CVE-2018-6914

Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. dot dot in the prefix argument...

ALPINE-CVE-2018-6914

Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. dot dot in the prefix argument...

CVE-2018-6914

Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. dot dot in the prefix argument...

CVE-2018-6914

CVE-2018-6914 is a directory traversal vulnerability in Ruby’s tmpdir library (Dir.mktmpdir). The flaw allows an attacker to create arbitrary directories or files via a “..” in the prefix argument. Affected Ruby versions: before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, ...

CVE-2018-6914

Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. dot dot in the prefix argument...

CVE-2018-6914

Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. dot dot in the prefix argument...

UBUNTU-CVE-2018-6914

Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. dot dot in the prefix argument...

Directory Traversal

Overview rubysl-tmpdir is a ruby standard library for tmpdir. Affected versions of this package are vulnerable to Directory Traversal. Dir.mktmpdir method introduced by tmpdir library accepts the prefix and the suffix of the directory which is created as the first parameter. The prefix can contai...

SUSE-SU-2018:0065-1 Fixing security issues on OBS toolchain

This OBS toolchain update fixes the following issues: Package 'build': - CVE-2017-14804: Improve file name check extractbuild bsc1069904 - Fixed Dockerfile repository parsing Package 'obs-service-sourcevalidator': - CVE-2017-9274: Don't use rpmbuild to extract sources, patches etc. from a spec...

CVE-2017-9779

OCaml compiler allows attackers to have unspecified impact via unknown vectors, a similar issue to CVE-2017-9772 "but with much less impact."...

MGASA-2016-0255 Updated sqlite3 packages fix security vulnerability

It was discovered that sqlite3 would reject a temporary directory e.g., as specified by the TMPDIR environment variable to which the executing user did not have read permissions. This could result in information leakage as less secure global temporary directories e.g., /var/tmp or /tmp would be...

SuSE 10 Security Update : apache2 (ZYPP Patch Number 4669)

Several bugs were fixed in the Apache2 webserver : These include the following security issues : - modstatus: Fix a possible XSS attack against a site with a public server-status page and ExtendedStatus enabled, for browsers which perform charset 'detection'. CVE-2006-5752 - modcache: Prevent a...

PHP Session.Save_Path() TMPDIR Open_Basedir限制绕过漏洞

PHP是一款广泛使用的WEB开发脚本语言。 PHP session.savepath存在openbasedir绕过问题，远程攻击者可能利用此漏洞结合其他漏洞进行进一步攻击，如包含文件。 当提供空会话保存路径时，文件会话存储模块通过TMPDIR环境变量指定回调的路径，不幸的是回调发生在openbasedir检查之后，可导致安全检查被绕过。进行其他进一步攻击。 PHP PHP 5.2.1 PHP PHP 5.1.6 PHP PHP 5.1.5 PHP PHP 5.1.4 PHP PHP 5.1.3 PHP PHP 5.1.3 PHP PHP 5.1.2 PHP PHP 5.1.1 PHP P...

PHP 5.2.1 - Session.Save_Path() TMPDIR open_basedir Restriction Bypass

PHP 5.2.1 - Session.SavePath TMPDIR openbasedir Restriction Bypass source: https://www.securityfocus.com/bid/23183/info PHP is prone to a 'openbasedir' restriction-bypass vulnerability due to a design error. Successful exploits could allow an attacker to access sensitive information or to write...

GLSA-200408-11 : Nessus: 'adduser' race condition vulnerability

The remote host is affected by the vulnerability described in GLSA-200408-11 Nessus: 'adduser' race condition vulnerability A race condition can occur in 'nessus-adduser' if the user has not configured their TMPDIR variable. Impact : A malicious user could exploit this bug to escalate privileges ...

Nessus: "adduser" race condition vulnerability

Background Nessus is a free and powerful network security scanner. Description A race condition can occur in "nessus-adduser" if the user has not configured their TMPDIR variable. Impact A malicious user could exploit this bug to escalate privileges to the rights of the user running...

HP-UX shar utility creates files with predictable names in "/tmp" directory

Overview The shar program distributed with some versions of the HP-UX operating system creates files insecurely. This vulnerability could allow local users to gain escalated privilege on the system. Description shar is a program commonly available on UNIX systems to create a shell script that wil...