DEBIAN-CVE-2005-1855

Backup Manager backup-manager before 0.5.8 creates backup files with world-readable default permissions, which allows local users to obtain sensitive information...

Debian DSA-787-1 : backup-manager - insecure permissions and tempfile

Two bugs have been found in backup-manager, a command-line driven backup utility. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-1855 Jeroen Vermeulen discovered that backup files are created with default permissions making them world readable, eve...

CVE-2005-1855

Backup Manager backup-manager before 0.5.8 creates backup files with world-readable default permissions, which allows local users to obtain sensitive information...

CVE-2005-1855

CVE-2005-1855 affects the Backup Manager (backup-manager) prior to version 0.5.8. The issue arises because backup files are created with world-readable default permissions, allowing local users to access potentially sensitive information. The Debian OpenVAS/NVD entries confirm the same behavior. ...

CVE-2005-1855

Backup Manager backup-manager before 0.5.8 creates backup files with world-readable default permissions, which allows local users to obtain sensitive information...

CVE-2004-2303

MTools Mformat before 3.9.9, when installed setuid root, creates files with world-readable and world-writable permissions, which allows local users to read and overwrite files...

CVE-2004-2337

The /.inlook/.crypt file for inlook 0.7.3 and earlier is installed with world readable permissions, which allows local users to obtain user POP3 credentials...

CVE-2004-2337

The CVE-2004-2337 entry concerns the file /.inlook/.crypt in inlook 0.7.3 and earlier, which is installed with world readable permissions. This allows local users to access POP3 credentials stored by the application. The root cause is improper permissions on the .crypt file, leading to confidenti...

kdebase -- Kate backup file permission leak

A KDE Security Advisory explains: Kate / Kwrite create a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. Depending on the system security settings, backup files might be readable by othe...

CVE-2005-2212

CVE-2005-2212 concerns Backup Manager 0.5.8a, which creates an archive repository with world-readable and world-writable permissions. This misconfiguration can let attackers modify or read the repository contents. The available sources (NVD/Red Hat/CVE entries) reiterate the same impact; no expli...

CVE-2005-2212

Backup Manager 0.5.8a creates an archive repository with world readable and writable permissions, which allows attackers to modify or read the repository...

CVE-2005-2212

Backup Manager 0.5.8a creates an archive repository with world readable and writable permissions, which allows attackers to modify or read the repository...

Debian Linux apt-setup weak permissions

apt.conf file is created world readable...

imail.cookie.txt

Neither Regular or secure mode of Imail properly give out a hash on cookies leaving the cookies straight readable to any onlookers. No exploit is needed POC: "IMailUserId 1006332dgd2@Someserver" -------------------------- "IMailpassword 1234" Straight From Cookie ^^ edited to protect user Shoutz ...

CVE-2005-2136

Raritan Dominion SX DSX Console Servers DSX16, DSX32, DSX4, DSX8, and DSXA-48 set 1 world-readable permissions for /etc/shadow and 2 world-writable permissions for /bin/busybox, which allows local users to obtain hashed passwords or execute arbitrary code as other users...

CVE-2002-1711

BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX directory, which allows local users to read other users' attachments...

CVE-2002-1713

The CVE-2002-1713 issue affects Mandrake Linux 8.2, where the Standard security setting for the Mandrake-Security package (msec) installs home directories with world-readable permissions. This local-file-permission flaw could allow a local user to view other users’ files. The connected PT-2002-24...

CVE-2001-1481

Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges...

CVE-2002-1713

The Standard security setting for Mandrake-Security package msec in Mandrake 8.2 installs home directories with world-readable permissions, which could allow local users to read other user's files...

CVE-2004-1997

CVE-2004-1997 : Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, which may be world-readable and allow local users to gain privileges. The NVD entry lists a CVSSv2 base score of 4.6 (LOCAL access, LOW attack complexity, PARTIAL confidentiality/integrity/availability impacts). ...