Lucene search
+L

122 matches found

redhatcve
redhatcve
added 2017/07/03 3:19 p.m.39 views

CVE-2017-7501

It was found that rpm uses temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which coul...

7.8CVSS3AI score0.00392EPSS
Exploits0References1
openvas
openvas
added 2015/09/29 12:0 a.m.16 views

Gentoo Security Advisory GLSA 201310-17

Gentoo Linux Local Security Checks GLSA 201310-17 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

3.3CVSS5.1AI score0.00438EPSS
Exploits1References1
osv
osv
added 2015/08/26 7:59 p.m.2 views

DEBIAN-CVE-2015-4037

The slirpsmb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service instantiation failure by creating /tmp/qemu-smb.- files before the program...

1.9CVSS8AI score0.00372EPSS
Exploits0References1
nvd
nvd
added 2015/06/10 6:59 p.m.26 views

CVE-2014-8605

The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! stores database backup files with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to a backup file in administrators/backups/...

5CVSS6.2AI score0.06926EPSS
Exploits2References2
cve
cve
added 2015/06/10 6:0 p.m.42 views

CVE-2014-8605

The CVE concerns the XCloner Backup and Restore plugin for WordPress (v3.1.1) and Joomla! (v3.5.1), where database backup files are stored under the web root with predictable names due to insufficient access control. This allows remote attackers to obtain sensitive information by directly request...

5CVSS6.3AI score0.06926EPSS
Exploits2References2Affected Software1
nvd
nvd
added 2014/12/02 4:59 p.m.14 views

CVE-2014-8874

The kequestionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a direct request...

5CVSS6AI score0.0148EPSS
Exploits3References3
prion
prion
added 2014/12/02 4:59 p.m.15 views

Design/Logic Flaw

The kequestionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a direct request...

5CVSS6.5AI score0.0148EPSS
Exploits3References3Affected Software1
cvelist
cvelist
added 2014/12/02 4:0 p.m.22 views

CVE-2014-8874

The kequestionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a direct request...

6AI score0.0148EPSS
Exploits3References3
cve
cve
added 2014/12/02 4:0 p.m.50 views

CVE-2014-8874

The CVE-2014-8874 entry relates to the TYPO3 extension ke_questionnaire (versions 2.5.2 and earlier). The vulnerability arises from predictable, easily guessable filenames for questionnaire answer files stored in publicly accessible locations, enabling remote attackers to disclose sensitive infor...

5CVSS6.2AI score0.0148EPSS
Exploits3References3Affected Software1
seebug
seebug
added 2014/07/01 12:0 a.m.13 views

Cscope 13.0/15.x Insecure Temporary File Creation Vulnerabilities (1)

No description provided by source. source: http://www.securityfocus.com/bid/11697/info Cscope creates temporary files in an insecure way. A design error causes the application to fail to verify the presence of a file before writing to it. During execution, the utility reportedly creates temporary...

7.1AI score
Exploits0
debiancve
debiancve
added 2014/06/10 2:0 p.m.29 views

CVE-2009-5023

The 1 dshield.conf, 2 mail-buffered.conf, 3 mynetwatchman.conf, and 4 mynetwatchman.conf actions in action.d/ in Fail2ban before 0.8.5 allows local users to write to arbitrary files via a symlink attack on temporary files with predictable names, as demonstrated by /tmp/fail2ban-mail.txt...

4.7CVSS6.2AI score0.0034EPSS
Exploits0
nvd
nvd
added 2014/04/23 3:55 p.m.21 views

CVE-2014-2893

The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directories with predictable names...

1.9CVSS5.9AI score0.00407EPSS
Exploits0References4
osv
osv
added 2014/04/22 2:23 p.m.11 views

CVE-2013-4472

The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names...

6.5AI score
Exploits0References4
prion
prion
added 2014/04/22 2:23 p.m.13 views

Design/Logic Flaw

The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names...

3.3CVSS6.8AI score0.00367EPSS
Exploits0References4Affected Software1
gentoo
gentoo
added 2013/10/28 12:0 a.m.26 views

pmake: Insecure temporary file usage

Background pmake is Debian’s version of NetBSD’s make, a tool to build programs in parallel. Description /usr/share/mk/bsd.lib.mk and /usr/share/mk/bsd.prog.mk create temporary files insecurely, with predictable names /tmp/dependPID, and without using $TMPDIR. Impact The make include files allow...

3.3CVSS6.3AI score0.00438EPSS
Exploits1
nessus
nessus
added 2013/05/24 12:0 a.m.34 views

FreeBSD : RT -- multiple vulnerabilities (3a429192-c36a-11e2-97a9-6805ca0b3d42)

Thomas Sibley reports : We discovered a number of security vulnerabilities which affect both RT 3.8.x and RT 4.0.x. We are releasing RT versions 3.8.17 and 4.0.13 to resolve these vulnerabilities, as well as patches which apply atop all released versions of 3.8 and 4.0. The vulnerabilities...

6.8CVSS7.6AI score0.02428EPSS
Exploits0References12
nessus
nessus
added 2013/04/08 12:0 a.m.99 views

PostgreSQL 8.4 < 8.4.17 / 9.0 < 9.0.13 / 9.1 < 9.1.9 / 9.2 < 9.2.4 Multiple Vulnerabilities

The version of PostgreSQL installed on the remote host is 8.4.x prior to 8.4.17, 9.0.x prior to 9.0.13, 9.1.x prior to 9.1.9, or 9.2.x prior to 9.2.4. It therefore is potentially affected by multiple vulnerabilities : - Enterprise DB's installers for Linux and Mac OS X create a directory and file...

10CVSS8.2AI score0.02206EPSS
Exploits1References7
nvd
nvd
added 2012/11/18 11:55 p.m.24 views

CVE-2012-4417

GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names...

3.6CVSS6.1AI score0.00336EPSS
Exploits0References5
ubuntucve
ubuntucve
added 2012/11/18 11:55 p.m.31 views

CVE-2012-4417

GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names...

3.6CVSS5.9AI score0.00336EPSS
Exploits0References2
prion
prion
added 2012/11/18 11:55 p.m.25 views

Code injection

GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names...

3.6CVSS6.4AI score0.00336EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder