CVE-2014-7809

Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable values, which allows remote attackers to bypass the CSRF protection mechanism...

Session fixation

Digicom DG-5514T ADSL router with firmware 3.2 generates predictable session IDs, which allows remote attackers to gain administrator privileges via a brute force session hijacking attack...

CVE-2014-8496

Digicom DG-5514T ADSL router with firmware 3.2 generates predictable session IDs, which allows remote attackers to gain administrator privileges via a brute force session hijacking attack...

CVE-2014-8874

The kequestionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a direct request...

Design/Logic Flaw

The kequestionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a direct request...

CVE-2014-8874

The CVE-2014-8874 entry relates to the TYPO3 extension ke_questionnaire (versions 2.5.2 and earlier). The vulnerability arises from predictable, easily guessable filenames for questionnaire answer files stored in publicly accessible locations, enabling remote attackers to disclose sensitive infor...

CVE-2014-8874

The kequestionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a direct request...

Design/Logic Flaw

host-deny.sh in OSSEC before 2.8.1 writes to temporary files with predictable filenames without verifying ownership, which allows local users to modify access restrictions in hosts.deny and gain root privileges by creating the temporary files before automatic IP blocking is performed...

CVE-2014-5284

CVE-2014-5284 affects OSSEC prior to 2.8.1, where host-deny.sh writes to temporary files with predictable filenames without ownership verification. This can allow a local attacker to modify hosts.deny and gain root privileges by pre-creating temp files before automatic IP blocking occurs. The vul...

CVE-2014-5284

host-deny.sh in OSSEC before 2.8.1 writes to temporary files with predictable filenames without verifying ownership, which allows local users to modify access restrictions in hosts.deny and gain root privileges by creating the temporary files before automatic IP blocking is performed...

CVE-2014-8994

The checkdiskio plugin 3.2.6 and earlier for Nagios and Icinga allows local users to write to arbitrary files via a symlink attack on a temporary file with a predictable name tmp/checkdiskiostatus--...

HawtJNI: predictable temporary file name leading to local arbitrary code execution

The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJN...

Important: Red Hat Security Advisory: Red Hat JBoss Operations Network 3.3.0 update

Red Hat JBoss Operations Network 3.2.3, which fixes multiple security issues and several bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give...

Updated hawtjni packages fix security vulnerability

The HawtJNI Library class wrote native libraries to a predictable file name in /tmp/ when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJ...

DLA-88-1 ruby1.8 - security update

Bulletin has no description...

McAfee EEFF / FRP Predictable Salt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2014-008 Products: McAfee Endpoint Encryption for Files and Folders EEFF McAfee File and Removable Media Protection FRP Vendor: McAfee, Inc. Affected Versions: EEFF 3.2.x, 4.0.x, 4.1.x, 4.2.x; FRP 4.3.0.x Tested Versions: 4.2.0.164...

CVE-2013-7408

F5 BIG-IP Analytics 11.x before 11.4.0 uses a predictable session cookie, which makes it easier for remote attackers to have unspecified impact by guessing the value...

icedtea-web: insecure temporary file use flaw in LiveConnect implementation

The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp...

F5 Networks BIG-IP : BIG-IP Analytics generates predictable session cookies (SOL14334)

The BIG-IP Analytics system generates predictable session cookies. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from F5 Networks BIG-IP Solution SOL14334. The text description of this plugin is C F5 Networks. include"compat.inc"; if...

HawtJNI: predictable temporary file name leading to local arbitrary code execution

The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJN...