CVE-2005-0480

Cross-site scripting XSS vulnerability in TrackerCam 5.12 and earlier allows remote attackers to inject arbitrary HTML or web script via the login request, which is recorded in a log file but not properly handled when the administrator views the log file...

AWStats 5.x6.x - Logfile Remote Command Execution

AWStats 5.x6.x - Logfile Remote Command Execution source: https://www.securityfocus.com/bid/12572/info AWStats is reported prone to a remote arbitrary command-execution vulnerability. This issue occurs because the application fails to properly sanitize user-supplied data. Specifically, the...

CVE-2004-1254

WinRAR 3.40, and possibly earlier versions, allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, possibly causing an integer overflow that leads to a buffer overflow...

advRX181104.txt

| REXOTECdotCOM | |=-----= ADV RX171104 - Cscope :: Race condition on temporary file -----=| | | |=--- - INFORMATION ----------------------------------------------------------------------| VulnDiscovery: 2003/05/21 Release Date : 2004/11/17 Author : Gangstuck / Psirac Application : Cscope Affecte...

RX171104 Cscope v15.5 and minors - symlink vulnerability - advisory, exploit and patch.

| REXOTECdotCOM | |=-----= ADV RX171104 - Cscope :: Race condition on temporary file -----=| | | |=--- - INFORMATION ----------------------------------------------------------------------| VulnDiscovery: 2003/05/21 Release Date : 2004/11/17 Author : Gangstuck / Psirac [email protected]...

Debian DSA-575-1 : catdoc - insecure temporary file

A temporary file problem has been discovered in xlsview from the catdoc suite, convertors from Word to TeX and plain text, which could lead to local users being able to overwrite arbitrary files via a symlink attack on predictable temporary file names. %NASLMINLEVEL 70300 C Tenable Network...

DSA-575-1 catdoc - insecure temporary file

Bulletin has no description...

Ghostscript: Insecure temporary file use in multiple scripts

Background Ghostscript is a software package providing an interpreter for the PostScript language and the PDF file format. It also provides output drivers for various file formats and printers. Description The pj-gs.sh, ps2epsi, pv.sh and sysvlp.sh scripts create temporary files in world-writeabl...

[Full-Disclosure] [FLSA-2004:1372] Updated sysstat packages fix security vulnerabilities

------------------------------------------------------------------------ Fedora Legacy Update Advisory Synopsis: Updated sysstat packages fix security vulnerabilities Advisory ID: FLSA:1372 Issue date: 2004-10-03 Product: Red Hat Linux Keywords: Bugfix Cross references:...

Debian DSA-256-1 : mhc - insecure temporary file

A problem has been discovered in adb2mhc from the mhc-utils package. The default temporary directory uses a predictable name. This adds a vulnerability that allows a local attacker to overwrite arbitrary files the users has write permissions for. %NASLMINLEVEL 70300 C Tenable Network Security, In...

Debian DSA-339-1 : semi - insecure temporary file

NOTE: due to a combination of administrative problems, this advisory was erroneously released with the identifier 'DSA-337-1'. DSA-337-1 correctly refers to an earlier advisory regarding gtksee. semi, a MIME library for GNU Emacs, does not take appropriate security precautions when creating...

CVE-2004-1689

sudoedit aka sudo -e in sudo 1.6.8 opens a temporary file with root privileges, which allows local users to read arbitrary files via a symlink attack on the temporary file before quitting sudoedit...

Moderate: Red Hat Security Advisory: openoffice.org security update

Updated openoffice.org packages that fix a security issue in temporary file handling are now available. OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program. Secunia...

CVE-2003-0924

netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files...

GLSA-200405-03 : ClamAV VirusEvent parameter vulnerability

The remote host is affected by the vulnerability described in GLSA-200405-03 ClamAV VirusEvent parameter vulnerability The VirusEvent parameter in the clamav.conf configuration file allows to specify a system command to run whenever a virus is found. This system command can make use of the '%f'...

Mandrake Linux Security Advisory : mc (MDKSA-2004:039)

Several vulnerabilities in Midnight Commander were found by Jacub Jelinek. This includes several buffer overflows CVE-2004-0226, as well as a format string issue CVE-2004-0232, and an issue with temporary file and directory creation CVE-2004-0231. Most of the included fixes are backports from CVS...

Mandrake Linux Security Advisory : samba (MDKSA-2001:040-1)

A vulnerability found by Marcus Meissner exists in Samba where it was not creating temporary files safely which could allow local users to overwrite files that they may not have access to. This happens when a remote user queried a printer queue and samba would create a temporary file in which the...

Remote code injection in phpMyAdmin

This vulnerability would allow remote user to inject PHP code to be executed by eval function. This vulnerability is only exploitable if variable $cfg'LeftFrameLight' is set to FALSE in file config.inc.php...

Insecure Temporary File Creation In MySQL

Background MySQL is a popular open-source multi-threaded, multi-user SQL database server. Description The MySQL bug reporting utility mysqlbug creates a temporary file to log bug reports to. A malicious local user with write access to the /tmp directory could create a symbolic link of the name...

[SECURITY] [DSA 460-2] New sysstat packages fix insecure temporary file creation

-------------------------------------------------------------------------- Debian Security Advisory DSA 460-2 [email protected] http://www.debian.org/security/ Matt Zimmerman April 3rd, 2004 http://www.debian.org/security/faq -...