3 results (0.009 seconds)

CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1

The (1) ncsarmt and (2) ncsawrap scripts in xmcd 2.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.*pid temporary file. Los ficheros de comandos (1) ncsarmt y (2) ncsawrap en xmcd v2.6 permite a usuarios locales sobrescribir ficheros de su elección a través de un ataque de enlaces simbólicos al fichero temporal /tmp/Mosaic.*pid. • http://bugs.debian.org/496416 http://dev.gentoo.org/~rbu/security/debiantemp/xmcd http://www.openwall.com/lists/oss-security/2008/10/30/2 http://www.securityfocus.com/bid/32288 https://bugs.gentoo.org/show_bug.cgi?id=235770 https://exchange.xforce.ibmcloud.com/vulnerabilities/46550 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

xmcdconfig in xmcd for Debian GNU/Linux 2.6-17.1 creates /var/lib/cddb and /var/lib/xmcd/discog with world writable permissions, which allows local users to cause a denial of service (disk consumption). • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=366816 http://secunia.com/advisories/20078 http://www.debian.org/security/2006/dsa-1086 https://exchange.xforce.ibmcloud.com/vulnerabilities/26452 •

CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0

cda in xmcd 3.0.2 and 2.6 in SuSE Linux allows local users to overwrite arbitrary files via a symlink attack. • http://www.kb.cert.org/vuls/id/105347 http://www.novell.com/linux/security/advisories/2001_025_xmcd_txt.html http://www.securityfocus.com/bid/3148 https://exchange.xforce.ibmcloud.com/vulnerabilities/6941 •