CVE-2018-15684

An issue was discovered in BTITeam XBTIT. PHP error logs are stored in an open directory /include/logs using predictable file names, which can lead to full path disclosure and leakage of sensitive data...

Design/Logic Flaw

An issue was discovered in BTITeam XBTIT. PHP error logs are stored in an open directory /include/logs using predictable file names, which can lead to full path disclosure and leakage of sensitive data...

CVE-2018-15684

An issue was discovered in BTITeam XBTIT. PHP error logs are stored in an open directory /include/logs using predictable file names, which can lead to full path disclosure and leakage of sensitive data...

CVE-2018-15684

CVE-2018-15684 concerns BTITeam XBTIT where PHP error logs are stored in an open directory (/include/logs) with predictable filenames, enabling full path disclosure and leakage of sensitive data. The vulnerability is described across multiple sources (NVD/NVD-variants) indicating exposure of log ...

CVE-2017-7501

It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to...

WP Support Plus Responsive Ticket System < 8.0.8 - Remote Code Execution

WP Support Plus Responsive Ticket System = 8.0.7 allows anyone to upload PHP files with extensions like ".phtml", ".php4", ".php5", and so on, all of which are run as if their extension was ".php" on most hosting platforms. This is because "includes/admin/attachment/uploadAttachment.php" contains...

Amazon Linux AMI : perl-IPTables-Parse (ALAS-2015-627)

A vulnerability in perl-IPTables-Parse was found, when using predictable file names for its temporary files. This vulnerability allows attacker on a multi-user system to set up symlinks to overwrite any file the current user has write access to. C Tenable Network Security, Inc. The descriptive te...

GLPI 0.85.5 - Arbitrary File Upload Filter Bypass Remote Code Execution

GLPI 0.85.5 - Arbitrary File Upload Filter Bypass Remote Code Execution Exploit Title: GLPI 0.85.5 RCE through file upload filter bypass Date: September 7th, 2015 Exploit Author: Raffaele Forte Vendor Homepage: http://www.glpi-project.org/ Software Link:...

GLPI 0.85.5 - Arbitrary File Upload / Filter Bypass / Remote Code Execution

Exploit Title: GLPI 0.85.5 RCE through file upload filter bypass Date: September 7th, 2015 Exploit Author: Raffaele Forte Vendor Homepage: http://www.glpi-project.org/ Software Link: https://forge.glpi-project.org/attachments/download/2093/glpi-0.85.5.tar.gz Version: GLPI 0.85.5 Tested on: CentOS...

Microsoft Outlook RTF Embedded Object Security Bypass (CVE-2004-0503)

A security bypass vulnerability exists in Microsoft Outlook. The vulnerability is due to a lack of validation for certain OLE objects attached to RTF messages. A successful exploitation may lead to unprompted installation of an executable when exploited in conjunction with predictable-file-locati...

Amazon Linux: Security Advisory (ALAS-2011-11)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PHP 5.6.x < 5.6.8 Multiple Vulnerabilities - Linux

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

PT-2015-4916 · Debian +2 · Pycode-Browser

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue is related to a predictable temporary file vulnerability. No further details are provided about the nature of the issue, affected devices, or real-world incidents...

GLPI 0.85.2 Shell Upload / Privilege Escalation

Multiple vulnerabilities have been identified in GLPI http://www.glpi-project.org. 1/ Arbitrary file upload Severity: Important Versions Affected =========== All versions between 0.85 and 0.85.2 Description ======= When an user wants to create a new ticket, he has the possibility to add an...

HawtJNI: predictable temporary file name leading to local arbitrary code execution

The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJN...

Important: Red Hat Security Advisory: Red Hat JBoss Operations Network 3.3.0 update

Red Hat JBoss Operations Network 3.2.3, which fixes multiple security issues and several bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give...

Updated hawtjni packages fix security vulnerability

The HawtJNI Library class wrote native libraries to a predictable file name in /tmp/ when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJ...

icedtea-web: insecure temporary file use flaw in LiveConnect implementation

The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp...

HawtJNI: predictable temporary file name leading to local arbitrary code execution

The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJN...

HawtJNI: predictable temporary file name leading to local arbitrary code execution

The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJN...