Novell eDirectory DHOST Predictable Session Cookie

This module is able to predict the next session cookie value issued by the DHOST web service of Novell eDirectory 8.8.5. An attacker can run this module, wait until the real administrator logs in, then specify the predicted cookie value to hijack their session. This module requires Metasploit:...

Mozilla Firefox < 3.0.15 / 3.5.4 Multiple Vulnerabilities

Binary data 801352.prm...

DSA-1922-1 xulrunner - several vulnerabilities

Bulletin has no description...

Firefox: Predictable /tmp pathname use

Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3.0.14 and earlier 2.x and 3.x versions, on Linux uses a predictable /tmp pathname for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded file by placing a file in a /tmp locati...

Local downloaded file tampering — Mozilla

Security researcher Jeremy Brown reported that the file naming scheme used for downloading a file which already exists in the downloads folder is predictable. If an attacker had local access to a victim's computer and knew the name of a file the victim intended to open through the Download Manage...

CVE-2009-1297

iscsidiscovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise SLE 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name...

Unrestricted file upload

Unrestricted file upload vulnerability in RADactive I-Load before 2008.2.5.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, and then sending a request for a predictable filename during a short time window...

CVE-2009-3447

Unrestricted file upload vulnerability in RADactive I-Load before 2008.2.5.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, and then sending a request for a predictable filename during a short time window...

SuSE9 Security Update : PHP4 (YOU Patch Number 11666)

This update fixes multiple bugs in PHP : - Predictable generaton of an initialization vector IV in the mcrypt extension - Additional cookie attributes could be injected via a session ID. - Specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based...

SuSE 11 Security Update : open-iscsi (SAT Patch Number 1240)

The iscsidiscovery tool created predictable temporary files which potentially allowed attackers to overwrite system files. CVE-2009-1297 Also some non-security bugs have been fixed : - synchronize startup settings - fix daemon segfault with CHAP %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

SuSE 10 Security Update : open-iscsi (ZYPP Patch Number 6455)

The iscsidiscovery tool created predictable temporary files which potentially allowed attackers to overwrite system files. CVE-2009-1297 Also several non-security bugs have been fixed : - don't fail init script if discovery fails - print correct ipconfig mask for dhcp - synchronize startup settin...

Mozilla Firefox临时文件下载可预测路径名漏洞

CVE ID: CVE-2009-3274 Firefox是一款流行的开源WEB浏览器。 运行在Linux平台上的Firefox对从“下载”窗口所选择的文件使用了可预测的/tmp路径名，本地用户可以在下载之前在/tmp位置放置文件来替换下载文件，之后用户可能受骗打开已被替换了的文件。 Mozilla Firefox 3.6 a1 Mozilla Firefox 3.5.2 厂商补丁： Mozilla ------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.mozilla.org/...

Design/Logic Flaw

Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3.0.14 and earlier 2.x and 3.x versions, on Linux uses a predictable /tmp pathname for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded file by placing a file in a /tmp locati...

CVE-2009-3274

Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3.0.14 and earlier 2.x and 3.x versions, on Linux uses a predictable /tmp pathname for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded file by placing a file in a /tmp locati...

CVE-2009-3274

Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3.0.14 and earlier 2.x and 3.x versions, on Linux uses a predictable /tmp pathname for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded file by placing a file in a /tmp locati...

Design/Logic Flaw

The getrandomint function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to...

openSUSE Security Update : open-iscsi (open-iscsi-1238)

The iscsidiscovery tool created predictable temporary files which potentially allowed attackers to overwrite system files CVE-2009-1297 . %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

Authentication flaw

The Manager in Eye-Fi 1.1.2 generates predictable snonce values based on the time of day, which allows remote attackers to bypass authentication and upload arbitrary images by guessing the snonce...

CVE-2008-7138

The Manager in Eye-Fi 1.1.2 generates predictable snonce values based on the time of day, which allows remote attackers to bypass authentication and upload arbitrary images by guessing the snonce...

CVE-2008-7138

The CVE-2008-7138 entry identifies Eye-Fi Manager 1.1.2 as affected. The issue is that the Manager generates predictable snonce values tied to the time of day, enabling remote attackers to bypass authentication and upload arbitrary images by guessing the snonce. Connected documents corroborate th...