Race condition in sandbox before 1.2.11 allows local users to create or overwrite arbitrary files via symlink attack on sandboxpids.tmp.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sandbox | sandbox | 1.2.5 |
| sandbox | sandbox | 1.2.1 |
| sandbox | sandbox | 1.2.2 |
| sandbox | sandbox | 1.2.5_r2 |
| sandbox | sandbox | 1.2 |
| sandbox | sandbox | 1.2.4 |
| sandbox | sandbox | 1.2.5_r1 |
| sandbox | sandbox | 1.2.9 |
| sandbox | sandbox | 1.2.10 |
| sandbox | sandbox | 1.2.7 |
| sandbox | sandbox | 1.2.1_r3 |
| sandbox | sandbox | 1.2.3 |
| sandbox | sandbox | 1.2.8 |
| sandbox | sandbox | 1.2.6 |
PHP remote file inclusion vulnerability in lib/jpgraph/jpgraph_errhandler.inc.php in Sandbox 1.4.1 might allow remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: the issue, if any, may be located in Aditus JpGraph rather than Sandbox. If so, then this should not be treated as an issue in Sandbox.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sandbox | sandbox | 1.4.1 |