gvfs: race condition in daemon/gvfsbackendadmin.c due to admin backend not implementing query_info_on_read/write

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement queryinfoonread/write...

Design/Logic Flaw

IBM Tivoli Application Dependency Discovery Manager TADDM 7.1.2.x before 7.2.1.5 and 7.2.x before 7.2.2.0 on Unix use weak permissions 755 for unspecified configuration and log files, which allows local users to obtain sensitive information by reading the files. IBM X-Force ID: 86176...

PT-2014-1424 · Php +7 · Php +7

Name of the Vulnerable Software and Affected Versions: File versions prior to 5.19 PHP versions prior to 5.4.30 PHP versions 5.5.x prior to 5.5.14 Description: The issue is related to the cdf read property info function, which does not properly validate a stream offset. This allows remote attacke...

APBoard 2.02 未授权内部论坛信息可读漏洞

BUGTRAQ: 6330 由于'useraction.php'脚本不正确检查用户权限信息，远程攻击者可以利用这个漏洞未授权读取内部论坛的帖子。 利用'useraction.php'脚本对用户权限检查不正确，远程攻击者可以使脚本把内部论坛的帖子直接发到攻击者注册的信箱，造成未授权访问内部信息。 APBoard 2.02 厂商补丁： APP --- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.php-programming.info/...