CVE-2024-55566

ColPack 1.0.10 through 9a7293a has a predictable temporary file located under /tmp with a name derived from an unseeded RNG. The impact can be overwriting files or making ColPack graphing unavailable to other users...

WordPress plugin UsersWP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2023-6376 Henschen & Associates court document management software cache uses predictable file names

Henschen & Associates court document management software does not sufficiently randomize file names of cached documents, allowing a remote, unauthenticated attacker to access restricted documents...

SUSE CVE-2015-5287

The abrt-hook-ccpp help program in Automatic Bug Reporting Tool ABRT before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump...

3DPrint < 3.5.6.9 - CSRF to arbitrary file downlad

Description The plugin does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will create an archive of any files or directories on the target server by tricking a logged in admin into...

SUSE CVE-2012-3378

The registerapplication function in atk-adaptor/bridge.c in GNOME at-spi2-atk 2.5.2 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack on a temporary socket file in...

SUSE CVE-2012-3537

The Crowbar Ohai plugin chef/cookbooks/ohai/files/default/plugins/crowbar.rb in the Deployer Barclamp in Crowbar, possibly 1.4 and earlier, allows local users to execute arbitrary shell commands via vectors related to "insecure handling of tmp files" and predictable file names...

CVE-2022-26851

Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to data loss...

Design/Logic Flaw

Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to data loss...

CVE-2022-26851

Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to data loss...

CVE-2022-26851

Dell PowerScale OneFS (8.2.2–9.3.x) contains a vulnerability described as a predictable file name from observable state. An unprivileged, remote attacker could exploit it to cause data loss. Affected component/condition corresponds to the observable state of file naming; the exact root cause is d...

CVE-2022-26851

Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to data loss...

Unrestricted access to predictable file paths in hov/jobfair

An issue was discovered in the jobfair aka Job Fair extension before 1.0.13 and 2.x before 2.0.2 for TYPO3. The extension fails to protect or obfuscate filenames of uploaded files. This allows unauthenticated users to download files with sensitive data by simply guessing the filename of uploaded...

The vulnerability of the “pleaseedit” system administration tool is related to an incorrect definition of the link before accessing the file. This allows attackers to gain access to confidential data, compromise its integrity, and cause service interruptions.

The vulnerability of the “pleaseedit” system administration tool is related to the use of predictable file names. Exploiting this vulnerability can allow attackers to access confidential data, compromise its integrity, and even cause service interruptions...

Advisory ROSA-SA-2021-1963

Software: rpm 4.11.3 OS: Cobalt 7.9 CVE-ID: CVE-2017-7501 CVE-Crit: HIGH CVE-DESC: It was discovered that rpm versions prior to 4.13.0.2 use temporary files with predictable names when installing RPM. An attacker with the ability to write to the directory where the files will be installed could...

Race condition

By exploiting a time of check to time of use TOCTOU race condition during the Endpoint Security for Linux Threat Prevention and Firewall ENSL TP/FW installation process, a local user can perform a privilege escalation attack to obtain administrator privileges for the purpose of executing arbitrar...

Escalation Of Privilege

generatedoygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges...

CVE-2020-1994

A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions...

Design/Logic Flaw

The funced function in fish aka fish-shell 1.23.0 before 2.1.1 does not properly create temporary files, which allows local users to gain privileges via a temporary file with a predictable name...

LTSP LDM Elevation of Privilege Vulnerability

LTSP is a well-known Linux Terminal Server Project program that adds thin client support to Linux servers. An elevation of privilege vulnerability exists in LTSP LDM, which can be exploited by an attacker with certain privileges to gain privileges by performing a symbolic link attack on files wit...