Sun Management Center (SunMC) allows user to create or overwrite arbitrary files

Overview The Sun Management Center SunMC contains a vulnerability that could allow an attacker to create or overwrite any file on the system. Description An unknown vulnerability exists in the Sun Management Center SunMC, according to a Sun Alert Notification. According to that document,...

[SECURITY] [DSA-323-1] New noweb packages fix insecure temporary file creation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 323-1 [email protected] http://www.debian.org/security/ Matt Zimmerman June 16th, 2003 http://www.debian.org/security/faq -...

CVE-2003-0379

CVE-2003-0379 concerns Apple File Service (AFP Server) on Mac OS X Server. When sharing files on a UFS or re‑shared NFS volume, remote attackers could overwrite arbitrary files. The description and public records (NVD) indicate a remote, unauthenticated access vector with low attack complexity, r...

DEBIAN-CVE-2003-0282

Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . dot characters, which are filtered and result in a ".." sequence...

CVE-2003-0282

Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . dot characters, which are filtered and result in a ".." sequence...

DSA-323 noweb - insecure temporary files

Bulletin has no description...

CVE-2003-0367

znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files...

CVE-2003-0282

CVE-2003-0282 affects UnZip 5.50 and earlier and is a directory traversal vulnerability where invalid characters placed between two '.' characters are filtered to produce a '..' sequence, allowing overwriting of arbitrary files during archive extraction. Public references in multiple advisories (...

CVE-2003-0282

Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . dot characters, which are filtered and result in a ".." sequence...

PHP Topsites counter.php count_log_file Parameter Arbitrary File Overwrite

The remote host has the cgi 'counter.php' installed. This CGI contains a flaw that can be abused by an attacker to overwrite arbitrary files on the system with the privileges of the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref:...

CVE-2003-0136

psbanner in the LPRng package allows local users to overwrite arbitrary files via a symbolic link attack on the /tmp/before file...

CVE-2003-0136

psbanner in the LPRng package allows local users to overwrite arbitrary files via a symbolic link attack on the /tmp/before file...

CVE-2003-0221

The 1 dupatch and 2 setld utilities in HP Tru64 UNIX 5.1B PK1 and earlier allows local users to overwrite files and possibly gain root privileges via a symlink attack...

AN HTTPd count.pl Traversal Arbitrary File Overwrite (deprecated)

The remote web server is running a CGI called 'count.pl' which is affected by an directory traversal vulnerability. An attacker could exploit this in order to overwrite any existing file on the remote server, with the privileges of the httpd server. This plugin has been deprecated as it resulted ...

AN HTTPd Sample Script File Truncation

Product Description AN HTTPd is a relatively small, powerful web server designed for Windows systems. It supports ISAPI, CGI, SSI, and several other powerful technologies such as isolated worker processes usually only seen in production servers. More information on AN HTTPd is available at...

AN HTTPD 1.x - Count.pl Directory Traversal

source: https://www.securityfocus.com/bid/7397/info AN HTTPd contains a sample script named count.pl that may be used as a web counter. This script does not perform adequate access validation on paths containing directory traversal ../ character seqences. The vulnerable script may be used to...

ANHTTPd.txt

Product Description AN HTTPd is a relatively small, powerful web server designed for Windows systems. It supports ISAPI, CGI, SSI, and several other powerful technologies such as isolated worker processes usually only seen in production servers. More information on AN HTTPd is available at...

CVE-2003-0136

psbanner in the LPRng package allows local users to overwrite arbitrary files via a symbolic link attack on the /tmp/before file...

DSA-286 gs-common - insecure temporary file

Bulletin has no description...

DSA-279 metrics - insecure temporary file creation

Paul Szabo and Matt Zimmerman discovered two similar problems in metrics, a tools for software metrics. Two scripts in this package, "halstead" and "gather\stats", open temporary files without taking appropriate security precautions. "halstead" is installed as a user program, while "gather\stats"...