CVE-2001-0887

CVE-2001-0887 affects xSANE 0.81 and earlier. The vulnerability allows local users to modify files of other xSANE users via a symlink attack on temporary files. The provided documents describe the issue but do not specify a remediation or fixed version; exploitation details are not included.

CVE-2002-0334

xtell xtelld 1.91.1 and earlier, and 2.x before 2.7, allows local users to modify files via a symlink attack on the .xtell-log file...

CVE-2001-0946

apmscript in Apmd in Red Hat 7.2 "Enigma" allows local users to create or change the modification dates of arbitrary files via a symlink attack on the LOWPOWER temporary file, which could be used to cause a denial of service, e.g. by creating /etc/nologin and disabling logins...

CVE-2002-0465

Hosting Controller 1.4.1 and earlier are affected by CVE-2002-0465. A directory traversal flaw in filemanager.asp allows remote attackers to read/modify arbitrary files and execute commands via an open path parameter containing .. (dot dot). The issue is identified in the NVD/CVE records for this...

CVE-2002-0278

Directory traversal vulnerability in Add2it Mailman Free 1.73 and earlier allows remote attackers to modify arbitrary files via a .. dot dot in the list parameter...

QNX RTOS 4.25 - dumper Arbitrary File Modification

QNX RTOS 4.25 - dumper Arbitrary File Modification source: https://www.securityfocus.com/bid/4904/info When creating memory dump files, the QNX RTOS debugging utility 'dumper' follows symbolic links. It also sets ownership of the file to the userid of the terminated process. It is possible for...

QNX RTOS 4.25 - monitor Arbitrary File Modification

QNX RTOS 4.25 - monitor Arbitrary File Modification source: https://www.securityfocus.com/bid/4902/info The QNX RTOS monitor utility is prone to an issue which may allow local attackers to modify arbitrary system files such as /etc/passwd. monitor is installed setuid root by default. The monitor ...

QNX RTOS 4.25 - dumper Arbitrary File Modification

source: https://www.securityfocus.com/bid/4904/info When creating memory dump files, the QNX RTOS debugging utility 'dumper' follows symbolic links. It also sets ownership of the file to the userid of the terminated process. It is possible for malicious local attackers to exploit this vulnerabili...

QNX RTOS 4.25 - monitor Arbitrary File Modification

source: https://www.securityfocus.com/bid/4902/info The QNX RTOS monitor utility is prone to an issue which may allow local attackers to modify arbitrary system files such as /etc/passwd. monitor is installed setuid root by default. The monitor -f command line option may be used by a local attack...

CGIScript.net - 'csPassword.cgi' 1.0 HTAccess File Modification

source: https://www.securityfocus.com/bid/4888/info CGIScript.net provides various webmaster related tools and is maintained by Mike Barone and Andy Angrick. A vulnerability has been reported in the csPassword.cgi script developed by CGIScript.net. It is possible for an authenticated user to add...

CVE-2002-0271

Runtime library in GNU Ada compiler GNAT 3.12p through 3.14p allows local users to modify files of other users via a symlink attack on temporary files...

CVE-2002-0248

wmtv 0.6.5 and earlier allows local users to modify arbitrary files via a symlink attack on a configuration file...

CVE-2002-0225

tacplus Tacacs+ daemon F4.0.4.alpha, originally maintained by Cisco, creates files from the accounting directive with world-readable and writable permissions, which allows local users to access and modify sensitive files...

CVE-2002-0248

wmtv 0.6.5 and earlier allows local users to modify arbitrary files via a symlink attack on a configuration file...

CVE-2002-0271

Runtime library in GNU Ada compiler GNAT 3.12p through 3.14p allows local users to modify files of other users via a symlink attack on temporary files...

CVE-2002-0278

Directory traversal vulnerability in Add2it Mailman Free 1.73 and earlier allows remote attackers to modify arbitrary files via a .. dot dot in the list parameter...

[RHSA-2002:070-06] Updated mod_python packages available

--------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: Updated modpython packages available Advisory ID: RHSA-2002:070-06 Issue date: 2002-04-22 Updated on: 2002-05-02 Product: Red Hat Linux Keywords: modpython publisher imported...

CVE-2002-0145

chuid 1.2 and earlier does not properly verify the ownership of files that will be changed, which allows remote attackers to change files owned by other users, such as root...

CVE-2000-0551

The file transfer mechanism in Danware NetOp 6.0 does not provide authentication, which allows remote attackers to access and modify arbitrary files...

CVE-1999-1090

The default configuration of NCSA Telnet package for Macintosh and PC enables FTP, even though it does not include an "ftp=yes" line, which allows remote attackers to read and modify arbitrary files...