Some issues have not been assigned CVE names, but are still tracked by this database. In this case, the system automatically assigns a unique name. These names are not stable and can change when the database is updated, so they should not be used in external references.
The automatically generated names come in two flavors:
the first kind starts with the string "TEMP-000000-". This means that no Debian bug has been assigned to this
issue (or a bug has been created and is not recorded in this database).
In the second kind of names, there is a Debian bug for the issue, and the "000000"part of the name is replaced with the
Debian bug number.
| Bug | Description |
|---|---|
| TEMP-0000000-00657F | pure-ftpd-mysql: any problems with a home dir will allow rw to the entire filesystem |
| TEMP-0000000-0132B8 | too lenient UTF-8 decoder in kjs/function.cpp |
| TEMP-0000000-01E656 | Possible SQL injection in freeradius |
| TEMP-0000000-02F7AB | file descriptor leak when a Compose file uses the "include" directive |
| TEMP-0000000-050E10 | mailutils: sql injection vulnerability in sql authentication module |
| TEMP-0000000-071608 | shibboleth Single TransientID Mapped to Multiple Principals |
| TEMP-0000000-07A77D | php-gettext XSS |
| TEMP-0000000-09234C | insecure usage of temporary files in flash-kernel |
| TEMP-0000000-095B48 | Connection related DoS possibility in OmniORB 4 |
| TEMP-0000000-0999A8 | syslog-ng dos |
| TEMP-0000000-099EAC | werkzeug hashes its secret instead of using hmac |
| TEMP-0000000-0CA7E3 | XSS in press-this of wordpress |
| TEMP-0000000-106DD8 | linux-ftpd: null ptr dereference |
| TEMP-0000000-16E7F9 | Some security issues in mod_security |
| TEMP-0000000-196897 | htmlpurifier various |
| TEMP-0000000-19ACB2 | piwigo |
| TEMP-0000000-1A4150 | archivemail insecure temporary file issues |
| TEMP-0000000-1BD96B | Several buffer overflows in termpkg |
| TEMP-0000000-1EF219 | heap-based buffer overflow in git-blame with long file names |
| TEMP-0000000-212AE3 | Unspeficied security issue in ipsec-tool's single DES support |
| TEMP-0000000-226F20 | Insecure temp file usage in thttpd's syslogtocern |
| TEMP-0000000-269968 | X launcher doesn't drop group privileges |
| TEMP-0000000-271E1A | vpnc: config file path security hole |
| TEMP-0000000-2A2487 | radare-common insecure temp files handling |
| TEMP-0000000-2A36A7 | remote DoS when case of the characters of a nickname is modified |
| TEMP-0000000-2C7EFD | incorrect handling of {$smarty.template} and {$smarty.current_dir} |
| TEMP-0000000-2D8F93 | isc-dhcp: omapi dos |
| TEMP-0000000-2EA6C5 | NULL dereferences, similar to Adobe's CVE-2009-0658 |
| TEMP-0000000-3336BA | htdig: several unspecified security problems |
| TEMP-0000000-34EBC9 | rubygems: integrity violation |
| TEMP-0000000-376228 | webcam-server unspecified vulnerability |
| TEMP-0000000-3934DC | xmail insecure temp files handling |
| TEMP-0000000-39D7FD | cyrus-imapd allows user probes |
| TEMP-0000000-3A9B70 | several possible mysql 5.0 local DoS vulnerabilities |
| TEMP-0000000-3B586F | directory traversal |
| TEMP-0000000-3C6C99 | Insufficient filename sanitising in darcsweb |
| TEMP-0000000-3CC163 | nilfs-tools privilege escalation |
| TEMP-0000000-3D82DC | axel URL parser buffer overflow |
| TEMP-0000000-3EB501 | Possible problem with insecure usage of sscanf in obexftp client |
| TEMP-0000000-3F0E00 | tor insufficient authentication on control port |
| TEMP-0000000-3FD01C | insecure filehandling in mysql_upgrade |
