CVE-2024-45676

IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user to upload insecure files, due to insufficient file type distinction...

CVE-2024-45676 IBM Cognos Controller file upload

IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user to upload insecure files, due to insufficient file type distinction...

CVE-2024-45676 IBM Cognos Controller file upload

IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user to upload insecure files, due to insufficient file type distinction...

CVE-2024-45676

CVE-2024-45676 affects IBM Cognos Controller 11.0.0–11.0.1. The vulnerability is an authenticated-file-upload flaw caused by insufficient file-type distinction, allowing an authenticated user to upload insecure files. IBM notes remediation via IBM Cognos Controller 11.0.1 FP3 (and related cloud/d...

PT-2024-31723 · Ibm · Ibm Cognos Controller

Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 11.0.0 through 11.0.1 Description: The issue allows an authenticated user to upload insecure files due to insufficient file type distinction. Recommendations: For versions 11.0.0 through 11.0.1, consider...

IBM Cognos Controller 安全漏洞

IBM Cognos Controller is a suite of business intelligence and planning solutions from International Business Machines IBM. The product features process automation, financial audit control, and the creation and management of financial reports. A file upload vulnerability exists in IBM Cognos...

CVE-2024-49506

Insecure creation of temporary files allows local users on systems with non-default configurations to cause denial of service or set the encryption key for a filesystem...

TSPlus 16.0.2.14 Insecure Permissions

Exploit Title: TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://tsplus.net/ Version: Up to 16.0.2.14 Tested on: Windows CVE : CVE-2023-31067 TSplus Remote Access v...

TSPlus 16.0.0.0 Insecure Permissions

Exploit Title: TSplus 16.0.0.0 - Remote Work Insecure Files and Folders Permissions Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://tsplus.net/ Version: Up to 16.0.0.0 Tested on: Windows CVE : CVE-2023-31068 With TSPlus Remote Work v...

TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions Vulnerability

Exploit Title: TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://tsplus.net/ Version: Up to 16.0.2.14 Tested on: Windows CVE : CVE-2023-31067 TSplus Remote Access v. 16.0.2.14 is an...

TSplus 16.0.0.0 - Remote Work Insecure Files and Folders

Exploit Title: TSplus 16.0.0.0 - Remote Work Insecure Files and Folders Permissions Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://tsplus.net/ Version: Up to 16.0.0.0 Tested on: Windows CVE : CVE-2023-31068 With TSPlus Remote Work v...

TSplus 16.0.0.0 - Remote Work Insecure Files and Folders Vulnerability

Exploit Title: TSplus 16.0.0.0 - Remote Work Insecure Files and Folders Permissions Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://tsplus.net/ Version: Up to 16.0.0.0 Tested on: Windows CVE : CVE-2023-31068 With TSPlus Remote Work v. 16.0.0.0 you can crea...

SUSE CVE-2003-0455

The imagemagick libmagick library 5.5 and earlier creates temporary files insecurely, which allows local users to create or overwrite arbitrary files...

SUSE CVE-2005-2672

pwmconfig in LMsensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file...

PT-2023-14802 · Apache · Apache James Server

Name of the Vulnerable Software and Affected Versions: Apache James server versions 3.7.2 and prior versions Description: The issue allows an attacker with local access to access private user data in transit due to the usage of temporary files with insecure permissions by the Apache James server...

GHSA-6GRP-75PQ-C8CJ SaltStack has insecure /tmp file handling in salt/modules/chef.py

modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp...

CVE-2021-21430

OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data...

CVE-2012-5663

The isearch package textproc/isearch before 1.47.01nb1 uses the tempnam function to create insecure temporary files into a publicly-writable area /tmp...

CVE-2012-5663

The CVE-2012-5663 entry affects the isearch package (textproc/isearch) prior to version 1.47.01nb1. The root cause is the use of tempnam() to create temporary files in /tmp, a publicly-writable directory, leading to potential integrity concerns. Per the referenced data, the vulnerability has inte...

CVE-2014-1938

python-rply before 0.7.4 insecurely creates temporary files...