CVE-2005-1759

Race condition in shtool 2.0.1 and earlier allows local users to modify or create arbitrary files via a symlink attack on temporary files after they have been created, a different vulnerability than CVE-2005-1751...

CVE-2005-1751

CVE-2005-1751 describes a local race-condition in shtool 2.0.1 and earlier where a symlink attack on the .shtool.$$ temp file lets a local user create or modify arbitrary files. This is associated with PHP-supplied shtool in multiple advisories (e.g., Gentoo/OpenVAS entries and Debian/CentOS noti...

CVE-2005-0106

SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file for entropy if a source is not set in the EGDPATH variable, which allows local users to reduce the cryptographic strength of certain operations by modifying the file...

CVE-2005-0329

Directory traversal vulnerability in ZipGenius 5.5 and earlier allows remote attackers to create and possibly modify arbitrary files via a ZIP file with a file whose name includes .. dot dot sequences...

CVE-2005-0576

Unknown vulnerability in Standard Type Services Framework STSF Font Server Daemon stfontserverd in Solaris 9 allows local users to modify or delete arbitrary files...

DSA-712-1 geneweb - insecure file operations

Bulletin has no description...

CVE-2005-0063

The CVE-2005-0063 issue stems from Windows Shell/MSHTA handling of file associations. A remote code execution vulnerability exists when a user opens a specially crafted OLE2 document (e.g., Word) whose CLSID is manipulated to invoke HTML Application Host (MSHTA) to process the file. Exploitation ...

CVE-2003-1124

Unknown vulnerability in Sun Management Center SunMC 2.1.1, 3.0, and 3.0 Revenue Release RR, when installed and run by root, allows local users to create or modify arbitrary files...

CVE-2005-0576

CVE-2005-0576 concerns Solaris 9, specifically the Standard Type Services Framework (STSF) Font Server Daemon (stfontserverd). The vulnerability is described as unknown but allows local users to modify or delete arbitrary files. The available references indicate advisories and vendor notes, but n...

CVE-2005-0329

Directory traversal vulnerability in ZipGenius 5.5 and earlier allows remote attackers to create and possibly modify arbitrary files via a ZIP file with a file whose name includes .. dot dot sequences...

CVE-2004-2698

Race condition in IMWheel 1.0.0pre11 and earlier, when running with the -k option, allows local users to cause a denial of service IMWheel crash and possibly modify arbitrary files via a symlink attack on the imwheel.pid file...

CVE-2004-2125

Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and other versions before 3.6.ccb, with application protection off, allows local users to gain system privileges by modifying the .INI file to contain a long packetLog.fileprefix value...

CVE-2004-2426

Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. dot dot in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying...

Debian DSA-062-1 : rxvt - buffer overflow

Samuel Dralet reported on bugtraq that version 2.6.2 of rxvt a VT102 terminal emulator for X have a buffer overflow in thettprintf function. A local user could abuse this making rxvt print a special string using that function, for example by using the -T or -name command-line options. That string...

CVE-2004-0828

The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and 5.3 does not properly drop privileges before executing the -f option, which allows local users to modify or create arbitrary files...

CVE-2004-0828

The CVE-2004-0828 issue affects the ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and 5.3. The vulnerability occurs because ctstrtcasd does not properly drop privileges before executing the -f option, enabling local users to modify or create arbitrary files with root privileges. A...

CVE-2003-1049

IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS directories with insecure permissions 777, which allows local users to modify or delete certain DB2 files...

CAU-2004-0002 - imwheel Predictable PidFile Name Race Condition

/ / | | | | ----====/ // / | || |====---- | | | || | | | | | | | | | | | | | ------====== / /| || || || |======------ / || || / Computer Academic Underground http://www.caughq.org Security Advisory ===============/======================================================== Advisory ID: CAU-2004-0002...

CVE-2004-0698

4D WebSTAR (FTP/Server) is affected: versions up to 5.3.2 and earlier contain a local symbolic link vulnerability caused by opening files without properly verifying their existence or absolute location. This design issue can let a local attacker write to arbitrary files with the application’s per...

Microsoft Internet Explorer 5 Firefox 0.8 OmniWeb 4.x - URI Protocol Handler Arbitrary File CreationModification

Microsoft Internet Explorer 5 Firefox 0.8 OmniWeb 4.x - URI Protocol Handler Arbitrary File CreationModification source: https://www.securityfocus.com/bid/10336/info A vulnerability has been identified in multiple products from multiple vendors that may allow a remote attacker to create or modify...