Command injection

Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec/dbgcoreenableshellaccess and executing the "shell" command...

HawtJNI: predictable temporary file name leading to local arbitrary code execution

The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJN...

Fedora 20 : ctdb-2.5.4-2.fc20 (2014-16742)

Updated to a ctdb version which does not use /tmp anymore. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Design/Logic Flaw

Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunderbird before 31.3 on Apple OS X 10.10 omit a CoreGraphics disable-logging action that is needed by jemalloc-based applications, which allows local users to obtain sensitive information by reading /tmp files, as demonstrated by...

Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory — Mozilla

Security researcher Kent Howard reported an Apple issue present in OS X 10.10 Yosemite where log files are created by the CoreGraphics framework of OS X in the /tmp local directory. These log files contain a record of all inputs into Mozilla programs during their operation. In versions of OS X fr...

CVE-2014-8991

pip 1.3 through 1.5.6 allows local users to cause a denial of service prevention of package installation by creating a /tmp/pip-build- file for another user...

Code injection

pip 1.3 through 1.5.6 allows local users to cause a denial of service prevention of package installation by creating a /tmp/pip-build- file for another user...

CVE-2014-8991

pip 1.3 through 1.5.6 allows local users to cause a denial of service prevention of package installation by creating a /tmp/pip-build- file for another user...

Updated hawtjni packages fix security vulnerability

The HawtJNI Library class wrote native libraries to a predictable file name in /tmp/ when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJ...

CVE-2014-0476

The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option...

Input validation

The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option...

CVE-2014-0476

The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option...

CVE-2014-0476

The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option...

CVE-2014-5449

Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data...

Design/Logic Flaw

Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data...

CVE-2014-5449

Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data...

CVE-2014-5449

Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data...

CVE-2014-4386

Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access...

CVE-2014-4386

Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access...

Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (105 bytes)

Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode 105 bytes. Shellcode exploit for Linuxx86-64 platform ; =================================================================== ; Optimized version of shellcode at: ; http://shell-storm.org/shellcode/files/shellcode-867.php ; Author:...