280 matches found
CVE-2020-11960
Xiaomi router R3600 ROM before 1.0.50 is affected by a vulnerability when checking backup file in cupload interface let attacker able to extract malicious file under any location in /tmp, lead to possible RCE and DoS...
CVE-2020-10685
A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchiv...
Unspecified Vulnerability in GitLab (CNVD-2020-25736)
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab Enterprise and...
PT-2020-6579
Name of the Vulnerable Software and Affected Versions Ansible Engine versions 2.7.17 and prior Ansible Engine versions 2.8.9 and prior Ansible Engine versions 2.9.6 and prior Description The issue is related to a race condition flaw in Ansible Engine when running a playbook with an unprivileged...
CVE-2013-4318
File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory...
Design/Logic Flaw
File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory...
CVE-2013-4318
CVE-2013-4318 affects the Ruby Gems Features package (Ruby Features 0.3.0). The issue is a file handling flaw where input submitted to /tmp/out.html is not properly validated, enabling a local cross-site scripting (XSS) attack. Some sources describe the risk as a local XSS, while others reference...
CVE-2013-4318
File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory...
CVE-2012-1105
An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner...
CVE-2014-6311
generatedoygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges...
UBUNTU-CVE-2014-6311
generatedoygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges...
Code injection
generatedoygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges...
CVE-2014-6311
generatedoygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges...
CVE-2014-6311
The CVE-2014-6311 entry describes a privilege-escalation flaw in ace prior to 6.2.7+dfsg-2 where generate_doygen.pl creates predictable file names in /tmp. The documented impact is elevated privileges for attackers who can leverage these predictable names. Affected component: ace (script generate...
CVE-2014-6311
generatedoygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges...
CVE-2013-7171
Slackware 14.0 and 14.1, and Slackware LLVM 3.0-i486-2 and 3.3-i486-2, contain world-writable permissions on the /tmp directory which could allow remote attackers to execute arbitrary code with root privileges...
CVE-2013-7171
Slackware 14.0 and 14.1, and Slackware LLVM 3.0-i486-2 and 3.3-i486-2, contain world-writable permissions on the /tmp directory which could allow remote attackers to execute arbitrary code with root privileges...
CVE-2013-7171
Slackware 14.0 and 14.1, and Slackware LLVM 3.0-i486-2 and 3.3-i486-2, contain world-writable permissions on the /tmp directory which could allow remote attackers to execute arbitrary code with root privileges...
CVE-2008-5703
gpsdrive aka gpsdrive-scripts 2.10pre4 allows local users to overwrite arbitrary files via a symlink attack on the a /tmp/.smswatch or b /tmp/gpsdrivepos temporary file, related to 1 examples/gpssmswatch and 2 src/splash.c, different vectors than CVE-2008-4959 and CVE-2008-5380...
CVE-2016-10799
cPanel before 58.0.4 does not set the Pear tmp directory during a PHP installation SEC-137...