64diagmkrsrc and /tmp/diagSEsnap/snapH.tar.gz, or 3 lpd/test/lpdelatest.sh and /var/tmp/ras...

4.4CVSS6.7AI score0.00352EPSS
Exploits0References1
NVD
NVD
added 2014/04/23 3:55 p.m.25 views

CVE-2014-2893

The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directories with predictable names...

1.9CVSS5.9AI score0.00407EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2014/02/20 4:55 p.m.130 views

CVE-2013-4420

Multiple directory traversal vulnerabilities in the 1 tarextractglob and 2 tarextractall functions in libtar 1.2.20 and earlier allow remote attackers to overwrite arbitrary files via a .. dot dot in a crafted tar file...

5.8CVSS5.9AI score0.03277EPSS
Exploits0
OSV
OSV
added 2014/01/28 12:55 a.m.7 views

DEBIAN-CVE-2014-1640

axiom-test.sh in axiom 20100701-1.1 uses tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename...

3.3CVSS6.7AI score0.00313EPSS
Exploits0References1
Cvelist
Cvelist
added 2014/01/28 12:0 a.m.29 views

CVE-2014-1624

Race condition in the xdg.BaseDirectory.getruntimedir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once th...

6AI score0.00315EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2013/08/29 12:7 p.m.25 views

CVE-2013-5648

Absolute path traversal vulnerability in the handleStartDataFile function in DigiDocSAXParser.c in libdigidoc 3.6.0.0, as used in ID-software before 3.7.2 and other products, allows remote attackers to overwrite arbitrary files via a filename beginning with / slash or \ backslash in a DDOC file...

6.8CVSS5.9AI score0.02053EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2013/08/29 10:0 a.m.56 views

CVE-2013-5648

Absolute path traversal vulnerability in the handleStartDataFile function in DigiDocSAXParser.c in libdigidoc 3.6.0.0, as used in ID-software before 3.7.2 and other products, allows remote attackers to overwrite arbitrary files via a filename beginning with / slash or \ backslash in a DDOC file...

6.8CVSS6.5AI score0.02053EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2013/03/01 5:40 a.m.23 views

CVE-2013-0162

The diffpp function in lib/gauntletrubyparser.rb in the rubyparser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp...

2.1CVSS5.9AI score0.00343EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2013/02/13 1:55 a.m.35 views

CVE-2013-0265

The redirectstderr function in xnbdcommon.c in xnbd-server and xndb-wrapper in xNBD 0.1.0 allow local users to overwrite arbitrary files via a symlink attack on /tmp/xnbd.log...

2.1CVSS6AI score0.00429EPSS
Exploits1References1
OSV
OSV
added 2012/08/26 9:55 p.m.3 views

DEBIAN-CVE-2012-2103

The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names...

1.2CVSS6.3AI score0.00331EPSS
Exploits0References1
NVD
NVD
added 2012/07/22 4:55 p.m.20 views

CVE-2012-3361

virt/disk/api.py in OpenStack Compute Nova Folsom 2012.2, Essex 2012.1, and Diablo 2011.3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image...

5.5CVSS6.1AI score0.02582EPSS
Exploits1References11
Prion
Prion
added 2012/06/27 9:55 p.m.14 views

Cross site scripting

The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. NOTE: some of these details are obtained from third party information. NOTE: it has been reported that this might only be...

3.6CVSS6.6AI score0.00504EPSS
Exploits2References11Affected Software1
UbuntuCve
UbuntuCve
added 2012/06/27 12:0 a.m.23 views

CVE-2012-2451

The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. NOTE: some of these details are obtained from third party information. NOTE: it has been reported that this might only be...

3.6CVSS5.6AI score0.00504EPSS
Exploits2References4
OpenVAS
OpenVAS
added 2012/01/10 12:0 a.m.25 views

OpenVAS Scanner Symlink Attack Local Privilege Escalation Vulnerability

This host is installed with OpenVAS Scanner and is prone to privilege escalation vulnerability. OpenVAS Vulnerability Test $Id: gbopenvasscannerprevesclvuln.nasl 7823 2017-11-20 08:54:04Z cfischer $ OpenVAS Scanner Symlink Attack Local Privilege Escalation Vulnerability Authors: Antu Sanadi...

0.2AI score0.00398EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2011/06/30 3:55 p.m.33 views

CVE-2009-5081

The 1 config.guess, 2 contrib/groffer/perl/groffer.pl, and 3 contrib/groffer/perl/roff2.pl scripts in GNU troff aka groff 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary fil...

3.3CVSS6.7AI score0.00295EPSS
Exploits0References1
Rows per page
Query Builder