15 matches found
CVE-2025-66384
app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmpname...
EUVD-2014-2315
Malware in sbrugna...
Palo Alto Networks PAN-OS 8.1.x < 8.1.13 Vulnerability
The version of Palo Alto Networks PAN-OS running on the remote host is 8.1.x prior to 8.1.13. It is, therefore, affected by a vulnerability. - A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation. This issue allows a local attacker who bypassed the restricted...
CVE-2020-1981
A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation. This issue allows a local attacker who bypassed the restricted shell to execute commands as a low privileged user and gain root access on the PAN-OS hardware or virtual appliance. This issue affects only...
Privilege escalation
A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation. This issue allows a local attacker who bypassed the restricted shell to execute commands as a low privileged user and gain root access on the PAN-OS hardware or virtual appliance. This issue affects only...
CVE-2018-17955
CVE-2018-17955 affects yast2-multipath prior to version 4.1.1. The vulnerability arises from a static temporary filename that allows local attackers to overwrite files on systems without symlink protection. Impact is described as local complete/partial integrity on affected files with potential a...
openSUSE Security Update : supportutils (openSUSE-2019-293)
This update for supportutils fixes the following issues : Security issues fixed : - CVE-2018-19640: Fixed an issue where users could kill arbitrary processes bsc1118463. - CVE-2018-19638: Fixed an issue where users could overwrite arbitrary log files bsc1118460. - CVE-2018-19639: Fixed a code...
UBUNTU-CVE-2014-2277
The maketemporaryfilename function in perltidy 20120701-1 and earlier allows local users to obtain sensitive information or write to arbitrary files via a symlink attack, related to use of the tmpnam function...
UBUNTU-CVE-2016-10345
In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user...
Thinksns2. 8 file upload exploit exp-vulnerability warning-the black bar safety net
Vulnerability version The presence of vulnerabilities the version: latest 2. 8 stable version. Other version not test. Vulnerability file Vulnerable file is: thumb.php Author: Wei kunpeng 1, Prepare the following PHP file and upload it to the server yourself. File content as follows: ? php echo “...
OpenVAS Scanner Symlink Attack Local Privilege Escalation Vulnerability
This host is installed with OpenVAS Scanner and is prone to privilege escalation vulnerability. OpenVAS Vulnerability Test $Id: gbopenvasscannerprevesclvuln.nasl 7823 2017-11-20 08:54:04Z cfischer $ OpenVAS Scanner Symlink Attack Local Privilege Escalation Vulnerability Authors: Antu Sanadi...
OpenVAS Scanner Symlink Attack Local Privilege Escalation Vulnerability
OpenVAS Scanner is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Design/Logic Flaw
uulib/uunconc.c in UUDeview 0.5.20, as used in nzbget before 0.3.0 and possibly other products, allows local users to overwrite arbitrary files via a symlink attack on a temporary filename generated by the tempnam function. NOTE: this may be a CVE-2004-2265 regression...
CVE-2008-2266
uulib/uunconc.c in UUDeview 0.5.20, as used in nzbget before 0.3.0 and possibly other products, allows local users to overwrite arbitrary files via a symlink attack on a temporary filename generated by the tempnam function. NOTE: this may be a CVE-2004-2265 regression...
[BUGZILLA] Security advisory for Bugzilla < 2.16.11
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bugzilla Security Advisory ========================== December 27, 2005 Summary ======= Bugzilla is a Web-based bug-tracking system, used by a large number of software projects. This advisory covers an insecure temporary filename handling issue in...