Lucene search
K

280 matches found

Prion
Prion
added 2018/09/11 2:29 p.m.18 views

Input validation

It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations...

4.6CVSS7.3AI score0.00303EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2018/07/23 7:50 p.m.26 views

Ciborg gem for Ruby allows local users to write files and gain privileges via Symlink

There is a /tmp file race condition in chef/travis-cookbooks/cienvironment/perlbrew/recipes/default.rb in the ciborg gem 3.0.0 when creating /tmp/perlbrew-installer. If a malicious local user creates the file first they can overwrite the contents with their own code executing it as the ciborg...

5.5CVSS5.5AI score0.00379EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVE
added 2018/07/20 5:0 p.m.36 views

CVE-2014-4150

The scheme48-send-definition function in cmuscheme48.el in Scheme 48 allows local users to write to arbitrary files via a symlink attack on /tmp/s48lose.tmp...

5.5CVSS5.3AI score0.00463EPSS
Exploits0
NVD
NVD
added 2018/06/04 7:29 p.m.21 views

CVE-2017-16024

The sync-exec module is used to simulate childprocess.execSync in node versions 0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowing an attacker on the server to obtain confidential informati...

6.5CVSS6.3AI score0.02557EPSS
Exploits0References4
Cvelist
Cvelist
added 2018/06/04 7:0 p.m.30 views

CVE-2017-16024

The sync-exec module is used to simulate childprocess.execSync in node versions 0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowing an attacker on the server to obtain confidential informati...

6.2AI score0.02557EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2018/05/03 12:0 a.m.8 views

PT-2018-2613 · Dasan · Dasan Gpon Routers

Name of the Vulnerable Software and Affected Versions: Dasan GPON Routers affected versions not specified Description: An issue was discovered on Dasan GPON home routers where Command Injection can occur via the dest host parameter in a "diag action=ping" request to a "GponForm/diag Form" URI. Th...

10CVSS10AI score0.99948EPSS
Exploits7References19
NVD
NVD
added 2018/04/13 4:29 p.m.25 views

CVE-2017-0367

Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure...

8.8CVSS8.7AI score0.01862EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2018/04/13 4:0 p.m.37 views

CVE-2017-0367

Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure...

8.8CVSS8.7AI score0.01862EPSS
Exploits0
OSV
OSV
added 2018/02/23 9:29 p.m.23 views

CVE-2017-18196

Leptonica 1.74.4 constructs unintended pathnames containing duplicated path components when operating on files in /tmp subdirectories, which might allow local users to bypass intended file restrictions by leveraging access to a directory located deeper within the /tmp directory tree, as...

3.3CVSS4.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2018/02/23 12:0 a.m.3 views

PT-2018-18074 · Dan Bloomberg +1 · Leptonica +1

Name of the Vulnerable Software and Affected Versions: Leptonica versions prior to 1.75.4 Description: The issue allows local users to potentially overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, due to the use of hardcoded /tmp...

9.8CVSS6.8AI score0.03739EPSS
Exploits3References32
Prion
Prion
added 2018/02/09 10:29 p.m.12 views

Code injection

fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on 1 /tmp/fishd.log.%s, 2 /tmp/.pac-cache.$USER, 3 /tmp/.yum-cache.$USER, or 4 /tmp/.rpm-cache.$USER...

4.3CVSS6.7AI score0.0044EPSS
Exploits0References10Affected Software2
OSV
OSV
added 2017/11/15 4:29 p.m.22 views

CVE-2017-15288

The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/$USER:shared/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges...

7.8CVSS6.8AI score
Exploits0References19
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.26 views

Phusion Passenger Denial of Service

Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service prevent application start or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem...

4.6CVSS6.1AI score0.004EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2017/07/25 6:0 p.m.24 views

CVE-2015-3171

sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive...

5.1AI score0.00342EPSS
Exploits0References2
myhack58
myhack58
added 2017/05/25 12:0 a.m.971 views

Samba remote code execution vulnerability(CVE-2017-7494)analysis-vulnerability warning-the black bar safety net

Author: cyg07 && redrain Overview 2017 5 May 24, Samba released a 4. 6. 4 version, in the middle fix a serious remote code execution vulnerability, the vulnerability number CVE-2017-7494, the vulnerability affects Samba 3.5.0 and including 4. 6. 4/4. 5. 10/4. 4. 14 the intermediate version. 360...

3.2AI score0.99448EPSS
Exploits24
RedHat Linux
RedHat Linux
added 2017/03/23 5:18 a.m.7 views

glusterfs: glusterfs-server %pretrans rpm script temporary file issue

It was found that glusterfs-server RPM package would write file with predictable name into world readable /tmp directory. A local attacker could potentially use this flaw to escalate their privileges to root by modifying the shell script during the installation of the glusterfs-server package...

7.8CVSS5.7AI score0.00457EPSS
Exploits0References4
CNVD
CNVD
added 2016/09/05 12:0 a.m.4 views

Malware Information Sharing Platform Insecure Temporary File Creation Vulnerability

The Malware Information Sharing Platform MISP is an open source software solution for collecting, storing, distributing and sharing cybersecurity metrics and analyzing cybersecurity events and malware. A security vulnerability exists in the app/Controller/TemplatesController.php file in MISP...

10CVSS6.5AI score0.02268EPSS
Exploits0References1
seebug.org
seebug.org
added 2016/08/24 12:0 a.m.14 views

TOPSEC Firewalls - Remote Code Execution (ELIGIBLECANDIDATE)

Cookie: sessionid=command To this URL to send the POST package if the included file is saved in the/tmp directory a file named cgixxxxxx Behind the characters randomly So you can put sh script to write to the firewall of the tmp directory together with Execute permissions after execution...

6.9AI score
Exploits0
Prion
Prion
added 2016/01/02 5:59 a.m.9 views

Code injection

consoleinst.sh in IBM Installation Manager before 1.7.4.4 and 1.8.x before 1.8.4 and Packaging Utility before 1.7.4.4 and 1.8.x before 1.8.4 allows local users to gain privileges via a Trojan horse program that is located in /tmp with a name based on a predicted PID value...

6.2CVSS6.8AI score0.0042EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2015/11/23 12:0 a.m.4 views

PT-2015-6825 · Red Hat +1 · Abrt +2

Name of the Vulnerable Software and Affected Versions: ABRT versions prior to 2.7.1 Description: The issue allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp. This is related to the...

6.9CVSS5.9AI score0.03268EPSS
Exploits18References28
Rows per page
Query Builder