KLA10169 WLF vulnerability in Emacs

An unspecified vulnerability was found in GNU Emacs. By exploiting this vulnerability malicious users can overwrite arbitrary tmp files. This vulnerability can be exploited locally via a symlink attack. Original advisories - Related products GNU-Emacs CVE list CVE-2014-3424 warning CVE-2014-3423...

Information disclosure

The IPXPINGCOMMAND in contrib/checkipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping...

CVE-2013-0350

tmpsmtp.c in pktstat 1.8.5 allows local users to overwrite arbitrary files via a symlink attack on /tmp/smtp.log...

CVE-2014-2905

fish aka fish-shell 1.16.0 before 2.1.1 does not properly check the credentials, which allows local users to gain privileges via the universal variable socket, related to /tmp/fishd.socket.user permissions...

CVE-2014-2905

CVE-2014-2905 affects fish-shell (fish) versions prior to 2.1.1, where credentials are not properly checked over the universal variable socket (UNIX domain socket at /tmp/fishd.socket.user), enabling local privilege escalation. The root cause is improper validation of credentials when communicati...

CVE-2010-5105

The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file. NOTE: this issue might be a regression of CVE-2008-1103...

CVE-2013-2105

The Show In Browser showinbrowser gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html...

OpenJDK: insecure temporary file use in unpack200 (Libraries, 8033618)

The unpacker::redirectstdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite...

HawtJNI: predictable temporary file name leading to local arbitrary code execution

The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJN...

0A29-14-1 : NCCGroup EasyDA privilege escalation & credential disclosure vulnerability [0day]

...................................... / / | | / / / / / | |/ / / / / / / ^ / / / // | / / / / || / ...................................... 0A29-14-1 : NCCGroup EasyDA privilege escalation & credential disclosure vulnerability 0day Author: 0a29406d9794e4f9b30b3c5d6702c708 twitter.com/0a29 -...

CVE-2013-6493

The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp...

Updated perl-Capture-Tiny package fixes security vulnerability

perl-Capture-Tiny before 0.24 used files in /tmp in an insecure manner CVE-2014-1875...

Synology DiskStation Manager 4.3-x < 4.3-3810 Update 1 Multiple Vulnerabilities

According to its version number, the Synology DiskStation Manager installed on the remote host is 4.3-x equal or prior to 4.3-3810. It is, therefore, affected by the following vulnerabilities : - A remote code execution vulnerability exists in the File Station component due to improper validation...

PYSEC-2014-95

Race condition in the xdg.BaseDirectory.getruntimedir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once th...

CVE-2014-1624

Race condition in the xdg.BaseDirectory.getruntimedir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once th...

DEBIAN-CVE-2014-0027

The playwavefromsocket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information...

Information disclosure

The playwavefromsocket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information...

CVE-2014-0027

The playwavefromsocket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information...

CVE-2014-0027

The playwavefromsocket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information...

CVE-2014-0027

The playwavefromsocket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information...