|
317441
|
5.5 |
MEDIUM
Local
|
hp
|
hp-ux
|
HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messa…
|
CWE-59
Link Following
|
CVE-2000-0972
|
2024-01-27 01:56 |
2000-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317442
|
5.5 |
MEDIUM
Local
|
perl
|
perl
|
Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.
|
CWE-59
Link Following
|
CVE-1999-1386
|
2024-01-27 01:54 |
1999-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317443
|
5.5 |
MEDIUM
Local
|
freebsd
|
freebsd
|
FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system.
|
CWE-59
Link Following
|
CVE-1999-0783
|
2024-01-27 01:54 |
1998-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317444
|
- |
|
nextweb
|
nextweb_\(i\)site
|
NEXTWEB (i)Site stores databases under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to databases/Users.md…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2005-1835
|
2024-01-26 06:50 |
2005-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317445
|
7.5 |
HIGH
Network
|
kde
debian
|
kde
debian_linux
|
The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and…
|
CWE-281
Improper Preservation of Permissions
|
CVE-2005-1920
|
2024-01-26 06:11 |
2005-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317446
|
- |
|
baalsystems
|
baal_smart_forms
|
Baal Smart Forms before 3.2 allows remote attackers to bypass authentication and obtain system access via a direct request to regadmin.php.
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2004-2144
|
2024-01-26 06:11 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317447
|
- |
|
phpmyfaq
|
phpmyfaq
|
phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request.
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2004-2257
|
2024-01-26 06:11 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317448
|
7.5 |
HIGH
Network
|
sun
|
solaris_pc_netlink
|
Sun PC NetLink 1.0 through 1.2 does not properly set the access control list (ACL) for files and directories that use symbolic links and have been restored from backup, which could allow local or rem…
|
CWE-59
CWE-281
Link Following
Improper Preservation of Permissions
|
CVE-2002-2323
|
2024-01-26 06:11 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317449
|
7.5 |
HIGH
Network
|
microsoft
|
windows_2000
|
Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less r…
|
CWE-281
Improper Preservation of Permissions
|
CVE-2001-1515
|
2024-01-26 06:11 |
2001-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317450
|
7.8 |
HIGH
Local
|
debian
|
debian_linux
|
sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking.
|
CWE-281
Improper Preservation of Permissions
|
CVE-2001-0195
|
2024-01-26 06:11 |
2001-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
