Lucene search
K

181 matches found

RedHat Linux
RedHat Linux
added 2014/09/23 8:19 p.m.5 views

HawtJNI: predictable temporary file name leading to local arbitrary code execution

The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJN...

4.4CVSS5.8AI score0.00594EPSS
Exploits1References4
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.21 views

Metasploit < 4.4 - pcap_log Plugin Privilege Escalation Exploit

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require...

6.7AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

Microsoft Outlook 2003 Predictable File Location Weakness

No description provided by source. source: http://www.securityfocus.com/bid/10307/info Microsoft Outlook 2003 is reported to be prone to store files that are specified in img tags, in predictable locations. This may present a security risk because many known and potential Internet Explorer...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2014/06/17 12:0 a.m.57 views

[oss-security] CVE request: PHP configure script and Lynis tool /tmp/ issues reported on full disclosure

Good morning, http://seclists.org/fulldisclosure/2014/Jun/21 reports two temporary file issues. The first is in PHP's configure script: char filename = "/tmp/phpglibccheck"; Red Hat bug: https://bugzilla.redhat.com/showbug.cgi?id=1104978 The second issue is Lynis writing a predictable file to...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.22 views

openSUSE Security Update : gnash (openSUSE-SU-2012:0369-1)

gnash used predictable and world readable temporary file names to store HTTP cookies %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-164. The text description of this plugin is C...

5CVSS5.2AI score0.0213EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2014/04/14 1:46 p.m.4 views

HawtJNI: predictable temporary file name leading to local arbitrary code execution

The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJN...

4.4CVSS5.8AI score0.00594EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2014/04/14 1:46 p.m.5 views

HawtJNI: predictable temporary file name leading to local arbitrary code execution

The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJN...

4.4CVSS5.8AI score0.00594EPSS
Exploits1References4
0day.today
0day.today
added 2014/03/26 12:0 a.m.23 views

Kemana Directory 1.5.6 Database Backup Disclosure Vulnerability

Kemana Directory version 1.5.6 suffers from a database backup disclosure vulnerability. ?php / Kemana Directory 1.5.6 Database Backup Disclosure Exploit Vendor: C97net Product web page: http://www.c97.net Affected version: 1.5.6 Summary: Experience the ultimate directory script solution with...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2014/03/25 12:0 a.m.19 views

Kemana Directory 1.5.6 Database Backup Disclosure

$total return; ifempty$starttime $starttime=time; $n...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2014/03/25 12:0 a.m.29 views

Kemana Directory 1.5.6 - Database Backup Disclosure

$total return; ifempty$starttime $starttime=time; $now...

7.4AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2014/03/25 12:0 a.m.26 views

Kemana Directory 1.5.6 Database Backup Disclosure Exploit

Summary Experience the ultimate directory script solution with Kemana. Create your own Yahoo or Dmoz easily with Kemana. Unique Kemana's features including: CMS engine based on our qEngine, multiple directories support, user friendly administration control panel, easy to use custom fields,...

5.7AI score
Exploits0
UbuntuCve
UbuntuCve
added 2014/01/28 12:55 a.m.23 views

CVE-2014-1604

The parser cache functionality in parsergenerator.py in RPLY aka python-rply before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-.json file with a predictable name...

2.1CVSS5.9AI score0.00351EPSS
Exploits0References2
PyPA
PyPA
added 2014/01/28 12:55 a.m.7 views

PYSEC-2014-17

The parser cache functionality in parsergenerator.py in RPLY aka python-rply before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-.json file with a predictable name...

2.1CVSS6.6AI score0.00351EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2014/01/28 12:55 a.m.2 views

UBUNTU-CVE-2014-1604

The parser cache functionality in parsergenerator.py in RPLY aka python-rply before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-.json file with a predictable name...

2.1CVSS5.8AI score0.00351EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2014/01/15 5:45 p.m.4 views

HawtJNI: predictable temporary file name leading to local arbitrary code execution

The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJN...

4.4CVSS5.8AI score0.00594EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2013/12/04 5:58 p.m.36 views

Low: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2.0 update

Updated Red Hat JBoss Enterprise Application Platform 6.2.0 packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common...

5.5CVSS7AI score0.01809EPSS
Exploits1References46
RedHat Linux
RedHat Linux
added 2013/12/04 5:16 p.m.38 views

Low: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2.0 update

An update for Red Hat JBoss Enterprise Application Platform 6.2.0, which fixes two security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having low security impact. Common...

5.5CVSS7AI score0.01809EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2013/09/04 12:0 a.m.34 views

Amazon Linux AMI : puppet (ALAS-2011-11)

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files. Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users ...

6.3CVSS5.6AI score0.00352EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2012/11/12 6:45 p.m.5 views

GlusterFS: insecure temporary file creation

GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names...

3.6CVSS5.8AI score0.00336EPSS
Exploits0References4
exploitpack
exploitpack
added 2012/10/12 12:0 a.m.17 views

Metasploit 4.4 - pcap_log Plugin Privilege Escalation (Metasploit)

Metasploit 4.4 - pcaplog Plugin Privilege Escalation Metasploit This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require...

0.6AI score
Exploits0
Rows per page
Query Builder