Lucene search
K

624 matches found

Ubuntu
Ubuntu
added 2005/01/19 2:5 a.m.66 views

USN-63-1: MySQL client vulnerability

Javier Fernández-Sanguino Peña noticed that the "mysqlaccess" program created temporary files in an insecure manner. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the program...

4.6CVSS7AI score0.00594EPSS
Exploits0
NVD
NVD
added 2004/12/31 5:0 a.m.19 views

CVE-2004-1901

Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles...

5.5CVSS5.4AI score0.00366EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2004/12/31 12:0 a.m.4 views

PT-2004-2799 · Gentoo · Portage

Name of the Vulnerable Software and Affected Versions: Portage versions prior to 2.0.50-r3 Description: The issue allows local users to overwrite arbitrary files via a hard link attack on the lockfiles. This is a result of a hard link attack vulnerability in the lockfiles of Portage...

5.5CVSS7AI score0.00366EPSS
Exploits0References7
Ubuntu
Ubuntu
added 2004/12/23 10:9 p.m.29 views

USN-51-1: teTeX auxiliary script vulnerability

Javier Fernández-Sanguino Peña noticed that "xdvizilla", an auxiliary script to integrate DVI file viewing in Mozilla-based browsers, created temporary files and directories in an insecure manner. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges o...

5.4AI score
Exploits0References1
Exploit DB
Exploit DB
added 2004/11/17 12:0 a.m.27 views

Cscope 13.0/15.x - Insecure Temporary File Creation (2)

// source: https://www.securityfocus.com/bid/11697/info Cscope creates temporary files in an insecure way. A design error causes the application to fail to verify the presence of a file before writing to it. During execution, the utility reportedly creates temporary files in the system's temporar...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2004/11/17 12:0 a.m.20 views

Cscope 13.015.x - Insecure Temporary File Creation (1)

Cscope 13.015.x - Insecure Temporary File Creation 1 source: https://www.securityfocus.com/bid/11697/info Cscope creates temporary files in an insecure way. A design error causes the application to fail to verify the presence of a file before writing to it. During execution, the utility reportedl...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2004/09/27 12:0 a.m.21 views

Local root compromise possible with getmail

The following vulnerabilities apply to all releases of getmail prior to 3.2.5, and all version 4 releases prior to 4.2.0. They do not apply where getmail is run as an unprivileged user, or where an unprivileged external MDA is used for the final delivery of mail. They are not exploitable remotely...

1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/09/23 12:0 a.m.26 views

Mandrake Linux Security Advisory : webmin (MDKSA-2004:101)

A vulnerability in webmin was discovered by Ludwig Nussel. A temporary directory was used in webmin, however it did not check for the previous owner of the directory. This could allow an attacker to create the directory and place dangerous symbolic links inside. The updated packages are patched t...

2.1CVSS5.5AI score0.00362EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2004/09/17 12:0 a.m.33 views

MacOSXLabs RsyncX 2.1 - Insecure Temporary File Creation

source: https://www.securityfocus.com/bid/11212/info RsyncX is reported to contain an insecure temporary file creation vulnerability. The result of this is that temporary files created by the application may use predictable filenames. A local attacker may exploit this vulnerability to execute...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/08/30 12:0 a.m.18 views

GLSA-200404-01 : Insecure sandbox temporary lockfile vulnerabilities in Portage

The remote host is affected by the vulnerability described in GLSA-200404-01 Insecure sandbox temporary lockfile vulnerabilities in Portage A flaw in Portage's sandbox wrapper has been found where the temporary lockfiles are subject to a hard-link attack which allows linkable files to be...

5.6AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2004/08/30 12:0 a.m.17 views

GLSA-200404-08 : GNU Automake symbolic link vulnerability

The remote host is affected by the vulnerability described in GLSA-200404-08 GNU Automake symbolic link vulnerability Automake may be vulnerable to a symbolic link attack which may allow an attacker to modify data or escalate their privileges. This is due to the insecure way Automake creates...

5.6AI score
Exploits0References1
Gentoo Linux
Gentoo Linux
added 2004/05/25 12:0 a.m.27 views

Insecure Temporary File Creation In MySQL

Background MySQL is a popular open-source multi-threaded, multi-user SQL database server. Description The MySQL bug reporting utility mysqlbug creates a temporary file to log bug reports to. A malicious local user with write access to the /tmp directory could create a symbolic link of the name...

2.1CVSS6.5AI score0.00604EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/04/08 12:0 a.m.12 views

GNU Automake symbolic link vulnerability

Background Automake is a tool for automatically generating Makefile.in' files which is often used in conjuction with Autoconf and other GNU Autotools to ease portability among applications. It also provides a standardized and light way of writing complex Makefiles through the use of many built-in...

2.7AI score
Exploits0
exploitpack
exploitpack
added 2004/04/07 12:0 a.m.9 views

AzDGDatingLite 2.1.1 - index.php?language Cross-Site Scripting

AzDGDatingLite 2.1.1 - index.php?language Cross-Site Scripting source: https://www.securityfocus.com/bid/10084/info Multiple cross-site scripting vulnerabilities have been reported in AzDGDatingLite. These issues may be exploited by enticing a victim user to visit a malicious link that includes...

6.8AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/04/04 12:0 a.m.20 views

Insecure sandbox temporary lockfile vulnerabilities in Portage

Background Portage is Gentoo's package management system which is responsible for installing, compiling and updating any ebuilds on the system through the Gentoo rsync tree. Under default configurations, most ebuilds run under a sandbox which prevent the build process writing to the "real" system...

0.6AI score
Exploits0
exploitpack
exploitpack
added 2004/02/17 12:0 a.m.14 views

Microsoft Windows XP - Help and Support Center Interface Spoofing

Microsoft Windows XP - Help and Support Center Interface Spoofing source: https://www.securityfocus.com/bid/9685/info A weakness has been alleged in Microsoft Windows XP that could reportedly allow aspects of the Help and Support Center interface to be spoofed via a malicious link. By spoofing th...

7.4AI score
Exploits0
NVD
NVD
added 2003/12/31 5:0 a.m.13 views

CVE-2003-1155

X-CD-Roast 0.98 alpha10 through alpha14 allows local users to overwrite arbitrary files via a symlink attack on an unknown file...

4.6CVSS6.3AI score0.00346EPSS
Exploits0References6
NVD
NVD
added 2003/12/31 5:0 a.m.16 views

CVE-2003-1366

chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information...

3.3CVSS6.2AI score0.00497EPSS
Exploits0References6
exploitpack
exploitpack
added 2003/10/27 12:0 a.m.12 views

Musicqueue 1.2 - SIGSEGV Signal Handler Insecure File Creation

Musicqueue 1.2 - SIGSEGV Signal Handler Insecure File Creation // source: https://www.securityfocus.com/bid/8899/info A vulnerability has been reported for Musicqueue. The problem specifically occurs within a signal handling procedure used invoked when a segmentation violation occurs. The procedu...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2003/10/27 12:0 a.m.22 views

Musicqueue 1.2 - SIGSEGV Signal Handler Insecure File Creation

// source: https://www.securityfocus.com/bid/8899/info A vulnerability has been reported for Musicqueue. The problem specifically occurs within a signal handling procedure used invoked when a segmentation violation occurs. The procedure invokes a library function, passing it the name of a...

7.4AI score
Exploits0
Rows per page
Query Builder