Gentoo Security Advisory GLSA 201310-17

Gentoo Linux Local Security Checks GLSA 201310-17 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

DEBIAN-CVE-2015-4037

The slirpsmb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service instantiation failure by creating /tmp/qemu-smb.- files before the program...

CVE-2014-8605

The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! stores database backup files with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to a backup file in administrators/backups/...

CVE-2014-8605

The CVE concerns the XCloner Backup and Restore plugin for WordPress (v3.1.1) and Joomla! (v3.5.1), where database backup files are stored under the web root with predictable names due to insufficient access control. This allows remote attackers to obtain sensitive information by directly request...

CVE-2014-8874

The kequestionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a direct request...

Design/Logic Flaw

The kequestionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a direct request...

CVE-2014-8874

The CVE-2014-8874 entry relates to the TYPO3 extension ke_questionnaire (versions 2.5.2 and earlier). The vulnerability arises from predictable, easily guessable filenames for questionnaire answer files stored in publicly accessible locations, enabling remote attackers to disclose sensitive infor...

CVE-2014-8874

The kequestionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a direct request...

Cscope 13.0/15.x Insecure Temporary File Creation Vulnerabilities (1)

No description provided by source. source: http://www.securityfocus.com/bid/11697/info Cscope creates temporary files in an insecure way. A design error causes the application to fail to verify the presence of a file before writing to it. During execution, the utility reportedly creates temporary...

CVE-2009-5023

The 1 dshield.conf, 2 mail-buffered.conf, 3 mynetwatchman.conf, and 4 mynetwatchman.conf actions in action.d/ in Fail2ban before 0.8.5 allows local users to write to arbitrary files via a symlink attack on temporary files with predictable names, as demonstrated by /tmp/fail2ban-mail.txt...

CVE-2014-2893

The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directories with predictable names...

CVE-2013-4472

The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names...

Design/Logic Flaw

The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names...

pmake: Insecure temporary file usage

Background pmake is Debian’s version of NetBSD’s make, a tool to build programs in parallel. Description /usr/share/mk/bsd.lib.mk and /usr/share/mk/bsd.prog.mk create temporary files insecurely, with predictable names /tmp/dependPID, and without using $TMPDIR. Impact The make include files allow...

FreeBSD : RT -- multiple vulnerabilities (3a429192-c36a-11e2-97a9-6805ca0b3d42)

Thomas Sibley reports : We discovered a number of security vulnerabilities which affect both RT 3.8.x and RT 4.0.x. We are releasing RT versions 3.8.17 and 4.0.13 to resolve these vulnerabilities, as well as patches which apply atop all released versions of 3.8 and 4.0. The vulnerabilities...

PostgreSQL 8.4 < 8.4.17 / 9.0 < 9.0.13 / 9.1 < 9.1.9 / 9.2 < 9.2.4 Multiple Vulnerabilities

The version of PostgreSQL installed on the remote host is 8.4.x prior to 8.4.17, 9.0.x prior to 9.0.13, 9.1.x prior to 9.1.9, or 9.2.x prior to 9.2.4. It therefore is potentially affected by multiple vulnerabilities : - Enterprise DB's installers for Linux and Mac OS X create a directory and file...

Code injection

GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names...

CVE-2012-4417

GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names...

CVE-2012-4417

GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names...

CVE-2012-4417

GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names...