280 matches found
Input validation
It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations...
Ciborg gem for Ruby allows local users to write files and gain privileges via Symlink
There is a /tmp file race condition in chef/travis-cookbooks/cienvironment/perlbrew/recipes/default.rb in the ciborg gem 3.0.0 when creating /tmp/perlbrew-installer. If a malicious local user creates the file first they can overwrite the contents with their own code executing it as the ciborg...
CVE-2014-4150
The scheme48-send-definition function in cmuscheme48.el in Scheme 48 allows local users to write to arbitrary files via a symlink attack on /tmp/s48lose.tmp...
CVE-2017-16024
The sync-exec module is used to simulate childprocess.execSync in node versions 0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowing an attacker on the server to obtain confidential informati...
CVE-2017-16024
The sync-exec module is used to simulate childprocess.execSync in node versions 0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowing an attacker on the server to obtain confidential informati...
PT-2018-2613 · Dasan · Dasan Gpon Routers
Name of the Vulnerable Software and Affected Versions: Dasan GPON Routers affected versions not specified Description: An issue was discovered on Dasan GPON home routers where Command Injection can occur via the dest host parameter in a "diag action=ping" request to a "GponForm/diag Form" URI. Th...
CVE-2017-0367
Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure...
CVE-2017-0367
Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure...
CVE-2017-18196
Leptonica 1.74.4 constructs unintended pathnames containing duplicated path components when operating on files in /tmp subdirectories, which might allow local users to bypass intended file restrictions by leveraging access to a directory located deeper within the /tmp directory tree, as...
PT-2018-18074 · Dan Bloomberg +1 · Leptonica +1
Name of the Vulnerable Software and Affected Versions: Leptonica versions prior to 1.75.4 Description: The issue allows local users to potentially overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, due to the use of hardcoded /tmp...
Code injection
fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on 1 /tmp/fishd.log.%s, 2 /tmp/.pac-cache.$USER, 3 /tmp/.yum-cache.$USER, or 4 /tmp/.rpm-cache.$USER...
CVE-2017-15288
The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/$USER:shared/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges...
Phusion Passenger Denial of Service
Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service prevent application start or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem...
CVE-2015-3171
sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive...
Samba remote code execution vulnerability(CVE-2017-7494)analysis-vulnerability warning-the black bar safety net
Author: cyg07 && redrain Overview 2017 5 May 24, Samba released a 4. 6. 4 version, in the middle fix a serious remote code execution vulnerability, the vulnerability number CVE-2017-7494, the vulnerability affects Samba 3.5.0 and including 4. 6. 4/4. 5. 10/4. 4. 14 the intermediate version. 360...
glusterfs: glusterfs-server %pretrans rpm script temporary file issue
It was found that glusterfs-server RPM package would write file with predictable name into world readable /tmp directory. A local attacker could potentially use this flaw to escalate their privileges to root by modifying the shell script during the installation of the glusterfs-server package...
Malware Information Sharing Platform Insecure Temporary File Creation Vulnerability
The Malware Information Sharing Platform MISP is an open source software solution for collecting, storing, distributing and sharing cybersecurity metrics and analyzing cybersecurity events and malware. A security vulnerability exists in the app/Controller/TemplatesController.php file in MISP...
TOPSEC Firewalls - Remote Code Execution (ELIGIBLECANDIDATE)
Cookie: sessionid=command To this URL to send the POST package if the included file is saved in the/tmp directory a file named cgixxxxxx Behind the characters randomly So you can put sh script to write to the firewall of the tmp directory together with Execute permissions after execution...
Code injection
consoleinst.sh in IBM Installation Manager before 1.7.4.4 and 1.8.x before 1.8.4 and Packaging Utility before 1.7.4.4 and 1.8.x before 1.8.4 allows local users to gain privileges via a Trojan horse program that is located in /tmp with a name based on a predicted PID value...
PT-2015-6825 · Red Hat +1 · Abrt +2
Name of the Vulnerable Software and Affected Versions: ABRT versions prior to 2.7.1 Description: The issue allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp. This is related to the...