Lucene search
K

181 matches found

OSV
OSV
added 2005/05/02 4:0 a.m.7 views

CVE-2005-0225

firehol.sh in FireHOL before 1.224 creates temporary files with predictable file names, which could allow local users to overwrite arbitrary files via a symlink attack...

6.5AI score
Exploits0References8
NVD
NVD
added 2005/04/26 4:0 a.m.21 views

CVE-2005-1270

The 1 checkupdate.sh and 2 rkhunter script in Rootkit Hunter before 1.2.3-r1 create temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack...

2.1CVSS6AI score0.00342EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2005/03/20 5:0 a.m.23 views

CVE-2005-0787

Wine 20050211 and earlier creates temp files with world readable permissions and predictable file names, which allows local users to obtain sensitive information, such as passwords...

2.1CVSS2.3AI score0.00456EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2005/01/30 12:0 a.m.27 views

f2c: Insecure temporary file creation

Background f2c is a Fortran to C translator. Portage uses this package in some ebuilds to build Fortran sources. Description Javier Fernandez-Sanguino Pena from the Debian Security Audit Team discovered that f2c creates temporary files in world-writeable directories with predictable names. Impact...

2.1CVSS6.1AI score0.00352EPSS
Exploits0
NVD
NVD
added 2004/12/23 5:0 a.m.18 views

CVE-2004-1336

The xdvizilla script in tetex-bin 2.0.2 creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack...

2.1CVSS6.3AI score0.00362EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2004/12/23 5:0 a.m.22 views

CVE-2004-1336

The xdvizilla script in tetex-bin 2.0.2 creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack...

2.1CVSS5.9AI score0.00362EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2004/08/23 12:0 a.m.23 views

IMWheel 1.0 - Predictable Temporary File Creation

source: https://www.securityfocus.com/bid/11008/info IMWheel is reported prone to a predictable temporary file creation vulnerability. This issue is a race condition error and may allow a local attacker to carry out denial of service attacks against other users and possibly gain elevated...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2004/06/03 4:0 a.m.21 views

CVE-2004-0502

Outlook 2003, when replying to an e-mail message, stores certain files in a predictable location for the "src" of an img tag of the original message, which allows remote attackers to bypass zone restrictions and exploit other issues that rely on predictable locations, as demonstrated using a shel...

6.7AI score0.20173EPSS
Exploits1References6
Cvelist
Cvelist
added 2004/06/03 4:0 a.m.27 views

CVE-2004-0503

Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format RTF message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to...

6.4AI score0.11445EPSS
Exploits1References6
Exploit DB
Exploit DB
added 2004/05/10 12:0 a.m.24 views

Microsoft Outlook 2003 - Predictable File Location

source: https://www.securityfocus.com/bid/10307/info Microsoft Outlook 2003 is reported to be prone to store files that are specified in img tags, in predictable locations. This may present a security risk because many known and potential Internet Explorer vulnerabilities depend on the attacker...

7.4AI score
Exploits0
NVD
NVD
added 2004/01/05 5:0 a.m.16 views

CVE-2003-1017

Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a predictable location that is accessible to web browsers such as Internet Explorer and Opera, which allows remote attackers to read restricted files via vulnerabilities in web browsers whose exploits rely on predictable names...

5CVSS6.8AI score0.03002EPSS
Exploits1References3
Exploit DB
Exploit DB
added 2003/10/24 12:0 a.m.26 views

Macromedia Flash Player 6.0.x - Flash Cookie Predictable File Location

source: https://www.securityfocus.com/bid/8900/info Macromedia Flash Player is reported to store Flash cookies .sol files in a predictable location on client systems. Other attacks are possible given the ability to store content on a system in a predictable location, such as referencing the conte...

7AI score
Exploits0
CVE
CVE
added 2003/01/08 5:0 a.m.63 views

CVE-2002-1395

CVE-2002-1395 affects Internet Message (IM) and its components impwagent and immknmz. The Debian advisory notes insecure handling of temporary files: impwagent creates a temporary directory in /tmp with predictable names, allowing local users to obtain unauthorized directory permissions, and immk...

2.1CVSS6.1AI score0.00371EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2001/08/31 4:0 a.m.12 views

CVE-2000-1198

qpopper POP server creates lock files with predictable names, which allows local users to cause a denial of service for other users lack of mail access by creating lock files for other mail boxes...

5.5CVSS5.4AI score0.00348EPSS
Exploits0References3
NVD
NVD
added 2001/07/11 4:0 a.m.10 views

CVE-2001-1146

AllCommerce with debugging enabled in EnGarde Secure Linux 1.0.1 creates temporary files with predictable names, which allows local users to modify files via a symlink attack...

1.2CVSS6.1AI score0.00336EPSS
Exploits0References3
securityvulns
securityvulns
added 2001/07/10 12:0 a.m.35 views

ml85p - driver for Samsung ML-85G and /tmp

ml85p - driver for Samsung ML-85G GDI printers seems to use /tmp unsecurely. it seems to use the time function to determine the /tmp files name. root@linux exp strings /usr/bin/ml85p | grep tmp /tmp/ml85gd 401070dd iopl0x3 = 0 400cf2bd timeNULL = 994462668 40100cbf brk0 = 0x8064544 40100cbf...

Exploits0
securityvulns
securityvulns
added 2001/02/13 12:0 a.m.36 views

Дырка в Microfocus Cobol

При установке создаются файлы открытые на запись и временные файлы с предсказуемыми именами...

0.5AI score
Exploits0References1Affected Software1
CVE
CVE
added 2001/01/22 5:0 a.m.56 views

CVE-2000-1096

The CVE-2000-1096 entry concerns the crontab utility by Paul Vixie, where temporary files are created with predictable names and there is insufficient verification that the file is owned by the user running crontab -e. This enables local users who have write access to the crontab spool directory ...

3.7CVSS7.6AI score0.00786EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2000/10/13 4:0 a.m.49 views

CVE-2000-0579

IRIX crontab is affected: it creates temporary files with predictable names and the user’s umask, enabling local users to modify another user’s crontab while it is being edited. The CVSS data indicates local access with partial confidentiality/integrity/availability impact. No remediation details...

3.7CVSS6.7AI score0.00343EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2000/07/19 4:0 a.m.23 views

CVE-2000-0578

SGI MIPSPro compilers C, C++, F77 and F90 generate temporary files in /tmp with predictable file names, which could allow local users to insert malicious contents into these files as they are being compiled by another user...

6.3AI score0.00395EPSS
Exploits1References2
Rows per page
Query Builder