| TEMP-0000000-404599 | Multiple security problems in lbreakout2 |
| TEMP-0000000-42228B | spip DoS |
| TEMP-0000000-425714 | argyll unsafe udev rules |
| TEMP-0000000-42BDFB | mimep insecure tempfile usage and insecure calls to LaTeX and dvips |
| TEMP-0000000-43D999 | Insecure temp files in firehol |
| TEMP-0000000-477739 | mailscanner: lock/pid file location symlink attack |
| TEMP-0000000-481246 | libxslt segfault / DoS |
| TEMP-0000000-4AA1B8 | Insecure tempfile handling in openwebmail CGI scripts |
| TEMP-0000000-4C54C0 | atftp DoS |
| TEMP-0000000-4D04B7 | maradns: More frequent rekeying to mitigate possible AES attacks |
| TEMP-0000000-4E21BA | xscreensaver: symlink attack enables local information disclosure |
| TEMP-0000000-506907 | unspecified Drupal SQL injection |
| TEMP-0000000-50D00E | Multiple security problems in Quake 2 |
| TEMP-0000000-516A9E | NTFS driver for FUSE unspecified issue |
| TEMP-0000000-52FF39 | dokuwiki ACL bypass |
| TEMP-0000000-56C871 | Fixes permission check in QueriesController |
| TEMP-0000000-57BF72 | XSS in drupal printing module |
| TEMP-0000000-57F9DB | Firefox Sage Extension Feed Script Insertion Vulnerability |
| TEMP-0000000-5865E4 | imms: Arbitrary command execution through inproper filename escaping |
| TEMP-0000000-589A35 | "slowloris" denial-of-service vulnerabilty in webservers |
| TEMP-0000000-58BE54 | lintian disclosure of file presense |
| TEMP-0000000-598804 | amanda code injection |
| TEMP-0000000-5AF47F | Remote DoS vulnerabilities in postgrey |
| TEMP-0000000-5CAA34 | Unspecified issue in moodle's admin/delete.php |
| TEMP-0000000-62CF51 | Buffer overflow in libotr |
| TEMP-0000000-62D57E | apt-cacher arbitrary command execution |
| TEMP-0000000-6554CD | Variable function calls in Smarty allow bypassing security settings |
| TEMP-0000000-673AE0 | ikiwiki allows web user to edit images and other non-page format files in the wiki |
| TEMP-0000000-6773DE | interchange potential HTTP response splitting vulnerability |
| TEMP-0000000-6B3154 | Various /tmp related security issues in cernlib |
| TEMP-0000000-6BC416 | flaw in NetX that allows arbitrary unsigned apps to set any java property |
| TEMP-0000000-6C56E3 | mantis multiple issues fixed in 1.0.7 |
| TEMP-0000000-6CFAE4 | gallery2 session ID disclosure |
| TEMP-0000000-6D001C | smb4k security issue |
| TEMP-0000000-6DFD48 | Four potentially DoS exploitable deadlocks and leaks in kernel 2.6 |
| TEMP-0000000-6F6CD4 | Insecure mailbox generation in passwd's useradd |
| TEMP-0000000-71A9D4 | Unspecified buffer overflow in Convert::UUlib perl module |
| TEMP-0000000-75B37A | insufficient form variable escaping |
| TEMP-0000000-760107 | rtkit: failure to drop supplemental groups |
| TEMP-0000000-77E129 | mydms SQL injection |
| TEMP-0000000-782E47 | php-net-ping argument injection |
| TEMP-0000000-79CB2C | ampache DoS and CSRF |
| TEMP-0000000-7C1EF6 | SQL injecton vulnerabilities in vpopmail prior to 5.4.6 |
| TEMP-0000000-7D3048 | Logging bypassing through SIGHUP in syslog-ng |
| TEMP-0000000-812BAC | phpbb 3.0.7 permissions bypass |
| TEMP-0000000-838979 | Escape href attribute in auto links |
| TEMP-0000000-844C33 | gnutls Adaptive Chosen Ciphertext Attack |
| TEMP-0000000-84AA65 | DoS against clamav through infinite loop in cli_rmdirs |
| TEMP-0000000-854787 | drupal6-mod-tagadelic XSS |
| TEMP-0000000-8648E9 | moinmoin XSS |
| TEMP-0000000-884233 | serveez: buffer overflow in header parser |
