Code injection

welcome.py in xdiagnose before 2.5.2ubuntu0.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp...

CVE-2012-5355

welcome.py in xdiagnose before 2.5.2ubuntu0.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp...

Design/Logic Flaw

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key...

CVE-2012-2681

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key...

CVE-2012-2681

CVE-2012-2681 affects Cumin before 0.1.5444 used in Red Hat Enterprise Messaging/Realtime/Grid (MRG) 2.0. It uses predictable random numbers to generate session keys, making it easier for remote attackers to guess the session key. Connected advisories indicate Red Hat security updates for the Gri...

cumin: weak session keys

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key...

cumin: weak session keys

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key...

CoSoSys Endpoint Protector - Predictable Password Generation

source: https://www.securityfocus.com/bid/55570/info CoSoSys Endpoint Protector is prone to an insecure password generation vulnerability. Successfully exploiting this issue may allow an attacker to guess generated passwords and gain access to affected appliances. CoSoSys Endpoint Protector 4 is...

CoSoSys Endpoint Protector 4 appliance contains a predictable password for root-equivalent account vulnerability

Overview CoSoSys Endpoint Protector 4 appliance contains a predictable password for root-equivalent accounts. Description According to the CoSoSys's website the Endpoint Protector 4 appliance is a DLP product used to prevent users from taking unauthorized data outside the company or bringing...

BlackHole Exploit Kit 2.0 released with more latest Exploits

According to release announcement on Pastebin by unknown developers in a Russian-language BlackHole Exploit Kit 2.0 released with more latest Exploits. BlackHole is one of the most dominant exploit toolkits currently available in the underground market. It enables attackers to exploit security...

Design/Logic Flaw

The Crowbar Ohai plugin chef/cookbooks/ohai/files/default/plugins/crowbar.rb in the Deployer Barclamp in Crowbar, possibly 1.4 and earlier, allows local users to execute arbitrary shell commands via vectors related to "insecure handling of tmp files" and predictable file names...

CVE-2012-3537

The Crowbar Ohai plugin chef/cookbooks/ohai/files/default/plugins/crowbar.rb in the Deployer Barclamp in Crowbar, possibly 1.4 and earlier, allows local users to execute arbitrary shell commands via vectors related to "insecure handling of tmp files" and predictable file names...

CVE-2012-3378

The registerapplication function in atk-adaptor/bridge.c in GNOME at-spi2-atk 2.5.2 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack on a temporary socket file in...

Code injection

The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names...

CVE-2012-2103

The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names...

CVE-2012-3024

Tridium Niagara AX Framework through 3.6 uses predictable values for 1 session IDs and 2 keys, which might allow remote attackers to bypass authentication via a brute-force attack...

Authentication flaw

Tridium Niagara AX Framework through 3.6 uses predictable values for 1 session IDs and 2 keys, which might allow remote attackers to bypass authentication via a brute-force attack...

CVE-2012-3024

Tridium Niagara AX Framework through 3.6 uses predictable values for 1 session IDs and 2 keys, which might allow remote attackers to bypass authentication via a brute-force attack...

PT-2012-4445 · Tridium · Tridium Niagara Ax Framework

Name of the Vulnerable Software and Affected Versions: Tridium Niagara AX Framework versions prior to 3.8 is not mentioned, however, it is mentioned that versions through 3.6 are affected. Therefore: Tridium Niagara AX Framework versions through 3.6 Description: The issue is related to the use of...

Puppet: Multiple vulnerabilities

Background Puppet is a system configuration management tool written in Ruby. Description Multiple vulnerabilities have been found in Puppet: Puppet uses predictable file names for temporary files CVE-2012-1906. REST requests for a file in a remote filebucket are not handled properly by overriding...