1647 matches found
SUSE CVE-2006-0582
Unspecified vulnerability in rshd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2, when storing forwarded credentials, allows attackers to overwrite arbitrary files and change file ownership via unknown vectors...
SUSE CVE-2007-0159
Directory traversal vulnerability in the GeoIPupdatedatabasegeneral function in libGeoIP/GeoIPUpdate.c in GeoIP 1.4.0 allows remote malicious update servers possibly only update.maxmind.com to overwrite arbitrary files via a .. dot dot in the database filename, which is returned by a request to...
SUSE CVE-2007-0898
Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. dot dot in the id MIME header parameter in a multi-part message...
SUSE CVE-2007-1799
Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.3 only checks for the ".." string, which allows remote attackers to overwrite arbitrary files via modified ".." sequences in a torrent filename, as demonstrated by "../" sequences, due to an incomplete fix for CVE-2007-1384...
SUSE CVE-2007-2519
Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in the 1 install-as attribute in the file element in package.xml 1.0 or the 2 as attribute in the install element in package.xm...
SUSE CVE-2007-4134
Directory traversal vulnerability in extract.c in star before 1.5a84 allows user-assisted remote attackers to overwrite arbitrary files via certain //.. slash slash dot dot sequences in directory symlinks in a TAR archive...
SUSE CVE-2008-5137
tkman in tkman 2.2 allows local users to overwrite arbitrary files via a symlink attack on a 1 /tmp/tkman or 2 /tmp/ll temporary file...
SUSE CVE-2009-0035
alsa-utils 1.0.19 and later versions allows local users to overwrite arbitrary files via a symlink attack via the /usr/bin/alsa-info and /usr/bin/alsa-info.sh scripts...
SUSE CVE-2009-5044
contrib/pdfmark/pdfroff.sh in GNU troff aka groff before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf.tmp temporary file...
SUSE CVE-2010-1511
KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file...
SUSE CVE-2011-1837
The lock-counter implementation in utils/mount.ecryptfsprivate.c in ecryptfs-utils before 90 allows local users to overwrite arbitrary files via unspecified vectors...
SUSE CVE-2011-3171
Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and possibly other operating systems, when the Netware OES remote server feature is enabled, allows local users to overwrite arbitrary files via unknown vectors...
SUSE CVE-2011-3602
Directory traversal vulnerability in device-linux.c in the router advertisement daemon radvd before 1.8.2 allows local users to overwrite arbitrary files, and remote attackers to overwrite certain files, via a .. dot dot in an interface name. NOTE: this can be leveraged with a symlink to overwrit...
SUSE CVE-2012-2103
The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names...
SUSE CVE-2013-1866
OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerability...
SUSE CVE-2017-1000420
Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite...
SUSE CVE-2018-7442
An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite...
SUSE CVE-2019-7283
An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server or Man-in-The-Middle attacker can overwrite...
SUSE CVE-2019-13173
fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter function is...
SUSE CVE-2019-16777
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of...