HP-UX Ignite-UX TFTP Service Remote File Manipulation

The remote host has a vulnerable version of the HP Ignite-UX application installed that exposes a world-writeable directory to anonymous TFTP access. A remote attacker could exploit this to upload arbitrary files. This NASL script was written by Martin O'Neal of Corsaire http://www.corsaire.com T...

CVE-2004-2319

IBM Informix Dynamic Server (IDS) prior to 9.40.xC3 is affected. Two issues are described: (1) local users can create or overwrite files via the /001 log file to onedcu, and (2) local users can read arbitrary files via a symlink attack on a file in /tmp to onshowaudit. Root cause details are not ...

CVE-2004-2319

IBM Informix Dynamic Server IDS before 9.40.xC3 allows local users to 1 create or overwrite files via the /001 log file to onedcu or 2 read arbitrary files via a symlink attack on a file in /tmp to onshowaudit...

Debian DSA-752-1 : gzip - several vulnerabilities

Two problems have been discovered in gzip, the GNU compression utility. The Common Vulnerabilities and Exposures project identifies the following problems. - CAN-2005-0988 Imran Ghory discovered a race condition in the permissions setting code in gzip. When decompressing a file in a directory an...

CVE-2005-0360

The Microsoft Log Sink Class ActiveX control in pkmcore.dll is marked as "safe for scripting" for Internet Explorer, which allows remote attackers to create or append to arbitrary files...

CVE-2005-0360

The CVE-2005-0360 issue involves the Microsoft Log Sink Class ActiveX control in pkmcore.dll, which is marked as unsafe for scripting yet is labeled safe for scripting. The ActiveX control can create or append to arbitrary files on the local file system when exploited via Internet Explorer, enabl...

Microsoft Log Sink Class ActiveX control incorrectly marked "safe for scripting"

Overview The Microsoft Log Sink Class ActiveX control is incorrectly marked safe for scripting. This may allow a remote attacker to create or append to arbitrary files on a vulnerable system. Description ActiveXActiveX is a technology that allows programmers to create reusable software components...

RealPlayer / RealOne Player for Windows Multiple Vulnerabilities (2005-06-23)

According to its build number, the installed version of RealPlayer / RealOne Player for Windows has several vulnerabilities : - A malicious MP3 file can be used to overwrite an arbitrary file or execute an ActiveX control. - Using a specially crafted RealMedia file, an attacker may be able to cau...

GLSA-200505-17 : Qpopper: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200505-17 Qpopper: Multiple Vulnerabilities Jens Steube discovered that Qpopper doesn't drop privileges to process local files from normal users CAN-2005-1151. The upstream developers discovered that Qpopper can be forced to creat...

CVE-2005-1751

Race condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file, a different vulnerability than CVE-2005-1759...

CVE-2005-1491

CVE-2005-1491 affects Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2. The issue allows remote authenticated users to perform file operations: (1) move their home directory via viewaction.html and (2) move arbitrary files via the importaction.html importfile parameter. The root cause is a vul...

CVE-2005-0894

OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow local users to overwrite or delete arbitrary files via a symlink attack on 1 temporary files in the openmosixcollector directory or 2 nodes.tmp...

CVE-2005-0854

betaparticle blog bp blog, posisbly before version 4, allows remote attackers to bypass authentication and 1 upload files via a direct request to upload.asp or 2 delete files via a direct request to myFiles.asp...

Oracle 8i/9i Database Server UTL_FILE Traversal Arbitrary File Manipulation

According to its version number, the installation of Oracle on the remote host is reportedly subject to multiple directory traversal vulnerabilities that may allow a remote attacker to read, write, or rename arbitrary files with the privileges of the Oracle Database server. An authenticated user...

CVE-2005-0894

OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow local users to overwrite or delete arbitrary files via a symlink attack on 1 temporary files in the openmosixcollector directory or 2 nodes.tmp...

Linux Kernel <= 2.6.10 Local Denial of Service Exploit

Exploit for linux platform in category dos / poc ====================================================== Linux Kernel include include include include include include include include include include include define SIZE 0x80004242 syscall5int, llseek, uint, fd, ulong, hi, ulong, lo, lofft , res, uin...

BetaParticle blog 2.0/3.0 - &#039;myFiles.asp&#039; File Manipulation

source: https://www.securityfocus.com/bid/12861/info betaparticle blog is reported prone to multiple vulnerabilities. The following individual issues are reported: It is reported that betaparticle blog fails to sufficiently secure the authentication credential database. A remote attacker may...

CVE-2005-0099

The SDL port of abuse abuse-SDL before 2.00 does not properly drop privileges before creating certain files, which allows local users to create or overwrite arbitrary files...

CVE-2005-0099

The CVE relates to the SDL port of abuse (abuse-SDL) prior to version 2.00, where privileges were not dropped before creating certain files. This allows local users to create or overwrite arbitrary files. Debian and SUSE advisories confirm the issue as CAN-2005-0099 with a local-priority impact; ...

Oracle Database 8i/9i - Multiple Directory Traversal Vulnerabilities

source: https://www.securityfocus.com/bid/12749/info Oracle Database server is reported prone to multiple directory traversal vulnerabilities that may allow a remote attacker to read, write, or rename arbitrary files with the privileges of the Oracle Database server. The issues are reported to...