CVE-2004-0503

Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format RTF message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to...

CVE-2003-0193

msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users to overwrite arbitrary files via a symlink attack on predictable temporary file names "word$$.html"...

CVE-2004-0502

CVE-2004-0502 affects Microsoft Outlook 2003. When replying to an email, Outlook 2003 stores certain files in a predictable location used as the src of an img tag in the original message. This behavior can allow remote attackers to bypass zone restrictions and potentially exploit other issues tha...

CVE-2004-0502

Outlook 2003, when replying to an e-mail message, stores certain files in a predictable location for the "src" of an img tag of the original message, which allows remote attackers to bypass zone restrictions and exploit other issues that rely on predictable locations, as demonstrated using a shel...

Microsoft Outlook 2003 - Predictable File Location

source: https://www.securityfocus.com/bid/10307/info Microsoft Outlook 2003 is reported to be prone to store files that are specified in img tags, in predictable locations. This may present a security risk because many known and potential Internet Explorer vulnerabilities depend on the attacker...

CVE-2004-0944

The web management interface for Mitel 3300 Integrated Communications Platform ICP before 4.2.2.11 generates easily predictable web session IDs, which allows remote attackers to hijack other sessions via the parentsessionid cookie...

AOL Instant Messenger 4.x5.x - Buddy Icon Predictable File Location

AOL Instant Messenger 4.x5.x - Buddy Icon Predictable File Location source: https://www.securityfocus.com/bid/9698/info It has been reported that AOL Instant Messenger stores imported Buddy Icons in a predictable location on client systems that may allow an attacker to facilitate further attacks...

HP-UX shar utility creates files with predictable names in "/tmp" directory

Overview The shar program distributed with some versions of the HP-UX operating system creates files insecurely. This vulnerability could allow local users to gain escalated privilege on the system. Description shar is a program commonly available on UNIX systems to create a shell script that wil...

CVE-2003-1017

Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a predictable location that is accessible to web browsers such as Internet Explorer and Opera, which allows remote attackers to read restricted files via vulnerabilities in web browsers whose exploits rely on predictable names...

CVE-2003-1391

RTS CryptoBuddy 1.0 and 1.2 uses a weak encryption algorithm for the passphrase and generates predictable keys, which makes it easier for attackers to guess the passphrase...

CVE-2003-1099

shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary files with predictable names in /tmp, which allows local users to cause a denial of service and possibly execute arbitrary code via a symlink attack...

CVE-2003-1017

CVE-2003-1017 affects Macromedia Flash Player before 7.0.19.0. The vulnerability arises because Flash data files are stored in a predictable location accessible to web browsers, allowing remote attackers to read restricted files via browser vulnerabilities that rely on predictable file names. The...

CVE-2003-0945

The Web Database Manager in web-tools for SAP DB before 7.4.03.30 generates predictable session IDs, which allows remote attackers to conduct unauthorized activities...

CVE-2003-0945

CVE-2003-0945 affects SAP DB Web-tools Web Database Manager prior to 7.4.03.30. The vulnerability stems from generating predictable session IDs in the Web Database Manager, with IDs placed in the URL, enabling remote attackers to perform unauthorized activities. The issue is addressed by SAP with...

CVE-2003-0877

Mac OS X before 10.3 with core files enabled allows local users to overwrite arbitrary files and read core files via a symlink attack on core files that are created with predictable names in the /cores directory...

Macromedia Flash Player 6.0.x - Flash Cookie Predictable File Location

Macromedia Flash Player 6.0.x - Flash Cookie Predictable File Location source: https://www.securityfocus.com/bid/8900/info Macromedia Flash Player is reported to store Flash cookies .sol files in a predictable location on client systems. Other attacks are possible given the ability to store conte...

Macromedia Flash Player 6.0.x - Flash Cookie Predictable File Location

source: https://www.securityfocus.com/bid/8900/info Macromedia Flash Player is reported to store Flash cookies .sol files in a predictable location on client systems. Other attacks are possible given the ability to store content on a system in a predictable location, such as referencing the conte...

Debian OpenSSL Predictable PRNG Bruteforce SSH Exploit (perl)

Exploit for linux platform in category remote exploits the debian openssl issue leads that there are only 65.536 possible ssh keys generated, cause the only entropy is the pid of the process generating the key. This leads to that the following perl script can be used with the precalculated ssh ke...

DEBIAN-CVE-2003-0771

Gallery.pm in Apache::Gallery aka A::G uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does...

CVE-2003-0771

Gallery.pm in Apache::Gallery aka A::G uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does...