| TEMP-0000000-8D4A1C | hostapd dos |
| TEMP-0000000-8DEC77 | Cross-Site-Scripting in Bugzilla |
| TEMP-0000000-8E8C20 | gforge arbitrary code execution through viewFile.php |
| TEMP-0000000-8F74CD | unsafe temporary file in lintian's objdump-info |
| TEMP-0000000-8FB0B7 | XSS in drupal 6 calendar field |
| TEMP-0000000-9164B4 | unspecified steam cache vulnerability |
| TEMP-0000000-94515F | xile buffer overrun in terminal code |
| TEMP-0000000-97BE67 | cherokee 0.5.4 DoS |
| TEMP-0000000-9A49E3 | XSS vulnerability discovered -plugin-globalsearch |
| TEMP-0000000-9AC543 | mono xsp file disclosure |
| TEMP-0000000-9B3182 | schroot may use outdated configuration information |
| TEMP-0000000-9DA06E | openslp: insecure cert validation through openssl api misuse |
| TEMP-0000000-9ED582 | Two DoS condition in ekg |
| TEMP-0000000-A2D002 | prelude-manager: password world-readable |
| TEMP-0000000-A2EB44 | Insecure tempfile in x-face-el |
| TEMP-0000000-A5538F | libpam-ssh: Inproper caching of pwd data with potential security implications |
| TEMP-0000000-A7D1F4 | PHP 5.2.9 curl safe_mode & open_basedir bypass |
| TEMP-0000000-A8955C | KDE Kopete ICQ remote DoS |
| TEMP-0000000-AB5257 | dojo can be used as a redirector |
| TEMP-0000000-AD5F11 | kmd affected by binutils's ELF parser vulnerability |
| TEMP-0000000-AF79F8 | roundup: unspecified issue |
| TEMP-0000000-B138FB | gstreamer ffmpeg missing checks of packet sizes, chunk sizes, and fragment positions |
| TEMP-0000000-B14A9D | mantis multiple issues |
| TEMP-0000000-B2D490 | moin: hierarchical ACLs security issue |
| TEMP-0000000-B446CF | iodine: DoS against iodined triggerable by authenticated users |
| TEMP-0000000-B4B71F | Fix file indirectory injection |
| TEMP-0000000-B5C878 | backuppc: web frontend installed insecurely by default |
| TEMP-0000000-B8FCF5 | lcrash affected by libbfd integer overflows |
| TEMP-0000000-BA35FE | crash in the certificate verification logic |
| TEMP-0000000-BAC45A | gaim crash when receiving an invalid UPnP response |
| TEMP-0000000-BB4B08 | zend framework multiple issues |
| TEMP-0000000-BBBF43 | Crypto weakness in Tor's handshaking process |
| TEMP-0000000-BC4C2F | nautilus: file preview html script execution |
| TEMP-0000000-BD20F7 | ZF2010-07 |
| TEMP-0000000-C070DD | ntop: access.log permissions |
| TEMP-0000000-C0C622 | gstreamer-ffmpeg unspecified issue related to sps and pps ids |
| TEMP-0000000-C3D012 | multiple missing input sanity checks in KDE |
| TEMP-0000000-C43658 | bugzilla: unauthorized bug modification |
| TEMP-0000000-C46FAD | pam usb wrongly allows authentication without password in ssh sessions |
| TEMP-0000000-CD327C | remctl ACL bypass vulnerability |
| TEMP-0000000-CE781F | flaw that allows unsigned code to access any file on the machine (accessible to the user) and write to it. |
| TEMP-0000000-D0A7F0 | ircd-ratbox password disclosure during TLS handshake |
| TEMP-0000000-D61692 | unace unspecified security issue related to uninitialized variable |
| TEMP-0000000-D9D9B0 | lwat sometimes logs passwords in access.log |
| TEMP-0000000-DAA254 | fai tempfile vulnerability |
| TEMP-0000000-DAE756 | clamav: DoS through multiple empty Content-Disposition header lines |
| TEMP-0000000-DEED53 | unrar: opens /tmp/debug_unrar.txt |
| TEMP-0000000-E06059 | backup-manager: make sure password is not written to world-readable files |
| TEMP-0000000-E10713 | Multiple buffer overflows in gtetrinet |
| TEMP-0000000-E3DB33 | Several DoS possibilities of clients against the server in Freeciv |
