Spring Boot: Spring Boot: Arbitrary Code Execution and Session Hijacking via predictable temporary directory

A flaw was found in Spring Boot. A local attacker on the same host as the application may be able to take control of the ApplicationTemp directory due to predictable temporary directory handling. When the server.servlet.session.persistent setting is enabled and the attack persists across...

CVE-2026-40973

The CVE-2026-40973 issue affects Spring Boot versions 4.x (4.0.0–4.0.5 with fix in 4.0.6), 3.5.x (3.5.0–3.5.13 with fix 3.5.14), 3.4.x (3.4.0–3.4.15 with fix 3.4.16), 3.3.x (3.3.0–3.3.18 with fix 3.3.19), and 2.7.x (2.7.0–2.7.32 with fix 2.7.33). The vulnerability stems from the ApplicationTemp m...

Insecure Temporary File

Overview Affected versions of this package are vulnerable to Insecure Temporary File due to the ApplicationTemp mechanism creating a temporary directory using a predictable name. Because the name can be easily guessed, a local attacker on the same server can maliciously pre-create this directory...

EUVD-2003-0116

Malware in sbrugna...

Moderate: socat security update

The socat utility establishes bi-directional byte streams and transfers data between them. The utility can establish streams between a large set of channels, such as files, pipes, devices, and sockets. Security Fixes: socat: arbitrary file overwrite via predictable /tmp directory CVE-2024-54661 F...

CVE-2025-0218

CVE-2025-0218 affects pgAgent: when batch jobs run, a script is created in a temporary directory. In pgAgent versions before 4.2.3, the directory name is generated using an insufficiently seeded RNG, allowing a local attacker to pre-create the directory and disrupt job execution (DoS). Affected: ...

Updated socat packages fix security vulnerability

CVE-2024-54661: Fixed arbitrary file overwrite via predictable /tmp directory in socat readline.sh...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : socat (SUSE-SU-2024:4302-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:4302-1 advisory. - CVE-2024-54661: Fixed arbitrary file overwrite via predictable /tmp directory bsc1225462 Tenable has...

SUSE-SU-2024:4302-1 Security update for socat

This update for socat fixes the following issues: - CVE-2024-54661: Fixed arbitrary file overwrite via predictable /tmp directory bsc1225462...

CVE-2024-24828 Local Privilege Escalation in execuatables bundled by pkg

pkg is tool design to bundle Node.js projects into an executables. Any native code packages built by pkg are written to a hardcoded directory. On unix systems, this is /tmp/pkg/ which is a shared directory for all users on the same local system. There is no uniqueness to the package names within...

CVE-2021-38606

reNgine through 0.5 relies on a predictable directory name...

Directory traversal

reNgine through 0.5 relies on a predictable directory name...

PT-2021-22240 · Rengine · Rengine

Name of the Vulnerable Software and Affected Versions: reNgine versions 0.5 and earlier Description: The issue is related to reNgine relying on a predictable directory name. Recommendations: For versions 0.5 and earlier, consider renaming or randomizing directory names to mitigate the risk of...

reNgine 安全特征问题漏洞

reNgine is an automated reconnaissance framework for gathering information during penetration testing of web applications. A security vulnerability exists in reNgine version 0.5 and earlier versions that stems from reNgine's reliance on predictable directory names...

SUSE: Security Advisory (SUSE-SU-2015:1519-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Format string

The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the directory wp-content/uploads/db-backup/. This might allow attackers to read ZIP archives by guessing random ID numbers, guessing date strings with a 20200..10..20..30..9 format, guessing UNIX...

SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2015:1519-1)

qemu was updated to fix two security issues and augments one non-security bug fix. The following vulnerabilities were fixed : - CVE-2015-3209: heap overflow in qemu pcnet controller allowing guest to host escape XSA-135 bsc932770 - CVE-2015-4037: Avoid predictable directory name for smb config...

CVE-2014-2042

Unrestricted file upload vulnerability in the Manage Project functionality in Livetecs Timelive before 6.5.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a predictable directory ...

CVE-2013-2119

Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service prevent application start or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem...

DEBIAN-CVE-2011-5060

The parmktmpdir function in the PAR module before 1.003 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program, a different...