1109 matches found
CVE-2014-2312
The main function in androidmain.cpp in thermald allows local users to write to arbitrary files via a symlink attack on /tmp/thermald.pid...
PT-2018-4199 · Intel +1 · Thermal +1
Name of the Vulnerable Software and Affected Versions: thermald affected versions not specified Description: The issue allows local users to write to arbitrary files via a symlink attack on /tmp/thermald.pid, potentially leading to unauthorized data modification. This is due to a flaw in the main...
CVE-2018-5731
An issue was discovered in Heimdal PRO 2.2.190. As part of the scanning feature, a process called md.hs writes an executable called CS1.tmp to C:\windows\TEMP. Afterwards the executable is run. It is possible for an attacker to create the file first, let md.hs overwrite it, and then rewrite the...
CVE-2017-18196
Leptonica 1.74.4 constructs unintended pathnames containing duplicated path components when operating on files in /tmp subdirectories, which might allow local users to bypass intended file restrictions by leveraging access to a directory located deeper within the /tmp directory tree, as...
CVE-2018-7441
Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junksplitimage.ps in prog/splitimage2pdf.c...
Race condition
Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junksplitimage.ps in prog/splitimage2pdf.c...
CVE-2017-18196
Leptonica 1.74.4 constructs unintended pathnames containing duplicated path components when operating on files in /tmp subdirectories, which might allow local users to bypass intended file restrictions by leveraging access to a directory located deeper within the /tmp directory tree, as...
Design/Logic Flaw
Leptonica 1.74.4 constructs unintended pathnames containing duplicated path components when operating on files in /tmp subdirectories, which might allow local users to bypass intended file restrictions by leveraging access to a directory located deeper within the /tmp directory tree, as...
CVE-2018-7441
Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junksplitimage.ps in prog/splitimage2pdf.c...
CVE-2017-18196
Leptonica 1.74.4 constructs unintended pathnames containing duplicated path components when operating on files in /tmp subdirectories, which might allow local users to bypass intended file restrictions by leveraging access to a directory located deeper within the /tmp directory tree, as...
CVE-2018-7441
Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junksplitimage.ps in prog/splitimage2pdf.c...
CVE-2018-7441
Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junksplitimage.ps in prog/splitimage2pdf.c...
PT-2018-18074 · Dan Bloomberg +1 · Leptonica +1
Name of the Vulnerable Software and Affected Versions: Leptonica versions prior to 1.75.4 Description: The issue allows local users to potentially overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, due to the use of hardcoded /tmp...
Code injection
fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on 1 /tmp/fishd.log.%s, 2 /tmp/.pac-cache.$USER, 3 /tmp/.yum-cache.$USER, or 4 /tmp/.rpm-cache.$USER...
DEBIAN-CVE-2014-3219
fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on 1 /tmp/fishd.log.%s, 2 /tmp/.pac-cache.$USER, 3 /tmp/.yum-cache.$USER, or 4 /tmp/.rpm-cache.$USER...
Linux/x86 - fork() + setreuid(0, 0) + execve(cp /bin/sh /tmp/sh; chmod 4755 /tmp/sh) Shellcode (126
/ linux/x86 shamelessly ripped from one of my unpublished exploits / / fork's, does setreuid0, 0; then execve's: /bin/sh -c "cp /bin/sh /tmp/sh; chmod 4755 /tmp/sh" hence dropping a SUID root shell in /tmp. / char shellc = / Shellcode to drop a SUID root shell in /tmp/sh. Forgive the Intel syntax...
Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (105 bytes)
; =================================================================== ; Optimized version of shellcode at: ; http://shell-storm.org/shellcode/files/shellcode-867.php ; Author: SLAE64-1351 Keyman ; Date: 14/09/2014 ; ; Length: 105 bytes got shorter by 13 bytes ; ; What's new is that some...
CVE-2014-5509
clipedit in the Clipboard module for Perl allows local users to delete arbitrary files via a symlink attack on /tmp/clipedit$$...
Design/Logic Flaw
1 oo-analytics-export and 2 oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp...
CVE-2014-5509
clipedit in the Clipboard module for Perl allows local users to delete arbitrary files via a symlink attack on /tmp/clipedit$$...