CVE-2002-0120

Apple Palm Desktop 4.0b76 and 4.0b77 creates world-readable backup files and folders when a hotsync is performed, which could allow a local user to obtain sensitive information...

CVE-2002-0377

Gaim 0.57 stores sensitive information in world-readable and group-writable files in the /tmp directory, which allows local users to access MSN web email accounts of other users who run Gaim by reading authentication information from the files...

Cedric Email Reader 0.2/0.3 - Skin Configuration Script Remote File Inclusion

source: https://www.securityfocus.com/bid/6818/info It has been reported that Cedric Email Reader is prone to an issue that may allow remote attackers to include malicious files located on remote servers. This issue is present in the 'email.php' script. Under some circumstances, it is possible fo...

CVE-2002-1711

BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX directory, which allows local users to read other users' attachments...

CVE-2002-1892

NETGEAR FVS318 running firmware 1.1 stores the username and password in a readable format when a backup of the configuration file is made, which allows local users to obtain sensitive information...

CVE-2002-1970

SnortCenter 0.9.5, when configured to push Snort rules, stores the rules in a temporary file with world-readable and world-writable permissions, which allows local users to obtain usernames and passwords for the alert database servers...

PT-2002-2435 · Mandrake · Mandrake

Name of the Vulnerable Software and Affected Versions: Mandrake versions 8.2 Description: The Standard security setting for the Mandrake-Security package installs home directories with world-readable permissions. This could allow local users to read other users' files. Recommendations: For Mandra...

CVE-2002-1380

Linux kernel 2.2.x allows local users to cause a denial of service crash by using the mmap function with a PROTREAD parameter to access non-readable memory pages through the /proc/pid/mem interface...

QNX Photon Weak Permissions

Clipboard content is stored in world readable file...

CVE-2002-0849

Linux-iSCSI iSCSI implementation installs the iscsi.conf file with world-readable permissions on some operating systems, including Red Hat Linux Limbo Beta 1, which could allow local users to gain privileges by reading the cleartext CHAP password...

Mac OS X Finder creates world-readable ".FBCIndex" file thereby disclosing sensitive information

Overview Mac OS X's Find-By-Content indexing may store file data where it can be served to remote users by Apache. Description The Find-By-Content feature of Mac OS X generates indexing data from the contents of files in each directory. It then stores the indexing data for each directory in a...

CVE-2002-0565

Oracle 9iAS 1.0.2.x compiles JSP files in the pages directory with world-readable permissions under the web root, which allows remote attackers to obtain sensitive information derived from the JSP code, including usernames and passwords, via a direct HTTP request to pages...

CVE-2001-1175

vipw in the util-linux package before 2.10 causes /etc/shadow to be world-readable in some cases, which would make it easier for local users to perform brute force password guessing...

CVE-2001-1175

CVE-2001-1175 : In vipw from the util-linux package, before version 2.10, editing /etc/shadow could leave the file world-readable in some cases, enabling local users to more easily perform brute-force password guessing. Supported details in connected docs show Red Hat advisories (RHSA-2001:95, 13...

CVE-2002-0565

The CVE-2002-0565 incident concerns Oracle 9iAS 1.0.2.x, where JSP files compiled under the web root in the _pages directory are world-readable. This enables remote attackers to read JSP source and derive sensitive information (e.g., usernames and passwords) via a direct HTTP request to _pages. T...

CVE-2002-0565

Oracle 9iAS 1.0.2.x compiles JSP files in the pages directory with world-readable permissions under the web root, which allows remote attackers to obtain sensitive information derived from the JSP code, including usernames and passwords, via a direct HTTP request to pages...

CVE-2002-0377

Gaim 0.57 stores sensitive information in world-readable and group-writable files in the /tmp directory, which allows local users to access MSN web email accounts of other users who run Gaim by reading authentication information from the files...

Hosting Controller 1.x - DSNManager Directory Traversal

source: https://www.securityfocus.com/bid/4759/info Hosting Controller is an application which consolidates all hosting tasks into one interface. Hosting Controller runs on Microsoft Windows operating systems. The DSNManager script does not sufficiently filter dot-dot-slash ../ sequences from URL...

CVE-2002-0225

tacplus Tacacs+ daemon F4.0.4.alpha, originally maintained by Cisco, creates files from the accounting directive with world-readable and writable permissions, which allows local users to access and modify sensitive files...

Weak permissions in gaim

During message reading world readable file is created in /tmp...