CVE-1999-1244

CVE-1999-1244 affects IPFilter versions 3.2.3–3.2.10. The flaw arises from a symlink attack on the saved output file, enabling local users to modify arbitrary files. The impact is described as full confidentiality, integrity, and availability effects in the source data. No remediation or exploit ...

CVE-1999-1221

The CVE-1999-1221 vulnerability affects Digital Unix (OSF/1) 3.x, where local users can modify arbitrary files via a symlink attack on the dxchpwd.log file. The provided documents describe the affected product and the underlying cause as a symlink attack, but do not include details on exploitatio...

CVE-2001-1301

rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file...

Sambar Web Server pagecount exploit code

by default, there is a pagecount script with Sambar Web Server it's situated at http://sambarserver/session/pagecount counter writes it's temporary files at c:sambardirectorytmp if we'll write http://sambarserver/session/pagecount?page=index it will create file in Sambar temp directory with name...

CVE-2001-1172

OmniSecure HTTProtect 1.1.1 allows a superuser without omnish privileges to modify a protected file by creating a symbolic link to that file...

[SNS Advisory No.37] HTTProtect allows attackers to change the protected file using a symlink

----------------------------------------------------------------------- SNS Advisory No.37 HTTProtect allows attackers to change the protected file using a symlink Problem first discovered: Mon, 4 Jun 2001 Published: Wed, 18 Jul 2001...

CVE-2001-0434

The LogDataListToFile ActiveX function used in 1 Knowledge Center and 2 Back web components of Compaq Presario computers allows remote attackers to modify arbitrary files and cause a denial of service...

CVE-2001-0407

Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. dot dot...

CVE-2001-0071

gpg aka GnuPG 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection...

Security bugs in interactions between IE 5.x, IIS 5.0 and Exchange 2000

Georgi Guninski security advisory 40, 2001 Security bugs in interactions between IE 5.x, IIS 5.0 and Exchange 2000 Systems affected: The bug is in IE 5.x Win2K, probably others but interaction with IIS 5.0 or Exchange web storage is required Risk: High Date: 28 March 2001 Legal Notice: This...

CVE-2001-0071

gpg aka GnuPG 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection...

CVE-2000-0691

The faxrunq and faxrunqd in the mgetty package allows local users to create or modify arbitrary files via a symlink attack which creates a symlink in from /var/spool/fax/outgoing/.lastrun to the target file...

Microsoft IIS 4.05.0 and PWS - Extended Unicode Directory Traversal (3)

Microsoft IIS 4.05.0 and PWS - Extended Unicode Directory Traversal 3 // source: https://www.securityfocus.com/bid/1806/info Microsoft IIS 4.0 and 5.0 are both vulnerable to double dot "../" directory traversal exploitation if extended UNICODE character representations are used in substitution fo...

CVE-2000-0628

The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files...

CVE-2000-0628

The CVE-2000-0628 entry concerns the Apache::ASP 1.93 and earlier, where the source.asp example script in the Apache ASP module allows remote attackers to modify files. The vulnerability pertains to the source.asp file (/site/eg/source.asp in exposed deployments) which comes with the Apache::ASP ...

CVE-2000-0691

The faxrunq and faxrunqd in the mgetty package allows local users to create or modify arbitrary files via a symlink attack which creates a symlink in from /var/spool/fax/outgoing/.lastrun to the target file...

CVE-2000-0431

Cobalt RaQ2 and RaQ3 does not properly set the access permissions and ownership for files that are uploaded via FrontPage, which allows attackers to bypass cgiwrap and modify files...

CVE-1999-0959

IRIX startmidi program allows local users to modify arbitrary files via a symlink attack...

CVE-2000-0431

Cobalt RaQ2/RaQ3 systems with FrontPage uploads expose a permissions/ownership misconfiguration that allows bypassing cgiwrap and modifying uploaded files. The issue is documented in CVE-2000-0431 with references in NVD/CVE records and corroborated by OpenVAS/Nessus entries mentioning cgiwrap vul...

CVE-1999-0959

Technical details about CVE-1999-0959 are not publicly provided in the supplied documents. No confirmed affected products, versions, or fixes are listed here. Monitor for updates from the cited sources.