3092 matches found
CVE-2013-1902
PostgreSQL, 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 generates insecure temporary files with predictable filenames, which has unspecified impact and attack vectors related to "graphical installers for Linux and Mac OS X."...
Design/Logic Flaw
PostgreSQL, 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 generates insecure temporary files with predictable filenames, which has unspecified impact and attack vectors related to "graphical installers for Linux and Mac OS X."...
CVE-2013-1902
PostgreSQL, 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 generates insecure temporary files with predictable filenames, which has unspecified impact and attack vectors related to "graphical installers for Linux and Mac OS X."...
CVE-2013-1902
PostgreSQL, 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 generates insecure temporary files with predictable filenames, which has unspecified impact and attack vectors related to "graphical installers for Linux and Mac OS X."...
CVE-2013-1427
The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP...
CVE-2013-1427
The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP...
UBUNTU-CVE-2013-1427
The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP...
CVE-2013-1495
asr in Oracle Auto Service Request in Oracle Support Tools before 4.3.2 allows local users to modify arbitrary files via a symlink attack on a predictable filename in /tmp...
Design/Logic Flaw
asr in Oracle Auto Service Request in Oracle Support Tools before 4.3.2 allows local users to modify arbitrary files via a symlink attack on a predictable filename in /tmp...
CVE-2013-1495
asr in Oracle Auto Service Request in Oracle Support Tools before 4.3.2 allows local users to modify arbitrary files via a symlink attack on a predictable filename in /tmp...
CVE-2013-0261
A flaw was found in PackStack. A local user could exploit a symlink attack on a temporary file with a predictable name in the /tmp directory. This vulnerability allows the local user to overwrite arbitrary files on the system, potentially leading to system compromise or data corruption...
CVE-2013-0162
The diffpp function in lib/gauntletrubyparser.rb in the rubyparser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp...
Nmap NSE 6.01: dns-random-srcport
Checks a DNS server for the predictable-port recursion vulnerability. Predictable source ports can make a DNS server vulnerable to cache poisoning attacks see CVE-2008-1447. The script works by querying porttest.dns-oarc.net see https://www.dns- oarc.net/oarc/services/porttest. Be aware that any...
Ubuntu: Security Advisory (USN-1733-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Alt-N MDaemon WorldClient Predictable Session ID
====================================================================== Alt-N MDaemon's WorldClient Predictable Session ID Vulnerability ====================================================================== Software: Alt-N MDaemon v13.0.3 and prior versions Vendor: http://www.altn.com/ Vuln Type:...
Alt-N MDaemon WorldClient 13.0.3 - Multiple Vulnerabilities
Exploit for windows platform in category web applications ====================================================================== Alt-N MDaemon's WorldClient Predictable Session ID Vulnerability ====================================================================== VULNERABILITY DESCRIPTION:...
Alt-N MDaemon WorldClient 13.0.3 - Multiple Vulnerabilities
Alt-N MDaemon WorldClient 13.0.3 - Multiple Vulnerabilities ====================================================================== Alt-N MDaemon's WorldClient Predictable Session ID Vulnerability ====================================================================== Software: Alt-N MDaemon v13.0....
Alt-N MDaemon WorldClient 13.0.3 - Multiple Vulnerabilities
====================================================================== Alt-N MDaemon's WorldClient Predictable Session ID Vulnerability ====================================================================== Software: Alt-N MDaemon v13.0.3 and prior versions Vendor: http://www.altn.com/ Vuln Type:...
CVE-2013-0162 rubygem-ruby_parser: incorrect temporary file usage
The diffpp function in lib/gauntletrubyparser.rb in the rubyparser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp...
Scientific Linux Security Update : mingw32-libxml2 on SL6.x (x86_64) (20130131)
IMPORTANT NOTE: The mingw32 packages in Scientific Linux 6 will no longer be updated proactively and will be deprecated with the release of Scientific Linux 6.4. These packages were provided to support other capabilities in Scientific Linux and were not intended for direct use. You are advised to...