CVE-2001-0842

Directory traversal vulnerability in Search.cgi in Leoboard LB5000 LB5000II 1029 and earlier allows remote attackers to overwrite files and gain privileges via .. dot dot sequences in the amembernamecookie cookie...

Microsoft Internet Explorer (IE) calls telnet.exe with unsafe command-line arguments ("Telnet Invocation")

Overview A telnet client can be invoked with unsafe options by arbitrary HTML "web" pages when rendered by affected Microsoft Internet Explorer clients. Description This vulnerability is also known as the "telnet logging" or "telnet invocation" or "Microsoft IE Telnet Client File Overwrite"...

CVE-2001-0809

The CVE-2001-0809 issue affects HP-UX 11.0/11.11 CIFS/9000 Server (SAMBA) prior to patch A.01.06. When configured as a print server, local users can overwrite arbitrary files by modifying certain resources. The vulnerability is documented in HP patch PHNE_24164 (A.01.06) for s700/s800 11.X CIFS/9...

CVE-2001-0832

Root cause: gv on Unix contains a buffer overflow due to an unsafe sscanf usage when parsing PostScript/PDF, enabling local arbitrary-code execution with victim privileges. Exploitation requires user to view a malicious file (PoC exists in historical disclosures); affected versions referenced in ...

Netscape vulnerable to arbitrary file overwriting via symlink redirection of temporary file

Overview During installation, Netscape 6.0.1 creates a temporary file with insecure options and a predictable name in a world-writable location. By using a symbolic link attack, an attacker could cause overwrite of arbitrary files. Description The installation script for Netscape 6.0.1 creates a...

CVE-2001-0730

split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / slash in the Host: header...

FW: ASI Oracle Security Alert: 3 new security alerts

I have not seen the latest Oracle bugs on the list yet. 2 and 3 were credited to Juan Manuel Pascual EscribГ by Oracle. -----Original Message----- From: [email protected] mailto:[email protected] Sent: 23 October 2001 11:00 To: [email protected] Subject: ASI Oracle Security Alert: 3 n...

Samba NETBIOS Name Traversal Arbitrary Remote File Creation

The remote Samba server, according to its version number, allows creation of arbitrary remote files. This vulnerability allows an attacker to overwrite arbitrary files by supplying an arbitrarily formed NetBIOS machine name to this server, and to potentially become root on the remote server. An...

CVE-2001-0744

Horde IMP 2.2.4 and earlier allows local users to overwrite files via a symlink attack on a temporary file...

CVE-2001-0736

This CVE (CVE-2001-0736) affects the Pine email client (and pico editor) prior to version 4.33, where a local user can overwrite arbitrary files via a symlink attack. The vulnerability allows any local user to overwrite files owned by other users, including root, under certain conditions. A fix i...

diffutils sdiff creates temporary files insecurely

Overview diffutils, a set of utilities distributed with many versions of linux, contains a utility called sdiff, which creates temporary files of predictable names in an insecure fashion. Using a symbolic link attack, an intruder can cause overwrite of any file writable by the user executing sdif...

mgetty creates temporary files insecurely

Overview mgetty, a replacement for getty designed to support modem and fax use, creates files of a predictable name in a world-writable directory without checking for the prior existence or ownership of the file. Using a symbolic link attack, an intruder might cause the overwrite of arbitrary fil...

Sun Solaris catman creates temporary files insecurely

Overview catman, the unix manual display utility, creates insecure temporary files with predictable names in a world-writable directory. Since catman executes with system administration privileges, a symbolic link attack could overwrite arbitrary files. Description There is a vulnerability in...

CVE-2001-0642

Directory traversal vulnerability in IncrediMail version 1400185 and earlier allows local users to overwrite files on the local hard drive by appending .. dot dot sequences to filenames listed in the content.ini file...

CVE-2001-0095

catman in Solaris 2.7 and 2.8 allows local users to overwrite arbitrary files via a symlink attack on the smanPID temporary file...

CVE-2001-0095

Catman in Solaris 2.7/2.8 creates insecure temporary files with predictable names in world-writable /tmp, enabling local users to perform a symlink attack to overwrite arbitrary files. The root cause is predictable temp-file naming and symlink handling when run as root. Impact is local privilege ...

CVE-2001-0474

Utah-glx in Mesa before 3.3-14 on Mandrake Linux 7.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/glxmemory file...

Samba creates temporary files insecurely

Overview Samba handles temporary files insecurely, allowing arbitrary files to be overwritten and left in a state that would permit later modification. Description Samba is an implementation of the Server Message Block SMB protocol. Some versions of samba handle temporary files in an insecure...

CVE-1999-1013

named-xfer in AIX 4.1.5 and 4.2.1 allows members of the system group to overwrite system files to gain root access via the -f parameter and a malformed zone file...

CVE-1999-1495

xtvscreen in SuSE Linux 6.0 allows local users to overwrite arbitrary files via a symlink attack on the pic000.pnm file...