FlexCell Grid Control ActiveX Arbitrary File Overwrite Vulnerability

FlexCell Grid Control ActiveX is prone to an arbitrary file overwrite vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2008-5138

passwdehd in libpam-mount 0.43 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/passwdehd. temporary file...

CVE-2008-5144

nvidia-cg-toolkit-installer in nvidia-cg-toolkit 2.0.0015 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvidia-cg-toolkit-manifest temporary file...

Exodus 0.10 - URI Handler Arbitrary Parameter Injection (1)

Exodus 0.10 - URI Handler Arbitrary Parameter Injection 1 -------------------------------------------------------------------------------- Exodus v0.10 uri handler arbitrary parameter injection by Nine:Situations:Group::strawdog tested against IE8b/xpsp3 may not work against non-English systems...

Chilkat Crypt ActiveX Control 'ChilkatCrypt2.dll' File Overwrite Vulnerability

Chilkat Crypt is prone to an ActiveX Control based arbitrary file overwrite vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2008-4988

pscal in xcal 4.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/pscal temporary file...

CVE-2008-4982

rkhunter in rkhunter 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rkhunter-debug temporary file. NOTE: this is probably a different vulnerability than CVE-2005-1270...

DEBIAN-CVE-2008-4972

mailgo in mgt 2.31 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mailgo temporary file...

CVE-2008-4968

The CVE-2008-4968 entry concerns lmbench (version 3.0-a7) where the rccs and STUFF scripts insecurely handle /tmp/sdiff.##### temporary files, enabling local attackers to perform symlink attacks and overwrite arbitrary files with the invoking user’s privileges. Documentation consistently cites lo...

CVE-2008-4943

bulmages-servers 0.11.1 allows local users to overwrite arbitrary files via a symlink attack on the a /tmp/error.txt, b /tmp/errores.txt, and possibly other temporary files, related to the 1 creabulmafact, 2 creabulmacont, and possibly 3 actualizabulmacont, 4 installbulmages-db, and 5...

Code injection

apertium 3.0.7 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.lex.cc, b /tmp/.deformat.l, c /tmp/.reformat.l, d /tmp/docxorig, e /tmp/docxsalida.zip, f /tmp/xlsxembed, g /tmp/xlsxorig, and h /tmp/xslxsalida.zip temporary files, related to the 1...

Design/Logic Flaw

aegis 4.24 and aegis-web 4.24 allow local users to overwrite arbitrary files via a symlink attack on a /tmp/, b /tmp/.intro, c /tmp/aegis..ae, d /tmp/aegis., e /tmp/aegis..1, f /tmp/aegis..2, g /tmp/aegis..log, and h /tmp/aegis..out temporary files, related to the 1 bngdvlpd.sh, 2 bngrvwd.sh, 3...

Remote code execution

webmail/modules/filesystem/edit.php in U-Mail Webmail server 4.91 allows remote attackers to overwrite arbitrary files via an absolute pathname in the path parameter and arbitrary content in the content parameter. NOTE: this can be leveraged for code execution by writing to a file under the web...

PT-2008-6109 · Aview +1 · Aview +1

Name of the Vulnerable Software and Affected Versions: aview version 1.3.0 Description: The issue allows local users to overwrite arbitrary files via a symlink attack on a /tmp/aview.pgm temporary file created by asciiview in aview. Recommendations: For aview version 1.3.0, consider restricting...

CVE-2008-4908

maps/Info/combine.pl in CrossFire crossfire-maps 1.11.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file...

MW6 Technologies Barcode ActiveX 'Barcode.dll' ActiveX控件任意文件覆盖漏洞

BUGTRAQ ID: 31979 CNCAN ID：CNCAN-2008103003 MW6 Barcode ActiveX是一款条形码生成控件。 MW6 Barcode ActiveX 'Barcode.dll'存在设计问题，远程攻击者可以利用漏洞以应用程序权限覆盖系统文件。 控件对SaveAsBMP和SaveAsWMF方法处理存在问题，构建恶意WEB页，诱使用户访问，可导致以应用程序权限覆盖系统文件。 MW6 Technologies Barcode ActiveX 3.0.0.1 目前没有详细解决方案提供： http://www.mw6tech.com/products.html...

CVE-2008-4639

jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file...

CVE-2008-4583

Insecure method vulnerability in the Chilkat FTP 2.0 ActiveX component ChilkatCert.dll allows remote attackers to overwrite arbitrary files via a full pathname in the SavePkcs8File method...

ASG-Sentry File Check Utility /snmx-cgi/fcheck.exe Arbitrary File Overwrite

The File Check Utility fcheck.exe included with the version of ASG-Sentry installed on the remote host fails to sanitize input before creating index files with filenames and checksums. An unauthenticated remote attacker can leverage this issue to overwrite existing files with either no data or a...

GdPicture Multiple ActiveX Control SaveAsPDF Method Arbitrary File Overwrite

The remote host contains the GdPicturePro5S.Imaging or GdPicture4S.Imaging ActiveX control, which is used to manipulate images in a variety of formats. The version of the control installed on the remote host reportedly fails to validate input to the 'sFilePath' argument of the 'SaveAsPDF' method...