Lucene search
K

59 matches found

RedHat Linux
RedHat Linux
added 2022/03/10 4:37 p.m.7 views

Mozilla: Temporary files downloaded to /tmp and accessible by other local users

The Mozilla Foundation Security Advisory describes this flaw as: Previously Thunderbird for macOS and Linux would download temporary files to a user-specific directory in /tmp, but this behavior was changed to download them to /tmp where they could be affected by other local users. This behavior...

6.5CVSS7.3AI score0.0068EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2022/03/10 3:29 p.m.3 views

Mozilla: Temporary files downloaded to /tmp and accessible by other local users

The Mozilla Foundation Security Advisory describes this flaw as: Previously Thunderbird for macOS and Linux would download temporary files to a user-specific directory in /tmp, but this behavior was changed to download them to /tmp where they could be affected by other local users. This behavior...

6.5CVSS7.3AI score0.0068EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2022/03/10 3:22 p.m.7 views

Mozilla: Temporary files downloaded to /tmp and accessible by other local users

The Mozilla Foundation Security Advisory describes this flaw as: Previously Thunderbird for macOS and Linux would download temporary files to a user-specific directory in /tmp, but this behavior was changed to download them to /tmp where they could be affected by other local users. This behavior...

6.5CVSS7.3AI score0.0068EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2022/03/10 3:18 p.m.3 views

Mozilla: Temporary files downloaded to /tmp and accessible by other local users

The Mozilla Foundation Security Advisory describes this flaw as: Previously Thunderbird for macOS and Linux would download temporary files to a user-specific directory in /tmp, but this behavior was changed to download them to /tmp where they could be affected by other local users. This behavior...

6.5CVSS7.3AI score0.0068EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2022/03/10 3:9 p.m.5 views

Mozilla: Temporary files downloaded to /tmp and accessible by other local users

The Mozilla Foundation Security Advisory describes this flaw as: Previously Thunderbird for macOS and Linux would download temporary files to a user-specific directory in /tmp, but this behavior was changed to download them to /tmp where they could be affected by other local users. This behavior...

6.5CVSS7.3AI score0.0068EPSS
Exploits1References6
NVD
NVD
added 2020/12/17 5:15 a.m.12 views

CVE-2020-27199

The Magic Home Pro application 1.5.1 for Android allows Authentication Bypass. The security control that the application currently has in place is a simple Username and Password authentication function. Using enumeration, an attacker is able to forge a User specific token without the need for...

7.5CVSS7.9AI score0.02875EPSS
Exploits4References1
Hacker One
Hacker One
added 2019/08/14 3:46 p.m.31 views

Nextcloud: Circle email-members have still access to a shared folder/file after they are removed from the circle

If a email-address is added to a circle, the email user has still access after the email-address is removed from the circle. Requirements ------- circles app and share by mail app enabled Steps to reproduce ------------- 1. add an email address to a circle 2. share a folder/file with the circle 3...

4CVSS1.2AI score0.00831EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2018/07/18 6:28 p.m.29 views

Unsafe deserialization in confire

An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An...

9.8CVSS9.4AI score0.04435EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2017/11/10 9:29 a.m.21 views

CVE-2017-16763

An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An...

9.8CVSS9.8AI score0.04435EPSS
Exploits1References3
Prion
Prion
added 2017/11/10 9:29 a.m.16 views

Input validation

An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An...

7.5CVSS9.8AI score0.04435EPSS
Exploits1References3Affected Software1
securityvulns
securityvulns
added 2015/07/05 12:0 a.m.62 views

CollabNet Subversion Edge missing brute force protection

Vuln Title: The CollabNet Subversion Edge does not protect against brute forcing accounts Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Lack of defensive measures Risk: Medium Status:...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2013/10/09 12:0 a.m.63 views

Two Instagram Android App Security Vulnerabilities

Affected app: Instagram for Android Affected versions: 4.0.2 and 4.1.2, probably also earlier versions as well as iOS affected. Summary After the Instagram iOS vulnerability discovered last year 1, the app's HTTP API has been extended with a cryptographic authentication for changes like "likes" a...

Exploits0
Atlassian
Atlassian
added 2012/05/07 7:0 a.m.19 views

Javascript escape the value of "dark features" within the javascript context they are rendered out in

Current user specific dark feature values are not javascript escaped in the javascript context they exist in. e.g. the value "' + evalalert1 ' +" without the double quotes appears like the following in the feature javascript context: / Dark features are features that can enabled and disabled per...

1.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/05/07 7:0 a.m.24 views

Javascript escape the value of "dark features" within the javascript context they are rendered out in

Current user specific dark feature values are not javascript escaped in the javascript context they exist in. e.g. the value "' + evalalert1 ' +" without the double quotes appears like the following in the feature javascript context: / Dark features are features that can enabled and disabled per...

1.3AI score
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2012/03/12 12:0 a.m.19 views

Debian: Security Advisory (DSA-2411-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

2.1CVSS6.5AI score0.00384EPSS
Exploits0References3
OSV
OSV
added 2012/02/19 12:0 a.m.14 views

DSA-2411-1 mumble - information disclosure

Bulletin has no description...

2.1CVSS6.3AI score0.00384EPSS
Exploits0
OpenVAS
OpenVAS
added 2009/03/06 12:0 a.m.19 views

RedHat Update for vsftpd RHSA-2008:0295-01

Check for the Version of vsftpd OpenVAS Vulnerability Test RedHat Update for vsftpd RHSA-2008:0295-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

7.1CVSS0.1AI score0.12061EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2008/10/31 12:0 a.m.31 views

alink-xsrfxss.xt

Louhi Networks Information Security Research Security Advisory Advisory: A-Link WL54AP3 and WL54AP2 CSRF+XSS vulnerability Release Date: 2008/10/31 Last Modified: 2008/10/28 Authors: Jussi Vuokko, CISSP [email protected] Henri Lindberg [email protected] Device: A-Link WL54AP3 and WL54AP...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2008/10/31 12:0 a.m.55 views

A-Link WL54AP3 / WL54AP2 - Cross-Site Request Forgery / Cross-Site Scripting

Louhi Networks Information Security Research Security Advisory Advisory: A-Link WL54AP3 and WL54AP2 CSRF+XSS vulnerability Release Date: 2008/10/31 Last Modified: 2008/10/28 Authors: Jussi Vuokko, CISSP [email protected] Henri Lindberg [email protected] Device: A-Link WL54AP3 and WL54AP...

7.4AI score
Exploits0
Rows per page
Query Builder