CVE-1999-1545

Joe's Own Editor joe 2.8 sets the world-readable permission on its crash-save file, DEADJOE, which could allow local users to read files that were being edited by other users...

CVE-1999-1052

Microsoft FrontPage stores form results in a default location in /private/formresults.txt, which is world-readable and accessible in the document root, which allows remote attackers to read possibly sensitive information submitted by other users...

CVE-1999-1405

snap command in AIX before 4.3.2 creates the /tmp/ibmsupt directory with world-readable permissions and does not remove or clear the directory when snap -a is executed, which could allow local users to access the shadowed password file by creating /tmp/ibmsupt/general/passwd before root runs snap...

CVE-2001-1017

rmuser utility in FreeBSD 4.2 and 4.3 creates a copy of the master.passwd file with world-readable permissions while updating the original file, which could allow local users to gain privileges by reading the copied file while rmuser is running, obtain the password hashes, and crack the passwords...

Basilix Webmail 1.0 - File Disclosure

Basilix Webmail 1.0 - File Disclosure source: https://www.securityfocus.com/bid/2995/info Basilix is a web-based mail application. It offers features such as mail attachments, address book, multiple language and theme support. During operation, Basilix opens a PHP include file using a variable as...

CVE-2001-0496

kdesu in kdelibs package creates world readable temporary files containing authentication info, which can allow local users to gain privileges...

CVE-2001-0496

kdesu in kdelibs package creates world readable temporary files containing authentication info, which can allow local users to gain privileges...

CVE-2001-0195

sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking...

Important: Red Hat Security Advisory: : Updated mount package available

Updated mount packages fixing a potential security problem are available. If any swap files were created during installation of Red Hat Linux 7.1 they were created during updates if the user requested it, they were world-readable, meaning every user could read data in the swap files, possibly...

Дырка в iPlanet Calendar (readable passwords)

Пароли администрирования хранятся в файле открытом на чтение...

iplanet calendar server 5.0p2 exposes Netscape Admin Server master password

at the time of writing, 5.0p2 is the currently available revision on iplanet's download site. the problem: the standard install of iPlanet Calendar server stores the NAS LDAP admin username and password in plaintext in the world readable file: -rw-r--r-- 1 icsuser icsgroup 37882 Feb 20 10:18...

CVE-2001-0195

sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking...

Дырка в sash в Debian

При копировании /etc/shadow создаются файлы открытые на чтение...

CVE-2000-0925

The CVE-2000-0925 entry concerns SmartWin CyberOffice Shopping Cart 2 (CyberShop). The available documents state that the default installation creates a _private directory with world-readable permissions, which allows remote attackers to obtain sensitive information. No further technical specific...

CVE-2000-0925

The default installation of SmartWin CyberOffice Shopping Cart 2 aka CyberShop installs the private directory with world readable permissions, which allows remote attackers to obtain sensitive information...

CVE-2000-0936

Samba Web Administration Tool SWAT in Samba 2.0.7 installs the cgi.log logging file with world readable permissions, which allows local users to read sensitive information such as user names and passwords...

CVE-2000-1156

StarOffice 5.2 follows symlinks and sets world-readable permissions for the /tmp/soffice.tmp directory, which allows a local user to read files of the user who is using StarOffice...

CVE-2000-1148

The installation of VolanoChatPro chat server sets world-readable permissions for its configuration file and stores the server administrator passwords in plaintext, which allows local users to gain privileges on the server...

CVE-2000-0925

The default installation of SmartWin CyberOffice Shopping Cart 2 aka CyberShop installs the private directory with world readable permissions, which allows remote attackers to obtain sensitive information...

CVE-2000-1156

CVE-2000-1156 affects StarOffice 5.2. StarOffice 5.2 follows symlinks and creates a world-readable /tmp/soffice.tmp directory, enabling a local user to read files belonging to the user running StarOffice. The provided sources describe the vulnerability condition but do not specify a vendor patch ...