CVE-2004-2698

Race condition in IMWheel 1.0.0pre11 and earlier, when running with the -k option, allows local users to cause a denial of service IMWheel crash and possibly modify arbitrary files via a symlink attack on the imwheel.pid file...

CVE-2004-2125

Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and other versions before 3.6.ccb, with application protection off, allows local users to gain system privileges by modifying the .INI file to contain a long packetLog.fileprefix value...

Debian DSA-062-1 : rxvt - buffer overflow

Samuel Dralet reported on bugtraq that version 2.6.2 of rxvt a VT102 terminal emulator for X have a buffer overflow in thettprintf function. A local user could abuse this making rxvt print a special string using that function, for example by using the -T or -name command-line options. That string...

CVE-2004-0828

The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and 5.3 does not properly drop privileges before executing the -f option, which allows local users to modify or create arbitrary files...

CVE-2004-0828

The CVE-2004-0828 issue affects the ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and 5.3. The vulnerability occurs because ctstrtcasd does not properly drop privileges before executing the -f option, enabling local users to modify or create arbitrary files with root privileges. A...

CVE-2003-1049

IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS directories with insecure permissions 777, which allows local users to modify or delete certain DB2 files...

CAU-2004-0002 - imwheel Predictable PidFile Name Race Condition

/ / | | | | ----====/ // / | || |====---- | | | || | | | | | | | | | | | | | ------====== / /| || || || |======------ / || || / Computer Academic Underground http://www.caughq.org Security Advisory ===============/======================================================== Advisory ID: CAU-2004-0002...

CVE-2004-0698

4D WebSTAR (FTP/Server) is affected: versions up to 5.3.2 and earlier contain a local symbolic link vulnerability caused by opening files without properly verifying their existence or absolute location. This design issue can let a local attacker write to arbitrary files with the application’s per...

Microsoft Internet Explorer 5 Firefox 0.8 OmniWeb 4.x - URI Protocol Handler Arbitrary File CreationModification

Microsoft Internet Explorer 5 Firefox 0.8 OmniWeb 4.x - URI Protocol Handler Arbitrary File CreationModification source: https://www.securityfocus.com/bid/10336/info A vulnerability has been identified in multiple products from multiple vendors that may allow a remote attacker to create or modify...

Sun Solaris tcsh(1) contains vulnerability in the built-in ls-F command

Overview Sun Solaris tcsh1 contains a vulnerability in the built-in ls-F command that could allow an unprivileged user to create or remove files or gain privileges of another user. Description A vulnerability in the built-in ls-F command of the Sun Solaris tcsh1 may allow an intruder to create or...

CVE-2001-1409

Vulnerability CVE-2001-1409 affects XFree86 Xserver 4.1.0-2 where dexconf creates /dev/dri with insecure permissions (666). This allows local users to replace or create files on the root filesystem. Red Hat advisories RHSA-2003:064/065/067 reference updated XFree86 packages and fixes; the issue i...

CVE-2001-1301

Technical details about CVE-2001-1301 are not publicly provided in the connected documents. The supplied materials only reiterate the generic symlink-attack description; monitor for updates.

CVE-2001-1301

rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file...

CVE-2002-1518

mv in IRIX 6.5 creates a directory with world-writable permissions while moving a directory, which could allow local users to modify files and directories...

Pages Pro filenote Parameter Traversal Arbitrary File Modification

A security vulnerability in the 'Pages Pro' allows anybody to read or modify files that would otherwise be inaccessible using a directory traversal attack. An attacker may use this to read or write sensitive files or even make a phone call. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

CVE-2002-1836

The default configuration of Xerox DocuTech 6110 and DocuTech 6115 exports certain NFS shares to the world with world writable permissions, which may allow remote attackers to modify sensitive files...

CVE-2002-1694

Microsoft Internet Information Server IIS 4.0 opens log files with FILESHAREREAD and FILESHAREWRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running...

CVE-2002-1924

PowerChute plus 5.0.2 creates a "Pwrchute" directory during installation that is shared and world writeable, which could allow remote attackers to modify or create files in that directory...

CVE-2002-2407

Certain patches for QNX Neutrino realtime operating system RTOS 6.2.0 set insecure permissions for the files 1 /sbin/io-audio by OS Update Patch A, 2 /bin/shutdown, 3 /sbin/fs-pkg, and 4 phshutdown by QNX experimental patches, 5 cpim, 6 vpim, 7 phrelaycfg, and 8 columns, 9 othello, 10 peg, 11...

CVE-2002-0934

Directory traversal vulnerability in Jon Hedley AlienForm2 typically installed as af.cgi or alienform.cgi allows remote attackers to read or modify arbitrary files via an illegal character in the middle of a .. dot dot sequence in the parameters 1 browserout or 2 outfile...