279 matches found
SUSE CVE-2018-18398
Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey input method for file searches within File Manager, leading to an out-of-bounds read and SEGV. This could potentially be exploited by an arbitrary local user who creates files in /tmp before the victim uses this input method...
SUSE CVE-2020-1733
A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask...
SUSE CVE-2021-31154
pleaseedit in please before 0.4 uses predictable temporary filenames in /tmp and the target directory. This allows a local attacker to gain full root privileges by staging a symlink attack...
SUSE CVE-2021-36983
replay-sorcery-kms in Replay Sorcery 0.6.0 allows a local attacker to gain root privileges via a symlink attack on /tmp/replay-sorcery or /tmp/replay-sorcery/device.sock...
SUSE CVE-2022-29187
Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when...
Command injection
An issue in ASKEY router RTF3505VW-N1 BRSVg000R3505VMN1001s327 allows attackers to escalate privileges via running the tcpdump command after placing a crafted file in the /tmp directory and sending crafted packets through port 80...
ASKEY RTF3505VW-N1 Privilege Escalation Vulnerability
Exploit Title: ASKEY RTF3505VW-N1 - Privilege escalation Exploit Author: Leonardo Nicolas Servalli Vendor Homepage: www.askey.com Platform: ASKEY router devices RTF3505VW-N1 Tested on: Firmware BRSVg000R3505VMN1001s327 Vulnerability analysis:...
PT-2023-7452 · Zyxel · Zyxel Vpn +1
Name of the Vulnerable Software and Affected Versions: Zyxel USG FLEX series firmware versions 4.50 through 5.35 Zyxel VPN series firmware versions 4.30 through 5.35 Description: A path traversal vulnerability in the account print.cgi CGI program could allow a remote authenticated attacker with...
Creation of Temporary File With Insecure Permissions
Overview Affected versions of this package are vulnerable to Creation of Temporary File With Insecure Permissions. A knowledgeable local user can locate temporary files created when a scheduled file is read. While they are in use, the user will be able to read the schedule being processed by MPXJ...
EulerOS 2.0 SP10 : git (EulerOS-SA-2022-2680)
According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerab...
DEBIAN-CVE-2022-29187
Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when...
The vulnerability in the LDAP Account Manager web application exists due to the lack of measures taken to neutralize special elements. This allows attackers to execute arbitrary code on the host by writing the web interface to the /lam/tmp/ directory.
The vulnerability of the LDAP Account Manager web application exists due to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on the host by writing it into the web interface’s directory at /lam/tmp/...
CVE-2022-31087
LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the tmp directory, which is accessible by /lam/tmp/, allows interpretation of .php and .php5/.php4/.phpt/etc files. An attacker capable of writing...
CVE-2022-31087 Incorrect Default Permissions in ldap-account-manager
LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the tmp directory, which is accessible by /lam/tmp/, allows interpretation of .php and .php5/.php4/.phpt/etc files. An attacker capable of writing...
PT-2022-3281 · Unknown · Ldap Account Manager
Name of the Vulnerable Software and Affected Versions: LDAP Account Manager versions prior to 8.0 Description: The issue allows an attacker to gain code execution on the host by writing a web-shell into the tmp directory, accessible via /lam/tmp/. This directory allows interpretation of .php file...
Incorrect Default Permissions in Apache Commons FileUpload
The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack...
GHSA-42GQ-H7XJ-33R4 Features file injection vulnerability
File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory...
Features file injection vulnerability
File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory...
GHSA-VXF2-7RC3-PXMX Cheetah Path Search Order Hijacking
Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules before using the paths in the PYTHONPATH variable, which allows local users to execute arbitrary code via a malicious module in /tmp/...
Cheetah Path Search Order Hijacking
Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules before using the paths in the PYTHONPATH variable, which allows local users to execute arbitrary code via a malicious module in /tmp/...