23 matches found
CVE-1999-0961
HPUX sysdiag allows local users to gain root privileges via a symlink attack during log file creation...
EUVD-1999-0942
Malware in sbrugna...
EUVD-1999-1303
Malware in sbrugna...
EUVD-2023-52369
Malicious code in bioql PyPI...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.13.60 security and extras update
Red Hat OpenShift Container Platform release 4.13.60 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of...
Vulnerability when creating log files in github.com/golang/glog
...
DEBIAN-CVE-2023-31493
RCE Remote Code Execution exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system...
UBUNTU-CVE-2023-31493
RCE Remote Code Execution exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system...
CVE-2023-48310
TestingPlatform is a testing platform for Internet Security Standards. Prior to version 2.1.1, user input is not filtered correctly. Nmap options are accepted. In this particular case, the option to create log files is accepted in addition to a host name and even without. A log file is created at...
TestingPlatform Input Validation Error Vulnerability
TestingPlatform is @NC3-LU's standardized testing platform for Internet security. TestingPlatform version 2.1.0 suffers from an input validation error vulnerability that stems from not properly filtering user input, which can be exploited by an attacker to create a log file in a specified locatio...
NVIDIA GeForce Experience 安全漏洞
Nvidia NVIDIA GeForce Experience is a suite of automatic graphics card update tools from Nvidia. The product is capable of automatically updating graphics card drivers and supports graphics card performance management and optimization, among other things. A security vulnerability exists in NVIDIA...
Citrix RDSWatcher
Description RDSWatcher is an advanced Remote Desktop Services session state monitor and logger. It watches all sessions on any Windows machine and logs all session state changes with time stamp as accurately as twice a second. RDSWatcher provides the connection status of current sessions and is...
USN-3081-2 tomcat6 vulnerability
Dawid Golunski discovered that the Tomcat init script incorrectly handled creating log files. A remote attacker could possibly use this issue to obtain root privileges...
Scientific Linux Security Update : keycloak-httpd-client-install on SL7.x x86_64 (20190806)
Security Fixes : - keycloak-httpd-client-install: unsafe /tmp log file in --log-file option in keycloakcli.py CVE-2017-15111 - keycloak-httpd-client-install: unsafe use of -p/--admin-password on command line CVE-2017-15112 C Tenable Network Security, Inc. The descriptive text is C Scientific Linu...
CVE-2016-6664
A flaw was found in the way the mysqldsafe script handled creation of error log file. The mysql operating system user could use this flaw to escalate their privileges to root...
Apache Tomcat Security Bypass Vulnerability (CNVD-2016-08082)
Apache Tomcat is a lightweight Web application server , it is mainly used for the development and debugging of JSP programs for small and medium-sized systems . Apache Tomcat fails to properly create log files when processing initialization scripts, allowing remote attackers to exploit the...
Ogaki Kyoritsu bank Smartphone Passbook for Android Information Disclosure Vulnerability
Ogaki Kyoritsu bank Smartphone Passbook is a suite of mobile banking passbook applications from Ogaki Kyoritsu Bank Corporation in Japan. Ogaki Kyoritsu bank Smartphone Passbook fails to securely create log files containing sensitive data, allowing an attacker to exploit vulnerabilities to obtain...
CVE-2006-4396
The Apple Type Services ATS server in Mac OS X 10.4.8 and earlier does not securely create log files, which allows local users to create and modify arbitrary files via unspecified vectors, possibly relating to a symlink attack...
WebWizXSS.txt
Bug : XSS in Web Wiz Forums cookie stealing Bug founded by : [email protected] Comment : I found this bug in +- 1 hour after some bitch asked me to help him, but he haven't do shit LOL Greets to : HaCkZaTaN, Johnnie Walker, Morinex, j0ker, Woopie, siLgi, bcuzZ. Big Fuck to : cobradrive, 0x1fe er...
ssmtp symbolic links problem
Log file is created in /tmp without checking for symlinks...