DEBIAN-CVE-2004-0564

Roaring Penguin pppoe rp-ppoe, if installed or configured to run setuid root contrary to its design, allows local users to overwrite arbitrary files. NOTE: the developer has publicly disputed the claim that this is a vulnerability because pppoe "is NOT designed to run setuid-root." Therefore this...

CVE-2004-0279

AIM Sniff aimSniff.pl 0.9b allows local users to overwrite arbitrary files via a symlink attack on /tmp/AS.log...

CVE-2004-0916

Directory traversal vulnerability in cabextract before 1.1 allows remote attackers to overwrite arbitrary files via a cabinet file containing .. dot dot sequences in a filename...

Cscope 13.015.x - Insecure Temporary File Creation (2)

Cscope 13.015.x - Insecure Temporary File Creation 2 // source: https://www.securityfocus.com/bid/11697/info Cscope creates temporary files in an insecure way. A design error causes the application to fail to verify the presence of a file before writing to it. During execution, the utility...

Cscope 13.0/15.x - Insecure Temporary File Creation (2)

// source: https://www.securityfocus.com/bid/11697/info Cscope creates temporary files in an insecure way. A design error causes the application to fail to verify the presence of a file before writing to it. During execution, the utility reportedly creates temporary files in the system's temporar...

Cscope 13.0/15.x - Insecure Temporary File Creation (1)

source: https://www.securityfocus.com/bid/11697/info Cscope creates temporary files in an insecure way. A design error causes the application to fail to verify the presence of a file before writing to it. During execution, the utility reportedly creates temporary files in the system's temporary...

DSA-577-1 postgresql - symlink vulnerability

Bulletin has no description...

unarj -- directory traversal vulnerability

unarj has insufficient checks for filenames that contain ... This can allow an attacker to overwrite arbitrary files with the permissions of the user running unarj...

Mozilla Multiple Products XPInstall Arbitrary File Overwrite

The remote host is using Mozilla and/or Firefox, an alternative web browser. The version of this software is prone to an improper file permission setting. This flaw only exists if the browser is installed by the Mozilla Foundation package management, therefore, this alert might be a false positiv...

CubeCart index.php cat_id Parameter SQL Injection

There is a SQL injection issue in the remote version of CubeCart that could allow an attacker to execute arbitrary SQL statements on the remote host and to potentially overwrite arbitrary files on the remote system, by sending a malformed value to the 'catid' argument of the file 'index.php'...

PHP File Upload Vulnerability POC

PHP File Upload Vulnerability POC Title: Overwrite $FILE array in rfc1867 - Mime multipart/form-data File Upload Author: Stefano Di Paola Affected: Php = 5.0.1 Not Affected: Maybe some old Version of Php before 4.2.x Vulnerability Type: Possible write of a downloaded file in an arbitrary location...

Debian DSA-019-1 : squid - insecure tempfile handling

WireX discovered a potential temporary file race condition in the way that squid sends out email messages notifying the administrator about updating the program. This could lead to arbitrary files to get overwritten. However the code would only be executed if running a very bleeding edge release ...

Debian DSA-366-1 : eroaster - insecure temporary file

eroaster, a frontend for burning CD-R media using cdrecord, does not take appropriate security precautions when creating a temporary file for use as a lockfile. This bug could potentially be exploited to overwrite arbitrary files with the privileges of the user running eroaster. %NASLMINLEVEL 703...

Debian DSA-053-1 : nedit - insecure temporary file

The nedit Nirvana editor package as shipped in the non-free section accompanying Debian GNU/Linux 2.2/potato had a bug in its printing code: when printing text it would create a temporary file with the to be printed text and pass that on to the print system. The temporary file was not created...

CVE-2004-0559

The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory...

[VulnWatch] Php Vulnerability N. 2

Let's go for the second one: ========================================= Title: Overwrite $FILE array in rfc1867 - Mime multipart/form-data File Upload Affected: Php = 5.0.1 Not Affected: it seems none Vulnerability Type: Possible write of a downloaded file in an arbitrary location. Vendor Status:...

CVE-2004-0851

The 1 writelist and 2 dumpcurrlist functions in Net-Acct before 0.71 allows local users to overwrite arbitrary files via a symlink attack on temporary files...

CVE-2004-0851

The 1 writelist and 2 dumpcurrlist functions in Net-Acct before 0.71 allows local users to overwrite arbitrary files via a symlink attack on temporary files...

CVE-2003-0022

The "screen dump" feature in rxvt 2.7.8 allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, e.g. when the user views a file containing the malicious sequence...

CVE-2004-0108

The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107...