Mac OS X Systemic Insecure File Permissions

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake, Inc. www.atstake.com Security Advisory Advisory Name: Systemic Insecure File Permissions Release Date: 10/28/2003 Application: Finder Many Platform: Mac OS X 10.2.8 and below Severity: High Author: Dave G. [email protected] Vendor Status: Vend...

CVE-2003-0606

sup 1.8 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files...

Low: Red Hat Security Advisory: : Updated ddskk packages fix temporary file vulnerability

Updated ddskk packages which fix a temporary file security issue are now available. Daredevil SKK is a simple Kana to Kanji conversion program, an input method of Japanese for Emacs and XEmacs. ddskk does not take appropriate security precautions when creating temporary files. This bug could...

Important: Red Hat Security Advisory: : : : Updated LPRng packages fix psbanner vulnerability

Updated LPRng packages for Red Hat Linux on IBM iSeries and pSeries systems resolve a temporary file vulnerability and an insecure default. LPRng is a print spooler. LPRng includes a program, psbanner, that can be used to produce Postscript banner pages to separate print jobs. A vulnerability has...

[SECURITY] [DSA-341-1] New liece packages fix insecure temporary file creation

-------------------------------------------------------------------------- Debian Security Advisory DSA 341-1 [email protected] http://www.debian.org/security/ Matt Zimmerman July 7th, 2003 http://www.debian.org/security/faq -...

[SECURITY] [DSA-325-1] New eldav packages fix insecure temporary file creation

-------------------------------------------------------------------------- Debian Security Advisory DSA 325-1 [email protected] http://www.debian.org/security/ Matt Zimmerman June 19th, 2003 http://www.debian.org/security/faq -...

Low: Red Hat Security Advisory: LPRng security update

Updated LPRng packages resolving a temporary file vulnerability are now available. LPRng is a print spooler. LPRng includes a program, psbanner, that can be used to produce Postscript banner pages to separate print jobs. A vulnerability has been found in psbanner, which creates in an insecure...

Low: Red Hat Security Advisory: : Updated man packages fix minor vulnerability

Updated man packages fix a minor security vulnerability. The man package includes tools for finding and displaying online documentation. Versions of man before 1.51 have a bug where a malformed man file can cause a program named "unsafe" to be run. To exploit this vulnerability a local attacker...

Mike Bobbitt Album.PL 0.61 - Remote Command Execution

Mike Bobbitt Album.PL 0.61 - Remote Command Execution source: https://www.securityfocus.com/bid/7444/info A remote command execution vulnerability has been reported for Album.pl. The vulnerability reportedly exists when alternate configuration files are used. The precise technical details of this...

CVE-2001-1383

initscript in setserial 2.17-4 and earlier uses predictable temporary file names, which could allow local users to conduct unauthorized operations on files...

My Guest Book (myGuestBk) Multiple Vulnerabilities

The remote web server is hosting myGuestBook. This installation comes with an administrative file in 'myguestBk/admin/index.asp' which lets any user delete old entries. In addition to this, this CGI is vulnerable to a cross-site-scripting attack. %NASLMINLEVEL 70300 C Tenable Network Security, In...

Information leakage via key file duplication during nCipher import

generatekey utility creates temporary PEM file and fails to delete it...

Vendor Response to - eSafe gateway and Check Point FW-1 protection bypass

Dear Sirs, We would like to comment about a security alert published on your site. An alert regarding Aladdin eSafe Gateway for CVP was published by you: http://www.security.nnov.ru/search/news.asp?binid=2572 The alert was picked up from the original Russian submission without being verified with...

CVE-2002-1508

slapd in OpenLDAP2 OpenLDAP 2 2.2.0 and earlier allows local users to overwrite arbitrary files via a race condition during the creation of a log file for rejected replication requests...

Microsoft Mediaplayer ediaplayer .ASX/.NSC/.ASF buffer overflow, .WMS code execution

Oversized tag in .asx file causes buffer overflows. Skins allow code execution on client side with .WMS files...

CVE-2002-0274

Exim 3.34 and earlier may allow local users to gain privileges via a buffer overflow in long -C configuration file and other command line arguments...

klprfax_filter symlink vulnerability

hi,all ! i'm sorry if this bug has been reported. klprfaxfilter kdeutils-2.2-2,is an application to make a printer that acts as a fax. when using klprfaxfilter,it would creat a temp file,/tmp/klprfax.filter,but the temporary file was not created safely,this vulnerability could be exploited to...

HP-UX setuid rlpdaemon induced to make illicit file writes

This may have gone AWOL before. If there was a reason for the moderator dropping it I'd be interested to know. G.B. THE PROBLEM /usr/sbin/rlpdaemon in HP-UX is setuid root. Switches include "-l" to enable logging and "-L /some/thing" to select a logfile other than the default. When run by a...

Ошибка форматной строки в nqsd под Cray UniCOS

Ошибка форматной строки в имени пакетного файла...

Проблема с лог-файлом в Samba (directory traversal)

При использовании лог-файлов с именами соответствующими NETBIOS-именам компьютером, если имся компьютера содержит ../ - будет перезаписан файл в директории более высокого уровня. NETBIOS-имя может содержать до 15 символов...