| TEMP-0000000-E48B73 | rageirc IRC daemon always allows login with empty password |
| TEMP-0000000-E52D56 | Integer overflow in binutils' ELF parsing |
| TEMP-0000000-E9A545 | libetpan NULL deref |
| TEMP-0000000-EA71EF | moodle unspecified security bug in the forum module (discuss.php) |
| TEMP-0000000-EC3A6E | monkey DoS |
| TEMP-0000000-EEC6F6 | kernel: Signedness problems in net/core/filter |
| TEMP-0000000-F350A9 | Directory traversal in unzoo |
| TEMP-0000000-F4C8D1 | ejabberd HTML code injection |
| TEMP-0000000-F53EE4 | 0.1.1+dfsg-1 multiple issues |
| TEMP-0000000-F56399 | webkit info leak |
| TEMP-0000000-F647EF | Missing safemode checks in PHP's _php_image_output functions |
| TEMP-0000000-FB3F88 | webalizer-stonesteps XSS |
| TEMP-0000000-FC3A86 | unspecified multiple Drupal vulnerabilies, likely some overlap with the next temp entry |
| TEMP-0000000-FC713A | pythonpaste web root esacpe |
| TEMP-0000000-FD294C | mysql 5.0 several DoS vulns |
| TEMP-0000000-FE4944 | libhaml-ruby XSS issue |
| TEMP-0046709-935F97 | Insecure access control on GNU Mach's IO ports |
| TEMP-0105562-0FE13B | crypt++ passes passwords through the command line |
| TEMP-0107374-DF37E7 | gnupg: inproper flagging of signatures as being local |
| TEMP-0149799-ABFD7C | sanitizer bypassal through quoted file names |
| TEMP-0169793-0E1404 | libnss-ldap: DoS through truncated DNS queries |
| TEMP-0173238-677015 | Insecure temp files in lilo |
| TEMP-0183047-CE70BA | fuzz: Insecure temp file usage |
| TEMP-0216566-EA84C5 | Insecure bounds checking in mpack's content parser |
| TEMP-0250106-DF1988 | Unspecified buffer overflow in libmng |
| TEMP-0253838-2AD268 | Minor local DoS as libldap |
| TEMP-0254101-876546 | Multiple buffer overflows in isoqlog |
| TEMP-0259987-89C19C | bash-completion: does not properly quote characters |
| TEMP-0264684-94ACC3 | Pavuk Digest Authentication Buffer Overflow |
| TEMP-0267040-058910 | Should include "UNRESTRICTED access to your computer" warning somewhere |
| TEMP-0267098-76A1A1 | Two vulnerabilities in sredird |
| TEMP-0269186-FFE79F | asciijump: /var/games/asciijump world writable |
| TEMP-0276789-AC8537 | Insecure tempfile usage in tleds |
| TEMP-0279163-95DF2E | Barrendero spool world-readable |
| TEMP-0281448-00272A | Format string bug in sysklogd's syslog_tst sources |
| TEMP-0282565-080CCC | phpwiki shares a cookie for all wikis on a host |
| TEMP-0282583-19BE25 | microcode.ctl downloads microcode w/o user confirmation |
| TEMP-0290047-4CE288 | Insecure temp files in linux-wlan-ng |
| TEMP-0290435-0B57B5 | tar's rmt command may have undesired side effects |
| TEMP-0290833-627E93 | Inconsistent escaping of user supplied data in dbauthpgsql.c |
| TEMP-0291452-29156B | gs-esp: Insecure usage of /tmp in source code |
| TEMP-0291613-A6DD69 | xshisen follows symlinks for shared gid games files |
| TEMP-0296112-517ED6 | libnet-ssleay-perl: /tmp/entropy insecure |
| TEMP-0298114-36C546 | nvi: init.d recover file security bugs |
| TEMP-0298929-838146 | Multiple security issues when using distcc without ssh auth |
| TEMP-0300560-C9B661 | downloads.ini writable by group users, world-readable |
| TEMP-0302454-1EA4A5 | trackballs: Follows symlinks as gid games |
| TEMP-0302790-27DC0A | hdup inproperly preserves permissions on directories |
| TEMP-0303991-0B8885 | Does not do escaping in mysql version - both a worrying flaw and stops adduser working |
