DSA-426 netpbm-free - insecure temporary files

Bulletin has no description...

CVE-2004-0064

The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows local users to overwrite arbitrary files via a symlink attack on files within the tmp.SuSEconfig.gnome-filesystem.$RANDOM temporary directory...

CVE-2004-0059

Directory traversal vulnerability in upload capability of WWW File Share Pro 2.42 and earlier allows remote attackers to overwrite arbitrary files via .. dot dot sequences in the filename parameter of a Content-Disposition: header...

SuSE linux 9.0 YaST config Skribt Local Exploit

Exploit for linux platform in category local exploits =============================================== SuSE linux 9.0 YaST config Skribt Local Exploit =============================================== include include include define PATH "/tmp/tmp.SuSEconfig.gnome-filesystem." define START 1 define E...

wwwfilesharepro.txt

Luigi Auriemma Application: WWW File Share Pro http://www.wfshome.com Versions: From the vendor's website: "WWW File Share Pro is a small HTTP server that can help you share files with your friends. They can download files from your computer or upload files from theirs. Simply specify a directory...

SuSE Linux 9.0 - YaST Configuration Skribt Overwrite Files

SuSE Linux 9.0 - YaST Configuration Skribt Overwrite Files include include include define PATH "/tmp/tmp.SuSEconfig.gnome-filesystem." define START 1 define END 33000 int mainint argc, char argv int i; char buf150; printf"\tSuSE 9.0 YaST script SuSEconfig.gnome-filesystem exploit\n";...

lionmax software www file share pro 2.4x - Multiple Vulnerabilities (2)

lionmax software www file share pro 2.4x - Multiple Vulnerabilities 2 // source: https://www.securityfocus.com/bid/9425/info WWW File Share Pro has been reported prone to multiple remote vulnerabilities. The first reported issue is that a remote attacker may employ the "upload" functionality of t...

lionmax software www file share pro 2.4x - Multiple Vulnerabilities (2)

// source: https://www.securityfocus.com/bid/9425/info WWW File Share Pro has been reported prone to multiple remote vulnerabilities. The first reported issue is that a remote attacker may employ the "upload" functionality of the vulnerable software to overwrite arbitrary files that are writable ...

susegnome.txt

Author: l0om Date: 12.01.2004 page: www.excluded.org SuSE 9.0 - YaST script SuSEconfig.gnome-filesystem There is a symlink problem in the SuSEconfig.gnome-filesystem scribt. a normal user can creat and overwrite every file on the system. This script gets executed after a configuration change by t...

lionmax software www file share pro 2.4x - Multiple Vulnerabilities (1)

lionmax software www file share pro 2.4x - Multiple Vulnerabilities 1 // source: https://www.securityfocus.com/bid/9425/info WWW File Share Pro has been reported prone to multiple remote vulnerabilities. The first reported issue is that a remote attacker may employ the "upload" functionality of t...

lionmax software www file share pro 2.4x - Multiple Vulnerabilities (1)

// source: https://www.securityfocus.com/bid/9425/info WWW File Share Pro has been reported prone to multiple remote vulnerabilities. The first reported issue is that a remote attacker may employ the "upload" functionality of the vulnerable software to overwrite arbitrary files that are writable ...

CVE-2003-1279

S-PLUS 6.0 allows local users to overwrite arbitrary files and possibly elevate privileges via a symlink attack on 1 /tmp/F8499 by Sqpe, 2 /tmp/PRINT.$$.out by PRINT, 3 /tmp/SUBST$PID.TXT and /tmp/ed.cmds$PID by mustfix.hlinks, 4 /tmp/file.1 and /tmp/file.2 by sasget, 5 /tmp/file.1 by sasvars, an...

CVE-2003-1156

Java Runtime Environment JRE and Software Development Kit SDK 1.4.2 through 1.4.202 allows local users to overwrite arbitrary files via a symlink attack on 1 unpack.log, as created by the unpack program, or 2 .mailcap1 and .mime.types1, as created by the RPM program...

CVE-2003-1294

Xscreensaver before 4.15 creates temporary files insecurely in 1 driver/passwd-kerberos.c, 2 driver/xscreensaver-getimage-video, 3 driver/xscreensaver.kss.in, and the 4 vidwhacker and 5 webcollage screensavers, which allows local users to overwrite arbitrary files via a symlink attack...

CVE-2003-0885

Xscreensaver 4.14 contains certain debugging code that should have been omitted, which causes Xscreensaver to create temporary files insecurely in the 1 apple2, 2 xanalogtv, and 3 pong screensavers, and allows local users to overwrite arbitrary files via a symlink attack...

CVE-2003-1528

nsrshutdown in Fujitsu Siemens NetWorker 6.0 allows local users to overwrite arbitrary files via a symlink attack on the nsrshPID temporary file...

CVE-2003-1280

Directory traversal vulnerability in cgihtml 1.69 allows remote attackers to overwrite and create arbitrary files via a .. dot dot in multipart/form-data uploads...

CVE-2003-0872

Certain scripts in OpenServer before 5.0.6 allow local users to overwrite files and conduct other unauthorized activities via a symlink attack on temporary files...

CVE-2003-0898

IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, allows local users to overwrite arbitrary files and gain privileges via a symlink attack on 1 db2job and 2 db2job2...

CVE-2003-0846

SuSEconfig.javarunt in the javarunt package on SuSE Linux 7.3Pro allows local users to overwrite arbitrary files via a symlink attack on the .javawrapper temporary file...