Sherzod Ruzmetov Cgi Session : Security vulnerabilities, CVEs

Copy

CVE-2006-1280

CGI::Session 4.03-1 does not set proper permissions on temporary files created in (1) Driver::File and (2) Driver::db_file, which allows local users to obtain privileged information, such as session keys, by viewing the files.

Max CVSS

7.5

EPSS Score

0.43%

Published

2006-03-19

Updated

2017-07-20

CVE-2006-1279

CGI::Session 4.03-1 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by (1) Driver::File, (2) Driver::db_file, and possibly (3) Driver::sqlite.

Max CVSS

5.0

EPSS Score

0.17%

Published

2006-03-19

Updated

2017-07-20

2 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!