EUVD-2004-2365

Malware in sbrugna...

Cross site request forgery (csrf)

The 3DPrint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will create an archive of any files or directories on the target server by tricking a...

CVE-2022-4023 3DPrint < 3.5.6.9 - CSRF to arbitrary file downlad

The 3DPrint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will create an archive of any files or directories on the target server by tricking a...

Authentication flaw

The Simple Download Monitor WordPress plugin before 3.9.6 saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to download and read the logs containing Sensitive Information such as IP Addresses and Usernames...

PT-2021-16200 · WordPress · Simple Download Monitor

Name of the Vulnerable Software and Affected Versions: Simple Download Monitor WordPress plugin versions prior to 3.9.6 Description: The issue allows unauthenticated users to download and read logs containing sensitive information, such as IP addresses and usernames, due to the logs being saved i...

Race condition

inittmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely reuses a preexisting temporary directory in the predictable location /tmp/timeshift. It follows symlinks in this location or uses directories owned by unprivileged users. Because Timeshift also executes scripts under this...

CVE-2020-10174

inittmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely reuses a preexisting temporary directory in the predictable location /tmp/timeshift. It follows symlinks in this location or uses directories owned by unprivileged users. Because Timeshift also executes scripts under this...

CVE-2020-10174

inittmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely reuses a preexisting temporary directory in the predictable location /tmp/timeshift. It follows symlinks in this location or uses directories owned by unprivileged users. Because Timeshift also executes scripts under this...

CVE-2014-4651

It was found that the jclouds scriptbuilder Statements class wrote a temporary file to a predictable location. An attacker could use this flaw to access sensitive data, cause a denial of service, or perform other attacks...

Design/Logic Flaw

It was found that the jclouds scriptbuilder Statements class wrote a temporary file to a predictable location. An attacker could use this flaw to access sensitive data, cause a denial of service, or perform other attacks...

CVE-2014-4651

CVE-2014-4651 affects the jclouds scriptbuilder Statements class, which writes a temporary file to a predictable location. This could allow an attacker to access sensitive data, cause a denial of service, or perform other attacks. Public details include a high to critical impact (CVSS v2 base 7.5...

CVE-2014-4651

It was found that the jclouds scriptbuilder Statements class wrote a temporary file to a predictable location. An attacker could use this flaw to access sensitive data, cause a denial of service, or perform other attacks...

Design/Logic Flaw

In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, the database backup filename generation uses mtrand unsafely, resulting in predictable database backup file locations...

CVE-2014-4651

It was found that the jclouds scriptbuilder Statements class wrote a temporary file to a predictable location. An attacker could use this flaw to access sensitive data, cause a denial of service, or perform other attacks...

Macromedia Flash Player 6.0.x Flash Cookie Predictable File Location Weakness

No description provided by source. source: http://www.securityfocus.com/bid/8900/info Macromedia Flash Player is reported to store Flash cookies .sol files in a predictable location on client systems. Other attacks are possible given the ability to store content on a system in a predictable...

AOL Instant Messenger 4.x/5.x Buddy Icon Predictable File Location Weakness

No description provided by source. source: http://www.securityfocus.com/bid/9698/info It has been reported that AOL Instant Messenger stores imported Buddy Icons in a predictable location on client systems that may allow an attacker to facilitate further attacks which could eventually lead to...

Updated python-suds package fixes security vulnerability

An insecure temporary directory use flaw was found in the way python-suds performed initialization of its internal file-based URL cache predictable location was used for directory to store the cached files. A local attacker could use this flaw to conduct symbolic link attacks, possibly leading to...

Printing issue can allow data leaks to other system users, or allow them to corrupt data

When pages are printed by Opera, a temporary file is created, which contains the document to print. This document is not created with the correct permissions, allowing other users of the system to read its contents. When printed with certain popular printing frameworks, an additional temporary fi...

CVE-2004-2373

Technical details beyond the public description are not provided in the supplied documents; monitor for updates for potential details on affected products, versions, root cause, and remediation.

CVE-2004-0502

CVE-2004-0502 affects Microsoft Outlook 2003. When replying to an email, Outlook 2003 stores certain files in a predictable location used as the src of an img tag in the original message. This behavior can allow remote attackers to bypass zone restrictions and potentially exploit other issues tha...