280 matches found
CVE-2013-0248
The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack...
Debian Security Advisory DSA 2649-1 (lighttpd - fixed socket name in world-writable directory)
Stefan Bühler discovered that the Debian specific configuration file for lighttpd webserver FastCGI PHP support used a fixed socket name in the world-writable /tmp directory. A symlink attack or a race condition could be exploited by a malicious user on the same machine to take over the PHP contr...
OpenFabrics ibutils 1.5.7 /tmp File Clobber
OpenFabrics ibutils 1.5.7 /tmp clobbering vulnerability 3/6/2013 Larry W. Cashdollar @larry0 The infiniband diagnostic utiltiy handles files in /tmp insecurely. A malicious user can clobber root owned files with common symlink attacks. http://www.openfabrics.org/downloads/ibutils/ nobody@exdb01...
Oracle Auto Service Request File Clobber
Oracle Auto Service Request /tmp file clobbering vulnerability http://www.oracle.com/us/support/systems/premier/auto-service-request-155415.html http://docs.oracle.com/cd/E1847601/doc.220/e18478/asr.htm I noticed it creates files insecurely in /tmp using time stamps instead of mkstemp. You can...
Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : inkscape vulnerabilities (USN-1712-1)
It was discoverd that Inkscape incorrectly handled XML external entities in SVG files. If a user were tricked into opening a specially crafted SVG file, Inkscape could possibly include external files in drawings, resulting in information disclosure. CVE-2012-5656 It was discovered that Inkscape...
PT-2013-1518 · Red Hat · Red Hat Enterprise Virtualization Manager
Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise Virtualization Manager RHEV-M versions prior to 3.1 Description: The issue allows local users to gain privileges via a Trojan horse Python module, specifically deployUtil.py or vds bootstrap.py, in the /tmp/ directory when...
Code injection
@Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to execute arbitrary code via an e-mail attachment with an executable extension, leading to the creation of an executable file under tmp/...
CVE-2011-4617
virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/...
CVE-2011-3616
The getSkillname function in the eve module in Conky 1.8.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on /tmp/.cesf...
CentOS Update for xen CESA-2009:0003 centos5 i386
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
DEBIAN-CVE-2011-2533
The configure script in D-Bus aka DBus 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/...
policycoreutils: insecure temporary directory handling in seunshare
The seunsharemount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux RHEL 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to...
Fedora 14 : policycoreutils-2.0.85-19.fc14 (2011-3043)
This fixes the problem with seunshare causing applications to mistakenly use the /tmp directory in an unsafe manner. CVE-2011-1011 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically...
CVE-2010-4337
The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the 1 /tmp/gnash-configure-errors.$$, 2 /tmp/gnash-configure-warnings.$$, or 3 /tmp/gnash-configure-recommended.$$ files...
CVE-2010-4337
Removed by vendor...
CVE-2010-2027
Mathematica 7, when running on Linux, allows local users to overwrite arbitrary files via a symlink attack on 1 files within /tmp/MathLink/ or 2 /tmp/fonts$$.conf...
Firefox: Predictable /tmp pathname use
Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3.0.14 and earlier 2.x and 3.x versions, on Linux uses a predictable /tmp pathname for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded file by placing a file in a /tmp locati...
CVE-2010-0424
The editcmd function in crontab.c in 1 cronie before 1.4.4 and 2 Vixie cron vixie-cron allows local users to change the modification times of arbitrary files, and consequently cause a denial of service, via a symlink attack on a temporary file in the /tmp directory...
Insecure Saving Of Downloadable File In Mozilla Firefox (Linux)
This host is installed with Mozilla Firefox and is prone to insecure saving of downloadable file. OpenVAS Vulnerability Test $Id: secpodfirefoxinsecuresavingdownloadfile.nasl 5055 2017-01-20 14:08:39Z teissa $ Insecure Saving Of Downloadable File In Mozilla Firefox Linux Authors: Sharath S...
screenie symbolic links vulnerabilities
Temporary file /tmp/.screenie. is created in insecure way...