| TEMP-0306076-4B7D89 | coreutils ignores umask when using -m in mkdir, mkfifo and mknod |
| TEMP-0307796-A364A7 | Missing input validation in xtradius |
| TEMP-0308737-BABD6A | Heap overflow in libosip URI parsing |
| TEMP-0308783-360D88 | libxpm4: new s_popen() function is insecure garbage |
| TEMP-0311369-BF4422 | osh buffer overflow |
| TEMP-0313081-3428D4 | DoS triggering endless loops in findutils -follow option |
| TEMP-0313644-9251C3 | mkzopeinstance.py creates world-readable inituser file |
| TEMP-0317703-B6E618 | xsupplicant information leak |
| TEMP-0319489-1E8D79 | Buffer overflow in Description parsing |
| TEMP-0319661-CF4E1E | xemeraldia games file overwrite |
| TEMP-0319686-D21D67 | xgalaga score file segfault |
| TEMP-0320150-40E143 | Integer overflow in ffmpeg's MPEG encoding |
| TEMP-0321446-AF9008 | clamav-getfile: Insecure use of temporary files |
| TEMP-0321447-C22A86 | Insecure usage of temporary files in x11perfcomp and other security issues |
| TEMP-0321470-3DB8C5 | wine: Unsafe use of temporary files in winelauncher |
| TEMP-0321473-A78C3D | DoS to users to prevent usage of showpartial through _hard_ links |
| TEMP-0321566-40512D | fftw3-dev: Insecure tempfile usage in fftw-wisdom-to-conf script |
| TEMP-0321567-329716 | bugzilla: Maintainer's postinst script use temporary files in an unsafe way |
| TEMP-0322699-57F099 | fprobe-ng: Insecure default hash |
| TEMP-0324913-425151 | cplay - still unsafe temporary file handling vulnerable to symlink attacks |
| TEMP-0325080-6D2C4F | user password file created by gajim is world-redable |
| TEMP-0325369-6C1D5E | kdebase uses urandom as an entropy source |
| TEMP-0327261-B6AE8F | wine-safe does not prompt the user/is registered in mailcap |
| TEMP-0328134-B819BC | snort: DoS in verbose mode |
| TEMP-0329365-8CCB8C | Insecure pidfile handling in mailleds |
| TEMP-0329597-14A3D2 | egroupware unsafe use of /tmp for storing a log file |
| TEMP-0329597-F5A3A6 | SQL injection vulnerability in egroupware in account deletion |
| TEMP-0330627-887F38 | rkhunter: Insecure temporary file |
| TEMP-0331720-9168FE | adduser's deluser creates backup files with world readable permissions |
| TEMP-0334193-23D83A | xscreensaver does not maintain screen locks during upgrade |
| TEMP-0335996-97467D | ntop format string vulnerability |
| TEMP-0336719-CA7663 | user logout in drupal has no effect |
| TEMP-0337492-CFA0CD | Insecure temp files in note |
| TEMP-0338542-20361E | double free() in libungif |
| TEMP-0340079-E5FD8C | Insecure tempfile in libjpeg6b's exifautotran |
| TEMP-0340105-EE3BB8 | unsafe file permissions in vpnc |
| TEMP-0344000-4A049D | World-readable config file with sensitive data in b2evolution |
| TEMP-0349528-9E59D3 | Buffer overflow in elog's header buffer |
| TEMP-0352723-F61961 | dpkg-sig: insecure temp file bug |
| TEMP-0358139-D2A6EE | gauche-config rpath set to user home |
| TEMP-0358142-0BC2FF | unixodbc rpath set to /home |
| TEMP-0358157-34A070 | fftw rpath set to user home |
| TEMP-0358166-12F63F | hamlib3-perl rpath set to user home |
| TEMP-0358369-7131E1 | tcpquota rpath set to user home |
| TEMP-0359745-ECBE05 | webalizer: symlink vulnerability |
| TEMP-0361653-A94AFD | librsvg2 crash on certain svg files |
| TEMP-0361913-F8E45A | linphone insecure password leakage |
| TEMP-0364350-5A8D23 | typo3 mailforms can be abused to send spam |
| TEMP-0368804-259562 | ldap account manager sets trivial password instead of disabling it |
| TEMP-0369014-6AE03E | 'Cache' shell injection vulnerability |
