AVideo Affected by Unauthenticated Disk Space Exhaustion via Unlimited Temp File Creation in aVideoEncoderChunk.json.php

Summary The aVideoEncoderChunk.json.php endpoint is a completely standalone PHP script with no authentication, no framework includes, and no resource limits. An unauthenticated remote attacker can send arbitrary POST data which is written to persistent temp files in /tmp/ with no size cap, no rat...

EUVD-2026-7447

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in ReadSFWImage coders/sfw.c, when temporary file creation fails, readinfo is destroyed before its filename member is accessed, causing a NULL pointer dereferen...

NULL Pointer Dereference

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

NULL Pointer Dereference

Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

Linux Distros Unpatched Vulnerability : CVE-2020-29582

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and...

CVE-2023-1713 Bitrix24 Remote Command Execution (RCE) via Insecure Temporary File Creation

Insecure temporary file creation in bitrix/modules/crm/lib/order/import/instagram.php in Bitrix24 22.0.300 hosted on Apache HTTP Server allows remote authenticated attackers to execute arbitrary code via uploading a crafted ".htaccess" file...

RESTEasy: creation of insecure temp files

In RESTEasy the insecure File.createTempFile is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user...

RESTEasy: creation of insecure temp files

In RESTEasy the insecure File.createTempFile is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user...

RESTEasy: creation of insecure temp files

In RESTEasy the insecure File.createTempFile is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user...

CVE-2021-38587

In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creation of temporary files SEC-586...

Inteno IOPSYS - (Authenticated) Local Privilege Escalation Exploit

Exploit for linux platform in category local exploits !/usr/bin/python import json import sys import subprocess import socket import os from websocket import createconnection def ubusAuthhost, username, password: ws = createconnection"ws://" + host, header = "Sec-WebSocket-Protocol: ubus-json" re...

rpi-update symlink vulnerability

Unsafe temp file creation...

Mandrake Linux Security Advisory : cups (MDKSA-2001:023)

A number of problems were found by the SuSE security team recently during an internal audit of the CUPS printing package. These problems have been resolved with the latest CUPS release which include temp file creation vulnerabilities, potential buffer overflows, and other security enhancements. I...

Another Solaris 10 Patch Cluster Symlink Attack

Larry W. Cashdollar 8/6/2012 Here is another symlink attack with temp file creation using process id in Solaris 10 patch cluster. You can over write the contents of root owned files with the contents of inetd.conf. In patches/137097-01/SUNWcsr/reloc/lib/svc/method/inetd-upgrade lines : 72...

Debian Security Advisory DSA 016-1 (wu-ftpd)

The remote host is missing an update to wu-ftpd announced via advisory DSA 016-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Core 5 : mutt-1.4.2.1-7.fc5 (2006-1061)

Tue Oct 24 2006 Miroslav Lichvar 5:1.4.2.1-7.fc5 - fix insecure temp file creation on NFS 211085, CVE-2006-5297 - Thu Jun 29 2006 Miroslav Lichvar 5:1.4.2.1-6.3.fc5 - fix a buffer overflow when processing IMAP namespace 197152, CVE-2006-3242 Note that Tenable Network Security has extracted the...

Fedora Core 6 : mutt-1.4.2.2-3.fc6 (2006-1063)

Tue Oct 24 2006 Miroslav Lichvar 5:1.4.2.2-3 - fix insecure temp file creation on NFS 211085, CVE-2006-5297 - Thu Aug 3 2006 Miroslav Lichvar 5:1.4.2.2-2 - fix a SASL authentication bug 199591 - Mon Jul 17 2006 Miroslav Lichvar 5:1.4.2.2-1 - update to 1.4.2.2 - fix directories in manual.txt...

Debian DSA-016-3 : wu-ftpd - temp file creation and format string

Security people at WireX have noticed a temp file creation bug and the WU-FTPD development team has found a possible format string bug in wu-ftpd. Both could be remotely exploited, though no such exploit exists currently. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text a...

[SECURITY] [DSA 279-1] New metrics packages fix insecure temporary file creation

-------------------------------------------------------------------------- Debian Security Advisory DSA 279-1 [email protected] http://www.debian.org/security/ Martin Schulze April 7th, 2003 http://www.debian.org/security/faq -...