Sun Solaris tcsh(1) contains vulnerability in the built-in ls-F command

Overview Sun Solaris tcsh1 contains a vulnerability in the built-in ls-F command that could allow an unprivileged user to create or remove files or gain privileges of another user. Description A vulnerability in the built-in ls-F command of the Sun Solaris tcsh1 may allow an intruder to create or...

CVE-2001-1409

Vulnerability CVE-2001-1409 affects XFree86 Xserver 4.1.0-2 where dexconf creates /dev/dri with insecure permissions (666). This allows local users to replace or create files on the root filesystem. Red Hat advisories RHSA-2003:064/065/067 reference updated XFree86 packages and fixes; the issue i...

CVE-2002-1518

mv in IRIX 6.5 creates a directory with world-writable permissions while moving a directory, which could allow local users to modify files and directories...

CVE-2001-1301

Technical details about CVE-2001-1301 are not publicly provided in the connected documents. The supplied materials only reiterate the generic symlink-attack description; monitor for updates.

CVE-2001-1301

rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file...

Pages Pro filenote Parameter Traversal Arbitrary File Modification

A security vulnerability in the 'Pages Pro' allows anybody to read or modify files that would otherwise be inaccessible using a directory traversal attack. An attacker may use this to read or write sensitive files or even make a phone call. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

CVE-2002-2407

Certain patches for QNX Neutrino realtime operating system RTOS 6.2.0 set insecure permissions for the files 1 /sbin/io-audio by OS Update Patch A, 2 /bin/shutdown, 3 /sbin/fs-pkg, and 4 phshutdown by QNX experimental patches, 5 cpim, 6 vpim, 7 phrelaycfg, and 8 columns, 9 othello, 10 peg, 11...

CVE-2002-1694

Microsoft Internet Information Server IIS 4.0 opens log files with FILESHAREREAD and FILESHAREWRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running...

CVE-2002-1836

The default configuration of Xerox DocuTech 6110 and DocuTech 6115 exports certain NFS shares to the world with world writable permissions, which may allow remote attackers to modify sensitive files...

CVE-2002-1924

PowerChute plus 5.0.2 creates a "Pwrchute" directory during installation that is shared and world writeable, which could allow remote attackers to modify or create files in that directory...

CVE-2002-0934

Directory traversal vulnerability in Jon Hedley AlienForm2 typically installed as af.cgi or alienform.cgi allows remote attackers to read or modify arbitrary files via an illegal character in the middle of a .. dot dot sequence in the parameters 1 browserout or 2 outfile...

OpenVms 5.36.27.x - UCX POP Server Arbitrary File Modification

OpenVms 5.36.27.x - UCX POP Server Arbitrary File Modification source: https://www.securityfocus.com/bid/5790/info An issue with the UCX POP Post Office Protocol server used by OpenVMS has been reported. It is possible for a malicous local user to overwrite arbitrary files on the filesystem by...

OpenVms 5.3/6.2/7.x - UCX POP Server Arbitrary File Modification

source: https://www.securityfocus.com/bid/5790/info An issue with the UCX POP Post Office Protocol server used by OpenVMS has been reported. It is possible for a malicous local user to overwrite arbitrary files on the filesystem by exploiting a vulnerability in the UCX POP server. $ $ breakit :==...

CVE-2002-0934

Directory traversal vulnerability in Jon Hedley AlienForm2 typically installed as af.cgi or alienform.cgi allows remote attackers to read or modify arbitrary files via an illegal character in the middle of a .. dot dot sequence in the parameters 1 browserout or 2 outfile...

CVE-2002-0762

shadow package in SuSE 8.0 allows local users to destroy the /etc/passwd and /etc/shadow files or assign extra group privileges to some users by changing filesize limits before calling programs that modify the files...

Moderate: Red Hat Security Advisory: util-linux security update

The util-linux package shipped with Red Hat Linux Advanced Server contains a locally exploitable vulnerability. The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. The 'chfn' utility included in this package allows users...

CVE-2002-0764

Phorum 3.3.2a allows remote attackers to execute arbitrary commands via an HTTP request to 1 plugin.php, 2 admin.php, or 3 del.php that modifies the PHORUMsettingsdir variable to point to a directory that contains a PHP file with the commands...

CVE-2001-0890

The CVE-2001-0890 entry describes a vulnerability in backend drivers of the SANE library (1.0.3 and earlier), used by frontend tools such as XSane, where a local user can modify files via a symlink attack on temporary files. The root cause is a symlink-related flaw in temporary file handling with...

CVE-2001-0890

Certain backend drivers in the SANE library 1.0.3 and earlier, as used in frontend software such as XSane, allows local users to modify files via a symlink attack on temporary files...

CVE-2001-0887

xSANE 0.81 and earlier allows local users to modify files of other xSANE users via a symlink attack on temporary files...