| TEMP-0369542-32FFCA | ssmtp password leak |
| TEMP-0370144-2CA0D8 | specialy crafted WAV turns mkvmerge into a malloc bomb |
| TEMP-0375453-4F9189 | ldap account manager wrongly unlocks some passwords |
| TEMP-0376577-38D215 | uqwk buffer overflow |
| TEMP-0378411-57ACA8 | Buffer overflow in XML::Parser::Expat triggered by utf8 |
| TEMP-0378412-67AD3D | Buffer overflow in XML::Parser::Expat triggered by deep nesting |
| TEMP-0378571-06BD02 | courier-authdaemon: wrong socket permissions may lead to password disclosure |
| TEMP-0379922-FA0DE2 | double-free vulnerability in the Real Media demuxer |
| TEMP-0382132-C0E39C | diffmon information leakage |
| TEMP-0382161-C88554 | realtime-lsm-source: wrong permissions might lead to local root |
| TEMP-0388608-F17697 | logrotate race condition could lead to file disclosure |
| TEMP-0391388-8371AD | zabbix buffer overflows |
| TEMP-0391388-A7E978 | zabbix format string vulnerabilities |
| TEMP-0393846-B78E90 | motion insecure tempfile creation |
| TEMP-0397297-E6F2D0 | obexpushd arbitrary command execution |
| TEMP-0399226-A0B8DF | yacas insecure rpath |
| TEMP-0399508-EC6FC8 | insecure rpath in libflash-mozplugin |
| TEMP-0400624-86BB88 | dsniff urlsnarf missing output sanitization |
| TEMP-0402316-613F61 | hinfo code injection |
| TEMP-0403141-57B365 | znc file access security hole |
| TEMP-0404640-30D504 | mt-daapd remote access & default password |
| TEMP-0404927-037F7B | udev wrong permissions on raid devices |
| TEMP-0406285-531EEA | bcfg2 password disclosure |
| TEMP-0406982-8DF6EB | libjabber DoS |
| TEMP-0407003-DA457C | various crashes and infinite loops in ffmpeg |
| TEMP-0407116-23D9EF | wordpress unregister_globals workaround from 2.0.7 |
| TEMP-0407605-7D944E | netpbm heap corruption |
| TEMP-0407607-240F77 | python-django flup/FastCGI/debugging issue |
| TEMP-0409062-BD7B6D | kaya buffer overflow, cross-site scripting and data leak |
| TEMP-0410557-009D67 | dokuwiki conf directory accessible by web users |
| TEMP-0410588-2CACBB | amavids-new uses contrib/non-free packers without security support in default config |
| TEMP-0412143-62DE92 | vserver patch allows renice of processes in different context |
| TEMP-0412618-38583E | apg generates insecure passwords on 64-bit architectures |
| TEMP-0413629-0358E2 | buffer overruns in GIT's http-push.c, fixed in 1.5.0.3 |
| TEMP-0414480-089D8A | low-entropy default passphrase in Debian's dtc-xen |
| TEMP-0414482-5BA32C | file permission race conidition in Debian's dtc-xen |
| TEMP-0416296-75BF0C | Owl Intranet Engine multiple cross-site scripting, SQL-injection |
| TEMP-0417995-6A1CD7 | initramfs-tools creates /dev/root world-readable |
| TEMP-0418662-DC1CF3 | buffer overflow in mixmaster importing type 2 messages |
| TEMP-0425010-42F27C | mantis: information leak |
| TEMP-0425254-0F9CE1 | insecure tempfile in wdiff |
| TEMP-0427715-C31B61 | webpy HTTP response splitting vulnerability |
| TEMP-0434134-B27890 | dokuwiki XSS in spellchecker |
| TEMP-0435707-98CBD1 | teamspeak-server arbitrary file disclosure |
| TEMP-0454297-EACDD7 | exempi buffer overflow in GIF ReadHeader() function |
| TEMP-0456520-A0F651 | venkman preinst symlink dos |
| TEMP-0457947-284341 | pgp4pine off-by-one |
| TEMP-0464084-305C70 | greylistd bypass |
| TEMP-0464778-7EAAA3 | tdiary XSS |
| TEMP-0465561-A017B1 | minor cyrus sasl DoS |
| TEMP-0482385-09F6D5 | resizing the monitor with xrandr can crash xscreensaver |
