16 matches found
CVE-2025-26169
CVE-2025-26169 affects IXON VPN Client for Windows prior to 1.4.4. The issue allows Local Privilege Escalation to SYSTEM due to code execution from a configuration file that can be controlled by a low-privileged user, with a race condition that lets a temporary config file in a world-writable dir...
CVE-2021-29948
Thunderbird prior to 78.10.0 is affected by CVE-2021-29948, where signatures are written to disk before verification and may be at risk of a race condition if a local attacker replaces the file. Impact includes potential signature forgery; remediation is to upgrade Thunderbird to 78.10.0 or newer...
CVE-2014-3701
eDeploy has tmp file race condition flaws...
GHSA-G982-9R8G-6QXW Ciborg gem for Ruby allows local users to write files and gain privileges via Symlink
There is a /tmp file race condition in chef/travis-cookbooks/cienvironment/perlbrew/recipes/default.rb in the ciborg gem 3.0.0 when creating /tmp/perlbrew-installer. If a malicious local user creates the file first they can overwrite the contents with their own code executing it as the ciborg...
Ciborg gem for Ruby allows local users to write files and gain privileges via Symlink
There is a /tmp file race condition in chef/travis-cookbooks/cienvironment/perlbrew/recipes/default.rb in the ciborg gem 3.0.0 when creating /tmp/perlbrew-installer. If a malicious local user creates the file first they can overwrite the contents with their own code executing it as the ciborg...
openSUSE Security Update : python-imaging (openSUSE-SU-2014:0591-1)
A temporary file race condition has been fixed in python-imaging when converting images CVE-2014-1932, CVE-2014-1933. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2014-326. The tex...
Mandrake Linux Security Advisory : inn (MDKSA-2001:010)
WireX discovered a potential temporary file race condition in the inn program. This condition is due partly to the way inn is compiled and configured on some Linux distributions, including Linux-Mandrake, and partly due to the lack of information in the inn package detailing potential security...
Mandrake Linux Security Advisory : shadow-utils (MDKSA-2001:007)
WireX discovered a potential temporary file race condition in the useradd program contained in the shadow-utils package. The useradd program creates it's temporary files in the protected directory /etc/default, but if this directory is changed to world-writable, a problem could occur. This update...
Mandrake Linux Security Advisory : rdist (MDKSA-2001:005)
WireX discovered a potential temporary file race condition in the rdist program. This update corrects the problem. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Mandrake Linux Security Advisory MDKSA-2001:005. The...
Mandrake Linux Security Advisory : squid (MDKSA-2001:003)
WireX discovered a potential temporary file race condition in the way that squid sends out email messages notifying the administrator about updating the program. Usually this will only happen if you are running a development version of squid or if the clock on your system is incorrect. This probl...
openSUSE Security Update : sblim-sfcb (sblim-sfcb-505)
A tmp file race condition in the genSslCerts.sh helper script could be used by local attackers to gain root privileges. CVE-2009-0416 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...
Debian Security Advisory DSA 019-1 (squid)
The remote host is missing an update to squid announced via advisory DSA 019-1. OpenVAS Vulnerability Test $Id: deb0191.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 019-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
CVE-2002-1366
Common Unix Printing System CUPS 1.1.14 through 1.1.17 allows local users with lp privileges to create or overwrite arbitrary files via file race conditions, as demonstrated by ice-cream...
Remote exploit against xtelld and other fun
Release : 27/2/2002 Author : Spybreak [email protected] Software: xtell package Versions: 2.6.1, most of the vulnerabilities are present in all previous versions Problems: Remote execution of arbitrary code through several buffer overflows, information leakage, writing into arbitrary files with th...
RH 7.0 Crontab exploit - apparently fixed
/ Crontab tmp file race condition http://bugzilla.redhat.com/bugzilla/showbug.cgi?id=37771 Apparently this is fixed. Wonder why it still works. Local exploit Quick and dirty exploit for crontab insecure tmp files Redhat 7.0 - kept up2date with up2date Checked Tue Jun 26 00:15:32 NZST 2001...
Netscape Communicator 4.5/4.51/4.6/4.61/4.7/4.72/4.73 - '/tmp' Symlink
source: https://www.securityfocus.com/bid/1201/info Netscape Communicator version 4.73 and prior may be susceptible to a /tmp file race condition when importing certificates. Netscape creates a /tmp file which is world readable and writable in /tmp, without calling stat or fstat on the file. As...