6765 matches found
CVE-2002-0296
The installation of Tarantella Enterprise 3 allows local users to overwrite arbitrary files via a symlink attack on the "spinning" temporary file...
QNX RTOS 4.25 - monitor Arbitrary File Modification
source: https://www.securityfocus.com/bid/4902/info The QNX RTOS monitor utility is prone to an issue which may allow local attackers to modify arbitrary system files such as /etc/passwd. monitor is installed setuid root by default. The monitor -f command line option may be used by a local attack...
CVE-2002-0169
The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is installed with an insecure option enabled, which could allow users to overwrite files outside of the current directory from an untrusted document by using a full pathname as an element identifier...
FreeBSD-SA-02:25.bzip2
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:25 Security Advisory The FreeBSD Project Topic: bzip2 contains multiple security vulnerabilities Category: core/ports Module: bzip2 Announced: 2002-05-20 Credits: Volker...
CVE-2002-0210
setlicense for TOLIS Group Backup and Restore Utility BRU 17.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/brutest.$$ temporary file...
CVE-2001-1331
CVE-2001-1331 affects the man-db package’s mandb tool. The vulnerability exists in mandb before version 2.3.16-3, where invoking mandb with -u or -c does not drop privileges and does not drop file-system symlinks, enabling local users to overwrite arbitrary files. Impact is local, potentially ena...
CVE-2002-0296
The installation of Tarantella Enterprise 3 allows local users to overwrite arbitrary files via a symlink attack on the "spinning" temporary file...
CVE-2002-0296
The CVE-2002-0296 issue affects Tarantella Enterprise 3, where local users can overwrite arbitrary files through a symlink attack on the spinning temporary file. Root cause: improper handling of temporary files enabling a symlink-based overwrite. Impact: local/x local user access with partial int...
CVE-2001-1346
Computer Associates ARCserveIT 6.61 and 6.63 also called ARCservIT allows local users to overwrite arbitrary files via a symlink attack on the temporary files 1 asagent.tmp or 2 inetd.tmp...
CVE-2001-1268
Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. dot dot in an extracted filename...
CVE-2001-1331
mandb in the man-db package before 2.3.16-3 allows local users to overwrite arbitrary files via the command line options 1 -u or 2 -c, which do not drop privileges and follow symlinks...
DCShop Beta 1.0 - Form Manipulation
source: https://www.securityfocus.com/bid/4356/info DCShop Beta is a freely available shopping cart system, written in Perl. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. It is possible to overwrite setup files .setup by submitting attacker-supplied...
CVE-2001-1198
RLPDaemon in HP-UX 10.20 and 11.0 allows local users to overwrite arbitrary files and gain privileges by specifying the target file in the -L option...
CVE-2001-1101
The Log Viewer function in the Check Point FireWall-1 GUI for Solaris 3.0b through 4.1 SP2 does not check for the existence of '.log' files when saving files, which allows 1 remote authenticated users to overwrite arbitrary files ending in '.log', or 2 local users to overwrite arbitrary files via...
CVE-2001-1197
klprfaxfilter in KDE2 KDEUtils allows local users to overwrite arbitrary files via a symlink attack on the klprfax.filter temporary file...
CVE-2002-0141
Maelstrom GPL 3.0.1 allows local users to overwrite arbitrary files of other Maelstrom users via a symlink attack on the /tmp/f file...
CVE-2001-1102
CVE-2001-1102 affects Check Point FireWall-1 on Solaris, vulnerable in versions 3.0b through 4.1. A symlink attack on temporary policy files ending in .cpp, which are world-writable, allows local users to overwrite arbitrary files, impacting confidentiality, integrity, and availability. The descr...
CVE-2002-0137
CDRDAO 1.1.4 and 1.1.5 allows local users to overwrite arbitrary files via a symlink attack on the $HOME/.cdrdao configuration file...
CVE-2001-1101
The CVE-2001-1101 entry concerns the Check Point FireWall-1 GUI on Solaris (3.0b–4.1 SP2). The vulnerability arises in the Log Viewer function, which does not validate the existence of .log files when saving, enabling: (1) remote authenticated users to overwrite arbitrary files ending in .log, an...
CVE-2001-0730
split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / slash in the Host: header...