securely software vulnerabilities
vulnerabilities.aspcode.net
Searching securely software vulnerabilities
The installation of J-Pilot creates the .jpilot
installation
|
information
|
directory
|
attackers
|
securely
|
J-Pilot
|
creates
|
backup
|
PalmOS
|
user's
|
jpilot
|
users'
|
umasks
|
their
|
could
|
which
|
umask
|
allow
|
other
|
local
|
read
|
set
|
not
|
The installation of J-Pilot creates the .jpilot directory with the user's umask, which could allow local attackers to read other users' PalmOS backup information if their umasks are not securely set.
Linux CUPS before 1.1.6 does not securely handl
before
|
Linux
|
CUPS
|
Linux CUPS before 1.1.6 does not securely handle temporary files, possibly due to a symlink vulnerability that could allow local users to overwrite files.
The Sendmail 8.12.3 package in Debian GNU/Linux
Sendmail
|
The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create temporary files, which could allow local users to gain additional privileges via (1) expn, (2) checksendmail, or (3) doublebounce.pl.
vdr before 1.2.6 does not securely create files
before
|
vdr
|
vdr before 1.2.6 does not securely create files, which allows attackers to overwrite arbitrary files.
LSCFG in IBM AIX 5.2 and 5.3 does not create te
/etc/passwd
|
temporary
|
securely
|
possibly
|
corrupt
|
system
|
allows
|
create
|
trace
|
users
|
other
|
LSCFG
|
which
|
files
|
local
|
file
|
does
|
not
|
via
|
IBM
|
AIX
|
LSCFG in IBM AIX 5.2 and 5.3 does not create temporary files securely, which allows local users to corrupt /etc/passwd and possibly other system files via the trace file.
crawl before 4.0.0 does not securely call progr
before
|
crawl
|
crawl before 4.0.0 does not securely call programs when saving and loading games, which allows local users to gain privileges.
The Apple Type Services (ATS) server in Mac OS
Services
|
Apple
|
Type
|
The Apple Type Services (ATS) server in Mac OS X 10.4.8 and earlier does not securely create log files, which allows local users to create and modify arbitrary files via unspecified vectors, possibly relating to a symlink attack.
The gencert.sh script, when installing OpenLDAP
directories
|
installing
|
arbitrary
|
overwrite
|
gencertsh
|
temporary
|
securely
|
2130-r10
|
OpenLDAP
|
2330-r2
|
2228-r7
|
symlink
|
attack
|
allows
|
emerge
|
during
|
ebuild
|
Gentoo
|
script
|
before
|
create
|
local
|
users
|
files
|
Linux
|
which
|
does
|
/tmp
|
not
|
via
|
23x
|
22x
|
The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2.x before 2.2.28-r7, and 2.3.x before 2.3.30-r2 as an ebuild in Gentoo Linux, does not create temporary directories in /tmp securely during emerge, which allows local users to overwrite arbitrary files via a symlink attack.
lharc.c in lha does not securely create tempora
temporary
|
creating
|
securely
|
invoked
|
lharcc
|
create
|
before
|
local
|
users
|
write
|
allow
|
files
|
which
|
might
|
file
|
does
|
read
|
lha
|
not
|
lharc.c in lha does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked.
Software vulnerabilities results 1 to 10 of 10
Page:
1