5 matches found
PackageKit: race condition vulnerability leads to arbitrary package installation as root
A flaw was found in PackageKit. A time-of-check time-of-use TOCTOU race condition on transaction flags allows unprivileged users to install packages as root, resulting in a local privilege escalation...
[slackware-security] vim
New vim packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/vim-9.0.2063-i586-1slack15.0.txz: Upgraded. Fixed use-after-free security issue. Thanks to marav for the heads-up. For more information,...
SUSE CVE-2007-2519
Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in the 1 install-as attribute in the file element in package.xml 1.0 or the 2 as attribute in the install element in package.xm...
PHP PEAR <= 1.5.3 INSTALL-AS Attribute Arbitrary File Overwrite Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/24111/info PEAR is prone to a vulnerability that lets attackers overwrite arbitrary files. An attacker-supplied package may supply directory-traversal strings through the 'install-as' attribute to create and overwrite fil...
PHP PEAR 1.5.3 - INSTALL-AS Attribute Arbitrary File Overwrite
PHP PEAR 1.5.3 - INSTALL-AS Attribute Arbitrary File Overwrite source: https://www.securityfocus.com/bid/24111/info PEAR is prone to a vulnerability that lets attackers overwrite arbitrary files. An attacker-supplied package may supply directory-traversal strings through the 'install-as' attribut...