CVE-2002-1956

ROX Filer 1.1.9 and 1.2 is installed with world writable permissions, which allows local users to write to arbitrary files...

CVE-2002-1869

Heysoft EventSave 5.1 and 5.2 and Heysoft EventSave+ 5.1 and 5.2 does not check whether the log file can be written to, which allows attackers to prevent events from being recorded by opening the log file using an application such as Microsoft's Event Viewer...

Low: Red Hat Security Advisory: openssh security update

Updated openssh packages that fix a potential security vulnerability and various other bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH Secure SHell protocol...

CVE-2005-0471

CVE-2005-0471 affects Sun Java JRE 1.1.x through 1.4.x. The vulnerability arises when the Java runtime writes temporary files with long filenames that become predictable on file systems using 8.3 short names, enabling remote attackers to write arbitrary files to known locations and potentially ex...

GlobalScape - CuteFTP macros .mcr Local File Write

GlobalScape - CuteFTP macros .mcr Local File Write Application: GlobalSCAPE CuteFTP V6.0 http://www.globalscape.com/ Risk: Medium / e-mail: [email protected] web: http://www.prohack.net / --The bug: Atacker can create a crafted CuteFTP macro .mcr, and when its loaded in the target computer, it c...

GlobalScape - CuteFTP macros '.mcr' Local File Write

Application: GlobalSCAPE CuteFTP V6.0 http://www.globalscape.com/ Risk: Medium / e-mail: [email protected] web: http://www.prohack.net / --The bug: Atacker can create a crafted CuteFTP macro .mcr, and when its loaded in the target computer, it can download the Arbitrary file into the target user...

CVE-2004-0881

Removed by vendor...

Fedora Core 1 : rsync-2.5.7-5.fc1 (2004-116)

Rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot. This could allow a remote attacker to write files outside of the module's 'path', depending on the privileges assigned to the rsync daemon. Users not running an rsync daemon, running a...

DEBIAN-CVE-2004-0426

rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path...

CVE-2004-0426

rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path...

Multiple vulnerabilities in xine

Background xine is a multimedia player allowing to play back CDs, DVDs, and VCDs and decoding multimedia files like AVI, MOV, WMV, and MP3 from local disk drives, and displays multimedia streamed over the Internet. It is available in Gentoo as a reusable library xine-lib with a standard user...

hpjadmadv.txt

Product: HP Web JetAdmin Version 7.5.2546 Others that use this codebase assumed vulnerable Note: Only tested on the Windows Platform. Vulnerability: Denial of Service, Upload Any file to the filesystem to a known location, Write to any file on the file system, Read any file from the filesystem...

smbprintsymlink.txt

Product: Samba 'smbprint' script. http://www.samba.org Versions: All versions, but manifesting in different ways. Bug: Symlink bug / tmpfile bug. Impact: Attacker's can write to arbitrary files, and in theory, elevate privileges unlikely Risk: LOW Date: March 19, 2004 Author: Shaun Colley Email:...

Gast Arbeiter Privilege Escalation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - ------------------------------------------------------------ NATOK security labs natok at hush.com October 20st, 2003 Privilege Escalation - - - ------------------------------------------------------------ - - - Overview Software : Gast Arbeiter...

GuppY 2.4 - Remote File Access

source: https://www.securityfocus.com/bid/8769/info GuppY is prone to an issue that could allow a remote attacker to read or write to files on the vulnerable server. This issue presents itself in the tinymsg.php component of the software. The attacker could only access files to which the webserve...

IBM DB2 privilege escalation

db2job allows to write any file...

CVE-2003-0284

Adobe Acrobat 5 does not properly validate JavaScript in PDF files, which allows remote attackers to write arbitrary files into the Plug-ins folder that spread to other PDF documents, as demonstrated by the W32.Yourde virus...

Apache 2.0.x < 2.0.45 Multiple Vulnerabilities (DoS, File Write)

The remote host is running a version of Apache 2.0.x that is prior to 2.0.45. It is, therefore, reportedly affected by multiple vulnerabilities : - There is a denial of service attack that could allow an attacker to disable this server remotely. - The httpd process leaks file descriptors to child...

CVE-2002-0631

Unknown vulnerability in nveventd in NetVisualyzer on SGI IRIX 6.5 through 6.5.16 allows local users to write arbitrary files and gain root privileges...

CVE-2002-0631

Unknown vulnerability in nveventd in NetVisualyzer on SGI IRIX 6.5 through 6.5.16 allows local users to write arbitrary files and gain root privileges...