| TEMP-0484639-8D3138 | missing sanity checks allow DoS via mis-formated timestamp |
| TEMP-0495542-A51430 | phpCAS XSS in final_uri; PHPCAS-52 |
| TEMP-0495985-D91305 | tcpdf code execution via tcpdf tag |
| TEMP-0496462-B3176F | insecure temp file in nvi |
| TEMP-0497005-8CD734 | Overwrite certain images without notice |
| TEMP-0497005-A51CB0 | Overwrite symlink without check |
| TEMP-0497452-F45308 | nfdump vulnerable to symlink attacks |
| TEMP-0498901-F99C05 | unsafe use of tempfile in ssmclient |
| TEMP-0500180-9ABD38 | unsafe usage of temp file |
| TEMP-0500181-9ABD38 | unsafe usage of temp file |
| TEMP-0500295-A176F7 | possible script injection via /etc/wordpress/wp-config.php |
| TEMP-0500611-22A0F0 | jumpnbump: insecure temp file |
| TEMP-0503222-4ACACF | XSS in book module in drupal |
| TEMP-0503222-760085 | local file inclusion in drupal |
| TEMP-0503750-D75E0A | balazar3: insecure temp file handling |
| TEMP-0504680-D4DC50 | yzis insecure temp file |
| TEMP-0504726-7A5872 | universalindentgui insecure usage of temp files |
| TEMP-0505326-BEA2C3 | typo3: passwords are not changeable bug in the backend |
| TEMP-0506625-71B0F6 | geda-gnetlist: sch2eaglepos.sh has insecure temp file handling |
| TEMP-0506961-3C07AF | auctex insecure temp file |
| TEMP-0507482-9415A7 | Insecure tmpdir creation |
| TEMP-0508111-173336 | Insecure tempfile creation |
| TEMP-0513611-D1D676 | glpi sql injection |
| TEMP-0514151-B17364 | samba: Account locking out doesnt work with an LDAP backend |
| TEMP-0515104-609AB4 | nautilus: potential exploits via application launchers |
| TEMP-0515106-13A33A | konqueror: potential exploits via application launchers |
| TEMP-0516669-D6C1BF | git-core in Debian has non-root-owned files under /usr |
| TEMP-0517018-A83CE6 | sysvinit: no-root option in expert installer exposes locally exploitable security flaw |
| TEMP-0517020-915121 | thunar: potential exploits via application launchers |
| TEMP-0521107-09A165 | unsafe xfs |
| TEMP-0523476-4CE9EF | pptp-linux: unrestrictive pptpsetup permissions |
| TEMP-0525820-07BBE3 | More file buffer overflows |
| TEMP-0526594-48E4C2 | moin: XSS in AttachFile.py via attachements |
| TEMP-0527476-471755 | prewkikka: pasword world-readable |
| TEMP-0528250-2E3658 | hex-a-hop: buffer overflow in loading save games |
| TEMP-0528434-FDFF92 | cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked |
| TEMP-0530245-C3F9D6 | udev: creates aacraid devices that are rw by group floppy |
| TEMP-0530430-B9B0E6 | mimedecode: potential dos/crash due to invalid input |
| TEMP-0531735-61C2C9 | OCS Inventory NG SQL Injection Vulnerability |
| TEMP-0532514-9137E0 | predictable random number generator used in web browsers |
| TEMP-0532740-DB1B64 | libdkim: signature parsing is not thread-safe |
| TEMP-0532990-F6E040 | ShowConfigTab unintentionally grants rights intended for SuperUsers |
| TEMP-0533670-BB9FF7 | pcsc-lite: creates world-writable directory |
| TEMP-0533673-74CBB6 | moin: heirarchical ACL vulnerability |
| TEMP-0535159-76AB98 | ser2net DoS |
| TEMP-0535881-957F77 | clamav scanner bypass with archives |
| TEMP-0535886-8B62DC | apache2: htaccess override |
| TEMP-0535946-7636B8 | libio-socket-ssl-perl: partial hostname matching vulnerability |
| TEMP-0537604-F35BD7 | insecure tmp file vulnerability in slim |
| TEMP-0539699-BC7A2B | xscreensaver: local screen lock bypassable via low resolution video devices |
| TEMP-0540606-8877D9 | php5: 'open_basedir' bypass |
| TEMP-0547140-24A459 | SA-CORE-2009-008 |
