80 matches found
CVE-2014-2906
The psub function in fish aka fish-shell 1.16.0 before 2.1.1 does not properly create temporary files, which allows local users to execute arbitrary commands via a temporary file with a predictable name...
CVE-2014-3856
The funced function in fish aka fish-shell 1.23.0 before 2.1.1 does not properly create temporary files, which allows local users to gain privileges via a temporary file with a predictable name...
FlexAir Access Control 2.3.35 - Authentication Bypass
Exploit Title: FlexAir Access Control 2.3.35 - Authentication Bypass Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/ Version: 2.3.35 Tested on: NA...
FlexAir Access Control 2.3.35 - Authentication Bypass Exploit
Exploit for hardware platform in category web applications Exploit Title: FlexAir Access Control 2.3.35 - Authentication Bypass Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/...
Prima FlexAir Access Control 2.3.35 Database Backup Predictable Name
!/usr/bin/env python -- coding: utf8 -- Prima FlexAir Access Control 2.3.35 Database Backup Predictable Name Exploit Authentication Bypass Login with MD5 hash CVE: CVE-2019-7666, CVE-2019-7667 Advisory: https://applied-risk.com/resources/ar-2019-007 Paper:...
Remote Code Execution (RCE)
Bundler is vulnerable to remote code execution RCE. The attack is possible because a world writable temporary directory with predictable name tmp/: is created by tmphomepath when there is no writable home directory, allowing a remote attacker to create a directory and to write malicious libraries...
CVE-2019-7667
Prima Systems FlexAir, Versions 2.3.38 and prior. The application generates database backup files with a predictable name, and an attacker can use brute force to identify the database backup file name. A malicious actor can exploit this issue to download the database file and disclose login...
Privilege Escalation
glusterfs is vulnerable to privilege escalation. It was found that glusterfs-server RPM package would write file with predictable name into world readable /tmp directory. A local attacker could potentially use this flaw to escalate their privileges to root by modifying the shell script during the...
Unauthorized File Creation
Nagios is vulnerable to symbolic link attack. Due to the flaw in nagios.upgradetov3.sh, it is possible for a local user to create a temporary nagioscfg file with a predictable name in /tmp/.Per: http://rhn.redhat.com/errata/RHSA-2013-1526.html...
Denial Of Service (DoS) Or Escalation Of Privileges
Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service prevent application start or gain privileges by pre-creating a temporary config file in a directory with a predictable name in /tmp/ before it is used by the gem...
lighttpd < 1.4.28 Insecure Temporary File Creation
According to its banner, the version of lighttpd running on the remote host is prior to 1.4.28. Therefore, it may be, affected by the following vulnerability : - The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a...
lighttpd < 1.4.28 Insecure Temporary File Creation
According to its banner, the version of lighttpd running on the remote host is prior to 1.4.28. Therefore, it may be, affected by the following vulnerability : - The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a...
Moderate: Red Hat Security Advisory: Red Hat Gluster Storage 3.2.0 security, bug fix, and enhancement update
An update is now available for Red Hat Gluster Storage 3.2 on Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
CVE-2015-5287
The abrt-hook-ccpp help program in Automatic Bug Reporting Tool ABRT before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump...
Code injection
The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool ABRT before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp...
CVE-2014-8994
The checkdiskio plugin 3.2.6 and earlier for Nagios and Icinga allows local users to write to arbitrary files via a symlink attack on a temporary file with a predictable name tmp/checkdiskiostatus--...
Design/Logic Flaw
The 1 shellexec function in lib/util/MiqSshUtilV1.rb and 2 tempcmdfile function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms 3.0 Management Engine CFME before 5.2.4.2 allow local users to execute arbitrary commands via a symlink attack on a temporary file with a predictable name...
osTicket STS 1.2 Attachment Remote Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10586/info osTicket is reported prone to a remote command execution vulnerability. The issue is reported to present itself because attachments submitted as a part of a support ticket request are stored with a predictable...
Authentication flaw
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not require authentication for access to log files, which allows remote attackers to obtain sensitive server information by using a predictable name in a request for a file...
Code injection
The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp...