CVE-2007-3377

CVE-2007-3377 affects the Perl module Net::DNS (pre-0.60). The issue: Net::DNS generates predictable DNS query IDs (fixed increment) and can reuse the same starting ID for all child processes of a forking server, enabling remote attackers to spoof DNS responses. Connected advisories show mitigati...

c-ares -- DNS Cache Poisoning Vulnerability

Secunia reports: The vulnerability is caused due to predictable DNS "Transaction ID" field in DNS queries and can be exploited to poison the DNS cache of an application using the library if a valid ID is guessed...

CVE-2007-2727

The mcryptcreateiv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls phprandr with an uninitialized seed variable and therefore always generates the same initialization vector IV, which might allow context-dependent attackers to decrypt...

LSAT: Insecure temporary file creation

Background The Linux Security Auditing Tool LSAT is a post install security auditor which checks many system configurations and local network settings on the system for common security or configuration errors and for packages that are not needed. Description LSAT insecurely writes in /tmp with a...

Comodo Firewall protection bypass

Application uses named pipe with changing, but predictable name which allows to manipulate protection settings...

CVE-2006-7061

Scriptsez.net E-Dating System stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read private messages and leverage them for cross-site scripting XSS attacks...

CVE-2006-7061

CVE-2006-7061 affects Scriptsez.net E-Dating System. The vulnerability stems from storing data files with predictable names under the web document root and insufficient access control, enabling remote attackers to read private messages and potentially leverage them for XSS. The connected document...

Design/Logic Flaw

The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1.5.0.9 creates temporary files with predictable filenames based on creation time, which allows remote attackers to execute arbitrary web script or HTML via a crafted XMLHttpRequest...

DEBIAN-CVE-2007-0801

The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1.5.0.9 creates temporary files with predictable filenames based on creation time, which allows remote attackers to execute arbitrary web script or HTML via a crafted XMLHttpRequest...

CVE-2006-6969

Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possib...

CVE-2007-0801

The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1.5.0.9 creates temporary files with predictable filenames based on creation time, which allows remote attackers to execute arbitrary web script or HTML via a crafted XMLHttpRequest...

CVE-2007-0801

The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1.5.0.9 creates temporary files with predictable filenames based on creation time, which allows remote attackers to execute arbitrary web script or HTML via a crafted XMLHttpRequest...

Jetty Non-random Session ID Vulnerability

Binary data 3904.prm...

clipboard bug.txt

The clipboard in QNX is world readable and writable. Although the folder containing the file is not readable for normal users the filename convention is predictable, see "clipboard bug.jpg" bash-2.05a$ ls -l /var/clipboard/muh/00000000/TTSHEOAA552983 -rw-rw-rw- 1 root root 78 Jan 04 16:27...

15061124.txt

!/usr/bin/perl INFORMATIONS ============ Affected.scr..: Cahier de texte V2.0 Poc.ID........: 15061124 Type..........: Predictable backup filename, Source disclosure Risk.level....: High Conditions....: registerglobals = on Src.download..: www.etab.ac-caen.fr/bsauveur/cahierdetexte/ Poc.link........

Cahier de texte 2.0 (Database Backup/Source Disclosure) Remote Exploit

No description provided by source. !/usr/bin/perl INFORMATIONS ============ Affected.scr..: Cahier de texte V2.0 Poc.ID........: 15061124 Type..........: Predictable backup filename, Source disclosure Risk.level....: High Conditions....: registerglobals = on Src.download..:...

Cahier de texte V2.0 SQL Code Execution Exploit

!/usr/bin/perl INFORMATIONS ============ Affected.scr..: Cahier de texte V2.0 Poc.ID........: 15061124 Type..........: Predictable backup filename, Source disclosure Risk.level....: High Conditions....: registerglobals = on Src.download..: www.etab.ac-caen.fr/bsauveur/cahierdetexte/ Poc.link........

Cahier de texte 2.0 - Database Backup Source Disclosure

Cahier de texte 2.0 - Database Backup Source Disclosure !/usr/bin/perl INFORMATIONS ============ Affected.scr..: Cahier de texte V2.0 Poc.ID........: 15061124 Type..........: Predictable backup filename, Source disclosure Risk.level....: High Conditions....: registerglobals = on Src.download..:...

Cahier de texte 2.0 (Database Backup/Source Disclosure) Remote Exploit

Exploit for unknown platform in category web applications ====================================================================== Cahier de texte 2.0 Database Backup/Source Disclosure Remote Exploit ====================================================================== !/usr/bin/perl INFORMATIONS...

Cahier de texte 2.0 - Database Backup / Source Disclosure

!/usr/bin/perl INFORMATIONS ============ Affected.scr..: Cahier de texte V2.0 Poc.ID........: 15061124 Type..........: Predictable backup filename, Source disclosure Risk.level....: High Conditions....: registerglobals = on Src.download..: www.etab.ac-caen.fr/bsauveur/cahierdetexte/ Poc.link........