Lucene search
K

80 matches found

Cvelist
Cvelist
added 2020/01/28 3:35 p.m.23 views

CVE-2014-2906

The psub function in fish aka fish-shell 1.16.0 before 2.1.1 does not properly create temporary files, which allows local users to execute arbitrary commands via a temporary file with a predictable name...

8.2AI score0.00314EPSS
Exploits0References3
Cvelist
Cvelist
added 2020/01/28 3:30 p.m.21 views

CVE-2014-3856

The funced function in fish aka fish-shell 1.23.0 before 2.1.1 does not properly create temporary files, which allows local users to gain privileges via a temporary file with a predictable name...

7.9AI score0.0029EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2019/11/12 12:0 a.m.194 views

FlexAir Access Control 2.3.35 - Authentication Bypass

Exploit Title: FlexAir Access Control 2.3.35 - Authentication Bypass Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/ Version: 2.3.35 Tested on: NA...

9.8CVSS9.5AI score0.1482EPSS
Exploits6
0day.today
0day.today
added 2019/11/12 12:0 a.m.112 views

FlexAir Access Control 2.3.35 - Authentication Bypass Exploit

Exploit for hardware platform in category web applications Exploit Title: FlexAir Access Control 2.3.35 - Authentication Bypass Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/...

6.5CVSS0.1482EPSS
Exploits6
Packet Storm
Packet Storm
added 2019/11/12 12:0 a.m.140 views

Prima FlexAir Access Control 2.3.35 Database Backup Predictable Name

!/usr/bin/env python -- coding: utf8 -- Prima FlexAir Access Control 2.3.35 Database Backup Predictable Name Exploit Authentication Bypass Login with MD5 hash CVE: CVE-2019-7666, CVE-2019-7667 Advisory: https://applied-risk.com/resources/ar-2019-007 Paper:...

6.5CVSS9.3AI score0.1482EPSS
Exploits6
Veracode
Veracode
added 2019/07/31 9:46 a.m.29 views

Remote Code Execution (RCE)

Bundler is vulnerable to remote code execution RCE. The attack is possible because a world writable temporary directory with predictable name tmp/: is created by tmphomepath when there is no writable home directory, allowing a remote attacker to create a directory and to write malicious libraries...

7.8CVSS3.8AI score0.00529EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2019/07/01 6:22 p.m.36 views

CVE-2019-7667

Prima Systems FlexAir, Versions 2.3.38 and prior. The application generates database backup files with a predictable name, and an attacker can use brute force to identify the database backup file name. A malicious actor can exploit this issue to download the database file and disclose login...

9.7AI score0.04497EPSS
Exploits5References4
Veracode
Veracode
added 2019/01/15 9:16 a.m.17 views

Privilege Escalation

glusterfs is vulnerable to privilege escalation. It was found that glusterfs-server RPM package would write file with predictable name into world readable /tmp directory. A local attacker could potentially use this flaw to escalate their privileges to root by modifying the shell script during the...

7.8CVSS7.4AI score0.00457EPSS
Exploits0References19Affected Software3
Veracode
Veracode
added 2019/01/15 9:1 a.m.25 views

Unauthorized File Creation

Nagios is vulnerable to symbolic link attack. Due to the flaw in nagios.upgradetov3.sh, it is possible for a local user to create a temporary nagioscfg file with a predictable name in /tmp/.Per: http://rhn.redhat.com/errata/RHSA-2013-1526.html...

6.3CVSS5.8AI score0.00354EPSS
Exploits0References6Affected Software1
Veracode
Veracode
added 2019/01/15 8:57 a.m.24 views

Denial Of Service (DoS) Or Escalation Of Privileges

Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service prevent application start or gain privileges by pre-creating a temporary config file in a directory with a predictable name in /tmp/ before it is used by the gem...

4.6CVSS6AI score0.004EPSS
Exploits0References8Affected Software2
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.273 views

lighttpd < 1.4.28 Insecure Temporary File Creation

According to its banner, the version of lighttpd running on the remote host is prior to 1.4.28. Therefore, it may be, affected by the following vulnerability : - The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a...

1.9CVSS7.1AI score0.00349EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2018/02/06 12:0 a.m.67 views

lighttpd < 1.4.28 Insecure Temporary File Creation

According to its banner, the version of lighttpd running on the remote host is prior to 1.4.28. Therefore, it may be, affected by the following vulnerability : - The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a...

1.9CVSS5.5AI score0.00349EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2017/03/23 5:6 a.m.45 views

Moderate: Red Hat Security Advisory: Red Hat Gluster Storage 3.2.0 security, bug fix, and enhancement update

An update is now available for Red Hat Gluster Storage 3.2 on Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.8CVSS6.5AI score0.00457EPSS
Exploits0References12
NVD
NVD
added 2015/12/07 6:59 p.m.19 views

CVE-2015-5287

The abrt-hook-ccpp help program in Automatic Bug Reporting Tool ABRT before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump...

6.9CVSS6.3AI score0.03268EPSS
Exploits17References8
Prion
Prion
added 2015/12/07 6:59 p.m.17 views

Code injection

The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool ABRT before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp...

3.6CVSS6.7AI score0.00901EPSS
Exploits5References7Affected Software5
NVD
NVD
added 2014/11/28 3:59 p.m.15 views

CVE-2014-8994

The checkdiskio plugin 3.2.6 and earlier for Nagios and Icinga allows local users to write to arbitrary files via a symlink attack on a temporary file with a predictable name tmp/checkdiskiostatus--...

3.6CVSS6.5AI score0.00329EPSS
Exploits0References4
Prion
Prion
added 2014/07/07 2:55 p.m.31 views

Design/Logic Flaw

The 1 shellexec function in lib/util/MiqSshUtilV1.rb and 2 tempcmdfile function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms 3.0 Management Engine CFME before 5.2.4.2 allow local users to execute arbitrary commands via a symlink attack on a temporary file with a predictable name...

6.9CVSS7.5AI score0.00354EPSS
Exploits0References3Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.47 views

osTicket STS 1.2 Attachment Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10586/info osTicket is reported prone to a remote command execution vulnerability. The issue is reported to present itself because attachments submitted as a part of a support ticket request are stored with a predictable...

7.1AI score
Exploits0
Prion
Prion
added 2014/04/15 11:13 p.m.13 views

Authentication flaw

PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not require authentication for access to log files, which allows remote attackers to obtain sensitive server information by using a predictable name in a request for a file...

5CVSS7AI score0.02088EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2014/03/03 4:55 p.m.12 views

Code injection

The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp...

2.1CVSS6.5AI score0.00482EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder