2197 matches found
DEBIAN-CVE-2004-2303
MTools Mformat before 3.9.9, when installed setuid root, creates files with world-readable and world-writable permissions, which allows local users to read and overwrite files...
perl -- File::Path insecure file/directory permissions
Jeroen van Wolffelaar reports that the Perl module File::Path contains a race condition wherein traversed directories and files are temporarily made world-readable/writable...
Oracle clear text passwords (#NISR2122004D)
NGSSoftware Insight Security Research Advisory Name: Oracle 10g clear text passwords Systems Affected: Oracle 10g on all operating systems Severity: Medium Risk Vendor URL: http://www.oracle.com/ Author: David Litchfield davidl at ngssoftware.com Relates to:...
CVE-2004-0563
The tspc.conf configuration file in freenet6 before 0.9.6 and before 1.0 on Debian Linux has world readable permissions, which could allow local users to gain sensitive information, such as a username and password...
SharePoint information leak
During installation text file with cleartext password is created in world readable folder...
WinFTP weak encryption
Cleartext passwords are stored in the world readable file...
DSA-600-1 samba - arbitrary file access
Bulletin has no description...
Low: Red Hat Security Advisory: ruby security update
An updated ruby package that fixes insecure file permissions for CGI session files is now available. Ruby is an interpreted scripting language for object-oriented programming. Andres Salomon reported an insecure file permissions flaw in the CGI session management of Ruby. FileStore created world...
DSA-555-1 freenet6 - file permissions
Bulletin has no description...
Debian DSA-073-1 : imp - 3 remote exploits
The Horde team released version 2.2.6 of IMP a web-based IMAP mail program which fixes three security problems. Their release announcement describes them as follows : - A PHPLIB vulnerability allowed an attacker to provide a value for the array element $PHPLIBlibdir, and thus to get scripts from...
[ GLSA 200409-10 ] multi-gnome-terminal: Information leak
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200409-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - -...
GLSA-200409-10 : multi-gnome-terminal: Information leak
The remote host is affected by the vulnerability described in GLSA-200409-10 multi-gnome-terminal: Information leak multi-gnome-terminal contains debugging code that has been known to output active keystrokes to a potentially unsafe location. Output has been seen to show up in the...
CVE-2002-1380
Linux kernel 2.2.x allows local users to cause a denial of service crash by using the mmap function with a PROTREAD parameter to access non-readable memory pages through the /proc/pid/mem interface...
CVE-2001-0837
DeltaThree Pc-To-Phone 3.0.3 places sensitive data in world-readable locations in the installation directory, which allows local users to read the information in 1 temp.html, 2 the log folder, and 3 the PhoneBook folder...
CVE-2004-1367
Oracle 10g Database Server, when installed with a password that contains an exclamation point "!" for the 1 DBSNMP or 2 SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SY...
mozilla -- insecure permissions for some downloaded files
In a Mozilla bug report, Daniel Kleinsinger writes: I was comparing treatment of attachments opened directly from emails on different platforms. I discovered that Linux builds save attachments in /tmp with world readable rights. This doesn't seem like a good thing. Couldn't someone else logged on...
dsm light Web file browser 2.0 - Directory Traversal
source: https://www.securityfocus.com/bid/10381/info DSM Light has been reported to be prone to a directory traversal vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This issue would allow an attacker to view arbitrary, web-readable...
Citadel/UX weak permissions
Messageboxes are world readable...
CVE-2003-1460
Worker Filemanager 1.0 through 2.7 sets the permissions on the destination directory to world-readable and executable while copying data, which could allow local users to obtain sensitive information...
CVE-2003-0414
The installation of Sun ONE Application Server 7.0 for Windows 2000/XP creates a statefile with world-readable permissions, which allows local users to gain privileges by reading a plaintext password in the statefile...