| TEMP-0548909-2413C6 | xen-tools: world readable disk image files |
| TEMP-0549871-4C71AC | kfreebsd: Devfs / VFS NULL pointer race condition |
| TEMP-0551907-963784 | mandos 0600 file being included in initrd |
| TEMP-0552518-ADA4BA | eglibc: ldd arbitrary code execution |
| TEMP-0555308-79E91C | xserver-xorg: inherits user's mask |
| TEMP-0555668-4795AD | elfsign uses cryptographically weak md5 hashes |
| TEMP-0560087-F084E6 | xpat2: save game permissions issue |
| TEMP-0560108-565B70 | browser-based css info disclosure |
| TEMP-0560895-39B4B0 | gnome-screensaver inhibitor not removed when connection is closed |
| TEMP-0566142-F12930 | sudosh3: many security weaknesses |
| TEMP-0566326-9A899F | sqlite: info leak |
| TEMP-0567175-3A30A9 | gmetad incorrect file permissions |
| TEMP-0568486-B6FCB6 | browser javascript document.write denial-of-service |
| TEMP-0568925-CB8E83 | esmtp: world-readable config file |
| TEMP-0569506-737DDE | irssi emote leak |
| TEMP-0569658-1D2B13 | multiple mod_security issues |
| TEMP-0570011-670DB5 | phpbb3 weak captcha |
| TEMP-0570713-FED4BB | ffmpeg potentially remaining vulnerabilities after DSA 2000 |
| TEMP-0571151-9735FD | multiple typo issues |
| TEMP-0578928-72FBC5 | gnome-orca: shell access without logon |
| TEMP-0579087-7F12A8 | prosody password world-readable |
| TEMP-0579136-23AF31 | webkit info disclosure/segfault |
| TEMP-0580120-33FF40 | mediatomb directory traversal |
| TEMP-0581058-CF1E8D | numpy memory corruption |
| TEMP-0582798-329FE7 | wicd changes permissions of resolv.conf |
| TEMP-0592115-F98F5C | signature verification issue |
| TEMP-0593829-E6A4BC | config file world readable |
| TEMP-0597382-058DA8 | mingetty directory traversal |
| TEMP-0601525-BEBB65 | libgd2: gdImageColorTransparent can write outside buffer |
| TEMP-0601585-D41D8C | |
| TEMP-0603436-5CA466 | pam_pgsql overflow |
| TEMP-0605160-28DAD2 | insecure python path handling |
| TEMP-0606657-A0D78A | wordpress: insufficient permissions verification on XMLRPC interface |
| TEMP-0607494-376E2E | XSS in ftpls |
| TEMP-0608822-E0260C | calibre XSS |
| TEMP-0608822-EF2F16 | calibre file disclosure |
| TEMP-0608979-E8B8DF | Crash with long HOME environment variable |
| TEMP-0608980-E8B8DF | Crash with long HOME environment variable |
| TEMP-0608981-E607B0 | Crash with long GGI_DISPLAY environment variable |
| TEMP-0609096-D41D8C | |
| TEMP-0609212-CA8607 | multiple spip issues |
| TEMP-0612034-33CBAD | aptitude tempfile |
| TEMP-0612668-CE1EF5 | evince segfault |
| TEMP-0613312-84D729 | kfreebsd dos |
| TEMP-0615118-2DDE11 | python2.6: distutils world-readable password |
| TEMP-0625868-9433A0 | fglrx-driver xauth cookie leak |
| TEMP-0627936-75D3F5 | unspecified security vulnerabilities |
| TEMP-0631437-206E95 | unspecified security vulnerabilities from 4.3.7 |
| TEMP-0632260-7A1354 | stardict: minor information disclosure |
| TEMP-0635836-4F6C5C | minissdpd multiple issues |
| TEMP-0646758-12F1BD | spip path disclosure |
| TEMP-0649113-5F7BC7 | spip privilege escalation |
| TEMP-0649113-869F0D | spip XSS |
| TEMP-0651931-477350 | bokken: insecure tempfile |
| TEMP-0654341-5A7001 | inkscape files unexpectedly read from /tmp |
| TEMP-0655496-A31522 | as31 insecure tempfile |
| TEMP-0661037-1A43A9 | sbuild privilege escalation |
| TEMP-0668082-83D2E0 | libpng electric fence crash |
| TEMP-0668087-2BC9BC | tiff electric fence crashes |
| TEMP-0672961-92221C | two XSS |
Home - Testing Security Team - Debian Security - Source (SVN)