Lucene search
+L

607 matches found

Cvelist
Cvelist
added 2008/11/17 11:0 p.m.26 views

CVE-2008-4832

rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows local users to delete arbitrary files via a symlink attack on a directory under 1 /var/lock or 2 /var/run. NOTE: this issue exists because of a race condition in an incorrect fix for CVE-2008-3524. NOTE: exploitation may require ...

6.1AI score0.00282EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2008/10/21 2:52 p.m.7 views

ruby: multiple insufficient safe mode restrictions

Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via 1 untracevar, 2...

7.5CVSS7.2AI score0.14085EPSS
Exploits1References4
FreeBSD
FreeBSD
added 2008/08/08 12:0 a.m.39 views

ruby -- multiple vulnerabilities in safe level

The official ruby site reports: Several vulnerabilities in safe level have been discovereds:. untracevar is permitted at safe level 4; $PROGRAMNAME may be modified at safe level 4; insecure methods may be called at safe level 1-3; syslog operations are permitted at safe level 4; dl doesn't check...

7.5CVSS7AI score0.14085EPSS
Exploits3References1
RedHat Linux
RedHat Linux
added 2008/06/24 9:19 a.m.6 views

sblim: libraries built with insecure RPATH

Untrusted search path vulnerability in a certain Red Hat build script for Standards Based Linux Instrumentation for Manageability sblim libraries before 1-13a.el46.1 in Red Hat Enterprise Linux RHEL 4, and before 1-31.el52.1 in RHEL 5, allows local users to gain privileges via a malicious library...

4.6CVSS5.8AI score0.00378EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2008/05/27 12:0 a.m.29 views

revokebbrc11-sql.txt

!/usr/bin/python """ ================================================================================================= / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / ================================================================================================= This is a public Exploit...

7.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2008/05/20 2:28 p.m.7 views

dovecot: insecure mail_extra_groups option

Dovecot before 1.0.11, when configured to use mailextragroups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack...

4.4CVSS5.8AI score0.00341EPSS
Exploits0References4
seebug.org
seebug.org
added 2008/03/25 12:0 a.m.20 views

TopperMod 1.0 (mod.php) Local File Inclusion Vulnerability

No description provided by source. Author: GiReX mySite: girex.altervista.org CMS: TopperMod v1.0 Site: rtcw.ch/mio/index.php Bug: Local File Inclusion File: mod.php Var : $to Bug explanation - Vuln Code: if isset$GET'mod' $mod = stripslashes$GET'mod'; else header"location index.php"; Die; if...

7.1AI score
Exploits0
OSV
OSV
added 2008/03/06 9:44 p.m.3 views

DEBIAN-CVE-2008-1199

Dovecot before 1.0.11, when configured to use mailextragroups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack...

4.4CVSS6.5AI score0.00341EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2008/02/06 12:0 a.m.10 views

SuSE 10 Security Update : Geronimo (ZYPP Patch Number 4967)

A chown in the geronimo init script could change ownership of directories it did not own, due to following symlinks. The default setup would corrupt /var/tmp on start. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

5.5AI score
Exploits0
Cvelist
Cvelist
added 2007/10/31 4:0 p.m.15 views

CVE-2002-2382

cvsupd.sh in CVSup 1.2 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on /var/tmp/cvsupd.out...

6.6AI score0.00311EPSS
Exploits0References3
Prion
Prion
added 2007/10/28 5:8 p.m.17 views

Authentication flaw

initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging...

4.9CVSS6.6AI score0.00942EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVE
added 2007/10/28 4:0 p.m.40 views

CVE-2007-5686

initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging...

4.9CVSS3.9AI score0.00942EPSS
Exploits0
Cvelist
Cvelist
added 2007/10/19 10:0 a.m.24 views

CVE-2003-1386

AXIS 2400 Video Server 2.00 through 2.33 allows remote attackers to obtain sensitive information via an HTTP request to /support/messages, which displays the server's /var/log/messages file...

6.2AI score0.07711EPSS
Exploits0References5
securityvulns
securityvulns
added 2007/10/12 12:0 a.m.31 views

rPSA-2007-0214-1 initscripts

rPath Security Advisory: 2007-0214-1 Published: 2007-10-11 Products: rPath Linux 1 Rating: Minor Exposure Level Classification: Local Information Exposure Updated Versions: initscripts=conary.rpath.com@rpl:1/8.12-8.10-1 rPath Issue Tracking System: https://issues.rpath.com/browse/RPL-1825...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2007/10/12 12:0 a.m.24 views

Linux initscripts weak permissions

Weak permissions for /var/log/btmp files cause information leak about unsuccessful logon attempt...

1.3AI score
Exploits0References1
Prion
Prion
added 2007/09/24 10:17 p.m.16 views

Improper access control

Adam Scheinberg Flip 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing login credentials via a direct request for var/users.txt...

5CVSS6.9AI score0.06243EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2007/09/24 10:0 p.m.29 views

CVE-2007-5063

Adam Scheinberg Flip 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing login credentials via a direct request for var/users.txt...

6.4AI score0.06243EPSS
Exploits0References3
NVD
NVD
added 2007/09/21 7:17 p.m.23 views

CVE-2007-5028

Dibbler 0.6.0 on Linux uses weak world-writable permissions for unspecified files in /var/lib/dibbler, which has unknown impact and local attack vectors...

7.5CVSS6.5AI score0.01399EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2007/09/21 7:17 p.m.35 views

CVE-2007-5028

Dibbler 0.6.0 on Linux uses weak world-writable permissions for unspecified files in /var/lib/dibbler, which has unknown impact and local attack vectors...

7.5CVSS5.9AI score0.01399EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2007/09/21 6:0 p.m.53 views

CVE-2007-5028

Dibbler 0.6.0 on Linux uses weak world-writable permissions for unspecified files in /var/lib/dibbler, which has unknown impact and local attack vectors...

7.5CVSS6.3AI score0.01399EPSS
Exploits0
Rows per page
Query Builder