CVE-2006-7061

Scriptsez.net E-Dating System stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read private messages and leverage them for cross-site scripting XSS attacks...

CVE-2006-7061

CVE-2006-7061 affects Scriptsez.net E-Dating System. The vulnerability stems from storing data files with predictable names under the web document root and insufficient access control, enabling remote attackers to read private messages and potentially leverage them for XSS. The connected document...

TORQUE: Insecure temporary file creation

Background TORQUE is a resource manager providing control over batch jobs and distributed compute nodes. Description TORQUE creates temporary files with predictable names. Please note that the TORQUE package shipped in Gentoo Portage is not vulnerable in the default configuration. Only systems wi...

CVE-2005-2101

CVE-2005-2101 affects KDE kdeedu: specifically the langen2kvtml script in the kvoctrain component creates insecure temporary files in /tmp with predictable names, allowing a local attacker to overwrite arbitrary files. Multiple vendors/advisories (Debian DSA-818-1, Mandrake/MKSA-2005:159, SUSE, O...

CVE-2005-2101

langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in /tmp with predictable names, which allows local users to overwrite arbitrary files...

CVE-2002-2001

jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable names, which allows local users to overwrite arbitrary files via a symlink attack...

DEBIAN-CVE-2005-0225

firehol.sh in FireHOL before 1.224 creates temporary files with predictable file names, which could allow local users to overwrite arbitrary files via a symlink attack...

DEBIAN-CVE-2005-0787

Wine 20050211 and earlier creates temp files with world readable permissions and predictable file names, which allows local users to obtain sensitive information, such as passwords...

Sun Java Plugin may create temporary files with predictable names

Overview The Sun Java Plugin may allow remote users to create files with arbitrary content in a specific location. Description From the Sun Java Plugin page:Java Plug-in technology, included as part of the Java 2 Runtime Environment, Standard Edition JRE, establishes a connection between popular...

DEBIAN-CVE-2004-0996

main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack...

Cscope 13.015.x - Insecure Temporary File Creation (2)

Cscope 13.015.x - Insecure Temporary File Creation 2 // source: https://www.securityfocus.com/bid/11697/info Cscope creates temporary files in an insecure way. A design error causes the application to fail to verify the presence of a file before writing to it. During execution, the utility...

Davfs2, lvm-user: Insecure tempfile handling

Background Davfs2 is a file system driver that allows you to mount a WebDAV server as a local disk drive. lvm-user is a package providing userland utilities for LVM Logical Volume Management 1.x features. Description Florian Schilhabel from the Gentoo Linux Security Audit Team found that Davfs2...

gettext: Insecure temporary file handling

Background gettext is a set of utilities for the GNU Translation Project which provides a set of tools and documentation to help produce multi-lingual messages in programs. Description gettext insecurely creates temporary files in world-writeable directories with predictable names. Impact A local...

osTicket STS 1.2 - Attachment Remote Command Execution

source: https://www.securityfocus.com/bid/10586/info osTicket is reported prone to a remote command execution vulnerability. The issue is reported to present itself because attachments submitted as a part of a support ticket request are stored with a predictable name in a known web accessible...

CVE-2003-1099

shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary files with predictable names in /tmp, which allows local users to cause a denial of service and possibly execute arbitrary code via a symlink attack...

CVE-2003-0877

Mac OS X before 10.3 with core files enabled allows local users to overwrite arbitrary files and read core files via a symlink attack on core files that are created with predictable names in the /cores directory...

DEBIAN-CVE-2003-0596

FDclone 2.00a, and other versions before 2.02a, creates temporary directories with predictable names and uses them if they already exist, which allows local users to read or modify files of other fdclone users by creating the directory ahead of time...

DEBIAN-CVE-2002-1395

Internet Message IM 141-18 and earlier uses predictable file and directory names, which allows local users to 1 obtain unauthorized directory permissions via a temporary directory used by impwagent, and 2 overwrite and create arbitrary files via immknmz...

PT-2001-1232 · Qpopper · Qpopper

Name of the Vulnerable Software and Affected Versions: qpopper affected versions not specified Description: The qpopper POP server creates lock files with predictable names. This allows local users to cause a denial of service for other users, resulting in a lack of mail access, by creating lock...

CVE-2000-0270

The CVE affects Emacs 20’s make-temp-name Lisp function, which creates temporary files with predictable names, enabling a symlink attack. This is described by CVE-2000-0270 in NVD; connected sources note the same vulnerability. The available documents do not specify a patch version or workaround....