OpenVms 5.36.27.x - UCX POP Server Arbitrary File Modification

OpenVms 5.36.27.x - UCX POP Server Arbitrary File Modification source: https://www.securityfocus.com/bid/5790/info An issue with the UCX POP Post Office Protocol server used by OpenVMS has been reported. It is possible for a malicous local user to overwrite arbitrary files on the filesystem by...

OpenVms 5.3/6.2/7.x - UCX POP Server Arbitrary File Modification

source: https://www.securityfocus.com/bid/5790/info An issue with the UCX POP Post Office Protocol server used by OpenVMS has been reported. It is possible for a malicous local user to overwrite arbitrary files on the filesystem by exploiting a vulnerability in the UCX POP server. $ $ breakit :==...

CVE-2002-0934

Directory traversal vulnerability in Jon Hedley AlienForm2 typically installed as af.cgi or alienform.cgi allows remote attackers to read or modify arbitrary files via an illegal character in the middle of a .. dot dot sequence in the parameters 1 browserout or 2 outfile...

CVE-2002-0762

shadow package in SuSE 8.0 allows local users to destroy the /etc/passwd and /etc/shadow files or assign extra group privileges to some users by changing filesize limits before calling programs that modify the files...

Moderate: Red Hat Security Advisory: util-linux security update

The util-linux package shipped with Red Hat Linux Advanced Server contains a locally exploitable vulnerability. The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. The 'chfn' utility included in this package allows users...

CVE-2002-0764

Phorum 3.3.2a allows remote attackers to execute arbitrary commands via an HTTP request to 1 plugin.php, 2 admin.php, or 3 del.php that modifies the PHORUMsettingsdir variable to point to a directory that contains a PHP file with the commands...

CVE-2001-0890

Certain backend drivers in the SANE library 1.0.3 and earlier, as used in frontend software such as XSane, allows local users to modify files via a symlink attack on temporary files...

CVE-2001-0890

The CVE-2001-0890 entry describes a vulnerability in backend drivers of the SANE library (1.0.3 and earlier), used by frontend tools such as XSane, where a local user can modify files via a symlink attack on temporary files. The root cause is a symlink-related flaw in temporary file handling with...

CVE-2001-0887

xSANE 0.81 and earlier allows local users to modify files of other xSANE users via a symlink attack on temporary files...

CVE-2001-0946

apmscript in Apmd in Red Hat 7.2 "Enigma" allows local users to create or change the modification dates of arbitrary files via a symlink attack on the LOWPOWER temporary file, which could be used to cause a denial of service, e.g. by creating /etc/nologin and disabling logins...

CVE-2001-0887

CVE-2001-0887 affects xSANE 0.81 and earlier. The vulnerability allows local users to modify files of other xSANE users via a symlink attack on temporary files. The provided documents describe the issue but do not specify a remediation or fixed version; exploitation details are not included.

CVE-2002-0334

xtell xtelld 1.91.1 and earlier, and 2.x before 2.7, allows local users to modify files via a symlink attack on the .xtell-log file...

CVE-2002-0465

Hosting Controller 1.4.1 and earlier are affected by CVE-2002-0465. A directory traversal flaw in filemanager.asp allows remote attackers to read/modify arbitrary files and execute commands via an open path parameter containing .. (dot dot). The issue is identified in the NVD/CVE records for this...

CVE-2002-0278

Directory traversal vulnerability in Add2it Mailman Free 1.73 and earlier allows remote attackers to modify arbitrary files via a .. dot dot in the list parameter...

QNX RTOS 4.25 - monitor Arbitrary File Modification

QNX RTOS 4.25 - monitor Arbitrary File Modification source: https://www.securityfocus.com/bid/4902/info The QNX RTOS monitor utility is prone to an issue which may allow local attackers to modify arbitrary system files such as /etc/passwd. monitor is installed setuid root by default. The monitor ...

QNX RTOS 4.25 - dumper Arbitrary File Modification

QNX RTOS 4.25 - dumper Arbitrary File Modification source: https://www.securityfocus.com/bid/4904/info When creating memory dump files, the QNX RTOS debugging utility 'dumper' follows symbolic links. It also sets ownership of the file to the userid of the terminated process. It is possible for...

QNX RTOS 4.25 - dumper Arbitrary File Modification

source: https://www.securityfocus.com/bid/4904/info When creating memory dump files, the QNX RTOS debugging utility 'dumper' follows symbolic links. It also sets ownership of the file to the userid of the terminated process. It is possible for malicious local attackers to exploit this vulnerabili...

QNX RTOS 4.25 - monitor Arbitrary File Modification

source: https://www.securityfocus.com/bid/4902/info The QNX RTOS monitor utility is prone to an issue which may allow local attackers to modify arbitrary system files such as /etc/passwd. monitor is installed setuid root by default. The monitor -f command line option may be used by a local attack...

CGIScript.net - 'csPassword.cgi' 1.0 HTAccess File Modification

source: https://www.securityfocus.com/bid/4888/info CGIScript.net provides various webmaster related tools and is maintained by Mike Barone and Andy Angrick. A vulnerability has been reported in the csPassword.cgi script developed by CGIScript.net. It is possible for an authenticated user to add...

CVE-2002-0248

wmtv 0.6.5 and earlier allows local users to modify arbitrary files via a symlink attack on a configuration file...