CVE-2005-4683

PADL MigrationTools 46, when a failure occurs, stores contents of /etc/shadow in a world-readable /tmp/nis.$$.ldif file, and possibly other sensitive information in other temporary files, which are not properly managed by 1 migrateallonline.sh, 2 migratealloffline.sh, 3 migrateallnetinfoonline.sh...

Ubuntu 4.10 / 5.04 / 5.10 : fetchmail vulnerability (USN-215-1)

Thomas Wolff and Miloslav Trmac discovered a race condition in the fetchmailconf program. The output configuration file was initially created with insecure permissions, and secure permissions were applied after writing the configuration into the file. During this time, the file was world readable...

Code injection

Dave Nielsen and Patrick Breitenbach PayPal Web Services aka PHP Toolkit 0.50 and possibly earlier has 1 world-readable permissions for ipn/logs/ipnsuccess.txt, which allows local users to view sensitive information payment data, and 2 world-writable permissions for ipn/logs, which allows local...

CVE-2006-0202

CVE-2006-0202 affects PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier. The issue is due to insecure filesystem permissions: ipn/logs/ipn_success.txt is world-readable, allowing local users to view payment data, and ipn/logs is world-writable, enabling local users to delete or repl...

CVE-2006-0202

Dave Nielsen and Patrick Breitenbach PayPal Web Services aka PHP Toolkit 0.50 and possibly earlier has 1 world-readable permissions for ipn/logs/ipnsuccess.txt, which allows local users to view sensitive information payment data, and 2 world-writable permissions for ipn/logs, which allows local...

CVE-2005-4659

IPCop aka IPCop Firewall before 1.4.10 has world-readable permissions for the backup.key file, which might allow local users to overwrite system configuration files and gain privileges by creating a malicious encrypted backup archive owned by "nobody", then executing ipcoprscfg to restore from th...

CVE-2005-4683

PADL MigrationTools 46, when a failure occurs, stores contents of /etc/shadow in a world-readable /tmp/nis.$$.ldif file, and possibly other sensitive information in other temporary files, which are not properly managed by 1 migrateallonline.sh, 2 migratealloffline.sh, 3 migrateallnetinfoonline.sh...

DEBIAN-CVE-2005-4683

PADL MigrationTools 46, when a failure occurs, stores contents of /etc/shadow in a world-readable /tmp/nis.$$.ldif file, and possibly other sensitive information in other temporary files, which are not properly managed by 1 migrateallonline.sh, 2 migratealloffline.sh, 3 migrateallnetinfoonline.sh...

CVE-2005-4683

PADL MigrationTools 46, when a failure occurs, stores contents of /etc/shadow in a world-readable /tmp/nis.$$.ldif file, and possibly other sensitive information in other temporary files, which are not properly managed by 1 migrateallonline.sh, 2 migratealloffline.sh, 3 migrateallnetinfoonline.sh...

BasiliX Attachment Disclosure Vulnerability

The remote web server contains a series of PHP scripts that are prone to information disclosure. Description : The remote host appears to be running a BasiliX version 1.1.0 or lower. Such versions save attachments by default under SPDX-FileCopyrightText: 2004 George A. Theall Some text descriptio...

x-news 1

The remote web server contains a PHP application that is prone to information disclosure. Description : X-News is a news management system, written in PHP. X-News uses a flat-file database to store information. It will run on most Unix and Linux variants, as well as Microsoft Windows operating...

PHP-Nuke security vulnerability (bb_smilies.php)

The remote host seems to be vulnerable to a security problem in PHP-Nuke bbsmilies.php. The vulnerability is caused by inadequate processing of queries by PHP-Nuke SPDX-FileCopyrightText: 2001 SecuriTeam Some text descriptions might be excerpted from a referenced sources, and are Copyright C by t...

fetchmail fetchmailconf race conditions

During configuration file creation there are race conditions file is world readable...

fetchmail security announcement 2005-02 (CVE-2005-3088)

fetchmail-SA-2005-02: security announcement Topic: password exposure in fetchmailconf Author: Matthias Andree Version: 1.02 Announced: 2005-10-21 Type: insecure creation of file Impact: passwords are written to a world-readable file Danger: medium Credits: Thomas Wolff, Miloslav Trmac for pointin...

CVE-2005-3088

fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords...

DEBIAN-CVE-2005-3088

fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords...

CVE-2005-3088

CVE-2005-3088 affects fetchmail and its fetchmailconf component. The advisory describes that, in versions prior to the fixes noted in references, configuration files are created with insecure world-readable permissions, allowing local users to read sensitive data such as passwords. OpenVAS and di...

CVE-2005-3088

fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords...

CVE-2005-3179

drm.c in Linux kernel 2.6.10 to 2.6.13 creates a debug file in sysfs with world-readable and world-writable permissions, which allows local users to enable DRM debugging and obtain sensitive information...

DEBIAN-CVE-2005-3147

StoreBackup before 1.19 creates the backup root with world-readable permissions, which allows local users to obtain sensitive information...