eix: Insecure temporary file creation

Background eix is a small utility for searching ebuilds with indexing for fast results. Description Eric Romang discovered that eix creates a temporary file with a predictable name. eix creates a temporary file in /tmp/eix..sync where is the process ID of the shell running eix. Impact A local...

MacOS X malloc() privilege escalation

With MallocLogFile it's possible to overwrite any system file with application which uses malloc function...

BOA Web server directory traversal

Directory traversal by using ESC sequences /2E2E/ allows to access any system file...

StrongHold < 3.0 build 3015 System File Disclosure

Binary data 1473.prm...

[Full-Disclosure] OSX Panther Internet Connect Vulnerability.

Apple OSX Panther Internet Connect - Local root Vulnerability. ============================================================== Date: 25.07.2004 Author: B-r00t. 2004. Email: B-r00t [email protected] Vendor: Apple Operating System: OSX Panther Possibly Previous Versions. Application: Internet...

Sun Management Console information leak

Because of directory traversal bug it's possible to check any system file existance...

Fools Workshop Owls Workshop 1.0 - newmultiplechoice.php Arbitrary File Access

Fools Workshop Owls Workshop 1.0 - newmultiplechoice.php Arbitrary File Access source: https://www.securityfocus.com/bid/9689/info Owl's Workshop is reported prone to multiple remote file-disclosure vulnerabilities because the application fails to validate user-supplied input passed via a URI...

Fools Workshop Owls Workshop 1.0 - glossariesindex.php?File Arbitrary File Access

Fools Workshop Owls Workshop 1.0 - glossariesindex.php?File Arbitrary File Access source: https://www.securityfocus.com/bid/9689/info Owl's Workshop is reported prone to multiple remote file-disclosure vulnerabilities because the application fails to validate user-supplied input passed via a URI...

dcam webcam server personal Web server 8.2.5 - Directory Traversal

source: https://www.securityfocus.com/bid/9273/info It has been reported that the Personal Web Server of DCAM WebCam Server may be prone to a directory traversal vulnerability that may allow a remote attacker to traverse outside the server root directory by using '.' character sequences. DCAM...

Sitebuilder 1.4 - sitebuilder.cgi Directory Traversal

Sitebuilder 1.4 - sitebuilder.cgi Directory Traversal source: https://www.securityfocus.com/bid/8521/info Sitebuilder is said to be prone to a directory traversal vulnerability, potentially allowing users to disclose the contents of system files. The problem occurs due to the application failing ...

Interbase 6.x - External Table File Verification

Interbase 6.x - External Table File Verification source: https://www.securityfocus.com/bid/7291/info A vulnerability has been reported for Interbase that may result in the corruption of arbitrary system files. The vulnerability exists due to insufficient checks performed when creating or...

Interbase 6.x - External Table File Verification

source: https://www.securityfocus.com/bid/7291/info A vulnerability has been reported for Interbase that may result in the corruption of arbitrary system files. The vulnerability exists due to insufficient checks performed when creating or manipulating external databases. create table test extern...

PHPNuke viewpage.php allows Remote File retrieving

viewpage.php is a part of PHPNuke. The Script allows an attacker to view all files on the System. Example: http://server.com/viewpage.php?file=/etc/passwd Zero X member of www.Lobnan.de...

TFTPD32 2.50 - Arbitrary File DownloadUpload

TFTPD32 2.50 - Arbitrary File DownloadUpload source: https://www.securityfocus.com/bid/6198/info A vulnerability has been discovered in Tftpd32 which allows a remote attacker to download and upload arbitrary system files. The ability to upload system files may allow an attacker to replaced key...

TFTPD32 2.50 - Arbitrary File Download/Upload

source: https://www.securityfocus.com/bid/6198/info A vulnerability has been discovered in Tftpd32 which allows a remote attacker to download and upload arbitrary system files. The ability to upload system files may allow an attacker to replaced key system files with trojaned copies, used to open...

Race condition in BRU Workstation 17.0

Backup / Restore Utility BRU ------------------------------ [email protected] - 04/09/02 About: - http://www.tolisgroup.com/ - "BRU Workstation 17.0 Backup & Restore Utility is a functionally-rich backup solution designed for commercial networked systems when the client/server capability o...

QNX RTOS 4.25 - monitor Arbitrary File Modification

source: https://www.securityfocus.com/bid/4902/info The QNX RTOS monitor utility is prone to an issue which may allow local attackers to modify arbitrary system files such as /etc/passwd. monitor is installed setuid root by default. The monitor -f command line option may be used by a local attack...

Символьные линки в apmd под RH &#40;symbolic links&#41;

Символьные линки в скрипте /etc/sysconfig/apm-scripts/apmscript позволяют удалить системный файл...

Security Bulletin MS01-051

---------------------------------------------------------------------- Title: Malformed Dotless IP Address Can Cause Web Page to be Handled in Intranet Zone Date: 10 October 2001 Software: Internet Explorer Impact: Three vulnerabilities: - Cause web page to render a web page using inappropriate...

Проблемы в libutlis/OpenSSH/login &#40;unauthorized access&#41;

При входе клиента не сбрасываются права суперюзера при просмотре параметров задаваемых в пользовательском .loginconf, что позволяет прочитать любой системный файл...