Firefox: Predictable /tmp pathname use

Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3.0.14 and earlier 2.x and 3.x versions, on Linux uses a predictable /tmp pathname for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded file by placing a file in a /tmp locati...

[SECURITY] [DSA 2017-1] New pulseaudio packages fix insecure temporary directory

------------------------------------------------------------------------ Debian Security Advisory DSA-2017-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano March 15, 2010 http://www.debian.org/security/faq -...

Novell eDirectory 8.8.5 - DHost Weak Session Cookie Session Hijacking (Metasploit)

source: https://www.securityfocus.com/bid/38782/info Novell eDirectory is prone to a session-hijacking vulnerability. An attacker can exploit this issue to gain access to the affected application. Novell eDirectory 8.8.5 is vulnerable; other versions may also be affected. $Id:...

CVE-2010-0123

The database backup implementation in Employee Timeclock Software 0.99 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for a "semi-predictable file name."...

CVE-2009-4655

CVE-2009-4655 affects Novell eDirectory 8.8.5 DHOST web service, which uses a predictable session cookie that can enable session hijacking by a remote attacker. The PacketStorm/MSF and Nessus/OpenVAS entries corroborate a cookie-based hijack vector tied to DHost. Evidence notes the vulnerability ...

Debian DSA-1922-1 : xulrunner - several vulnerabilities

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-3380 Vladimir Vukicevic, Jesse Ruderman, Martijn Wargers...

DEBIAN-CVE-2008-7252

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors...

CVE-2008-7252

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors...

CVE-2008-7252

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors...

Design/Logic Flaw

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors...

CVE-2008-7252

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors...

CVE-2008-7252

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors...

phpMyAdmin创建不安全文件和目录漏洞

BUGTRAQ ID: 37826 CVE ID: CVE-2008-7251,CVE-2008-7252 phpMyAdmin是用PHP编写的工具，用于通过WEB管理MySQL。 phpMyAdmin在创建临时目录时使用了完全可写的权限，在创建临时文件时使用了可预测的文件名。本地或远程攻击者可以非授权修改文件，或通过符号链接攻击获得权限提升。 phpMyAdmin 2.11.x 厂商补丁： phpMyAdmin ---------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Unsafe handling of temporary files

PMASA-2010-2 Announcement-ID: PMASA-2010-2 Date: 2010-01-15 Summary Unsafe handling of temporary files Description phpMyAdmin created temporary files with predictable file name. Severity We consider these vulnerabilities to be not critical. Affected Versions For 2.11.x: versions before 2.11.10 ar...

Design/Logic Flaw

Feature Pack for Communications Enabled Applications CEA before 1.0.0.1 for IBM WebSphere Application Server 7.0.0.7 uses predictable session values, which allows man-in-the-middle attackers to spoof a collaboration session by guessing the value...

CVE-2009-2749

Feature Pack for Communications Enabled Applications CEA before 1.0.0.1 for IBM WebSphere Application Server 7.0.0.7 uses predictable session values, which allows man-in-the-middle attackers to spoof a collaboration session by guessing the value...

CVE-2009-2749

Feature Pack for Communications Enabled Applications CEA before 1.0.0.1 for IBM WebSphere Application Server 7.0.0.7 uses predictable session values, which allows man-in-the-middle attackers to spoof a collaboration session by guessing the value...

CVE-2009-2749

CVE-2009-2749 affects IBM WebSphere Application Server 7.0.0.7 with the Feature Pack for Communications Enabled Applications (CEA). The root cause is the use of predictable session values in CEA prior to version 1.0.0.1, which allows a MITM attacker to spoof a collaboration session by guessing th...

Mandriva Linux Security Advisory : firefox (MDVSA-2009:290-1)

Security issues were identified and fixed in firefox 3.0.x : Security researcher Alin Rad Pop of Secunia Research reported a heap-based buffer overflow in Mozilla's string to floating point number conversion routines. Using this vulnerability an attacker could craft some malicious JavaScript code...

Alteon OS BBI (Nortell) - Cross-Site Scripting / Cross-Site Request Forgery

Exploit Title: Alteon OS BBI Nortell - Multiple Vulnerabilities Date: 16 Nov 09 Author: Sintsov Alexey Software Link: downoad link if available Version: Date: Mon, 16 Nov 2009 14:01:04 +0300 Digital Security Research Group DSecRG Advisory http://dsecrg.com/pages/vul/show.php?id=161 Various XSS an...