1123 matches found
CVE-2010-0424
The editcmd function in crontab.c in 1 cronie before 1.4.4 and 2 Vixie cron vixie-cron allows local users to change the modification times of arbitrary files, and consequently cause a denial of service, via a symlink attack on a temporary file in the /tmp directory...
Phpwind7.5 后台本地包含漏洞
文件:hack\rate\admin.php 源码: ?php !functionexists'readover' && exit'Forbidden'; define "HR", RP . "hack/rate/" ; define "LR", RP . "lib/" ; InitGP array 'ajax' ; $action = strtolower $job ? $job : "admin" ; $filepath = HR . "action/" . $action . "Action.php"; ! fileexists $filepath && exit ; if $jo...
linux/x86 cp /bin/sh /tmp/katy
No description provided by source. / Linux/x86 /bin/cp /bin/sh /tmp/katy ; chmod 4555 /tmp/sh using fork / include stdio.h char shellcode = "\xeb\x5e\x5f\x31\xc0\x88\x47\x07\x88\x47\x0f\x88\x47\x19\x89\x7f" "\x1a\x8d\x77\x08\x89\x77\x1e\x31\xf6\x8d\x77\x10\x89\x77\x22\x89"...
Unrestricted file upload
Unrestricted file upload vulnerability in ofcuploadimage.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when registerglobals is enabled, allows remote authenticated users to...
CVE-2009-4140
CVE-2009-4140 affects Open Flash Chart’s ofc_upload_image.php in Open Flash Chart v2 Beta1 through v2 Lug Wyrm Charmer, used by Piwik 0.2.35–0.4.3 and Woopra Plugin before 1.4.3.2. The issue is an unrestricted file upload when register_globals is enabled, allowing remote authenticated users to up...
CVE-2009-4135
The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp...
CVE-2009-4135
The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp...
CVE-2009-4135
The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp...
CVE-2009-4193
Merkaartor 0.14 allows local users to append data to arbitrary files via a symlink attack on the /tmp/merkaartor.log temporary file...
Design/Logic Flaw
Merkaartor 0.14 allows local users to append data to arbitrary files via a symlink attack on the /tmp/merkaartor.log temporary file...
CVE-2009-4193
Merkaartor 0.14 allows local users to append data to arbitrary files via a symlink attack on the /tmp/merkaartor.log temporary file...
Insecure Saving Of Downloadable File In Mozilla Firefox (Linux)
This host is installed with Mozilla Firefox and is prone to insecure saving of downloadable file. OpenVAS Vulnerability Test $Id: secpodfirefoxinsecuresavingdownloadfile.nasl 5055 2017-01-20 14:08:39Z teissa $ Insecure Saving Of Downloadable File In Mozilla Firefox Linux Authors: Sharath S...
CVE-2009-3274
CVE-2009-3274 affects Mozilla Firefox on Linux. The vulnerability arises because the Downloads window selects files using a predictable "/tmp" pathname, allowing a local attacker to replace an arbitrary downloaded file by pre-placing a file in /tmp before the download occurs (related to the Downl...
screenie symbolic links vulnerabilities
Temporary file /tmp/.screenie. is created in insecure way...
rgmanager: multiple insecure temporary file use issues
Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager aka rgmanager before 2.03.09-1, gfs2-utils before 2.03.09-1, and CMAN - The Cluster Manager before 2.03.09-1 on...
openSUSE Security Update : sblim-sfcb (sblim-sfcb-505)
A tmp file race condition in the genSslCerts.sh helper script could be used by local attackers to gain root privileges. CVE-2009-0416 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...
openSUSE Security Update : valgrind (valgrind-321)
valgrind reads a file .valgrindrc in the current directory. Therefore local users could place such a file a world-writable directory such as /tmp and influence other users' valgrind when it's executed there CVE-2008-4865. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text a...
PulseAudio (setuid) Priv. Escalation Exploit (ubu/9.04)(slack/12.2.0)
No description provided by source. PulseAudio setuid Local Privilege Escalation Vulnerability http://www.securityfocus.com/bid/35721 Credit for discovery of bug: Tavis Ormandy, Julien Tinnes and Yorick Koster -- Put files in /tmp/pulseaudio-exp or change config.h. Must be on same fs as the...
Solaris Update for bsmunconv overwrites root cron tab if cu created /tmp/root 111069-01
Check for the Version of bsmunconv overwrites root cron tab if cu created /tmp/root OpenVAS Vulnerability Test Solaris Update for bsmunconv overwrites root cron tab if cu created /tmp/root 111069-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...
Linux Kernel 2.6 UDEV < 141 Local Privilege Escalation Exploit
No description provided by source. / cve-2009-1185.c udev 141 Local Privilege Escalation Exploit Jon Oberheide [email protected] http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185 udev before 1.4.1 does not verify whether a NETLINK message originates...