Directory traversal

Directory traversal vulnerability in the diskcreate function in disk.c in rdesktop before 1.7.0, when disk redirection is enabled, allows remote RDP servers to read or overwrite arbitrary files via a .. dot dot in a pathname...

CVE-2011-1920

CVE-2011-1920 affects NetBSD make include files (bsd.lib.mk, bsd.prog.mk) as used by pmake 1.111 and related products; local users can overwrite arbitrary files via a symlink attack on a /tmp/_depend##### file. Affected: NetBSD make includes; pmake usage; vulnerability arises from insecure tempor...

CVE-2011-1595

Directory traversal vulnerability in the diskcreate function in disk.c in rdesktop before 1.7.0, when disk redirection is enabled, allows remote RDP servers to read or overwrite arbitrary files via a .. dot dot in a pathname...

Fedora 13 : widelands-0-0.24.build16.fc13 (2011-6110)

Rebase to new upstream release build16 - Besides various enhancements this also fixes an arbitrary file overwrite vulnerability, which could be exploited when connecting to malicious servers for internet play! Note that Tenable Network Security has extracted the preceding description block...

Fedora 14 : widelands-0-0.24.build16.fc14 (2011-6124)

Rebase to new upstream release build16 - Besides various enhancements this also fixes an arbitrary file overwrite vulnerability, which could be exploited when connecting to malicious servers for internet play! Note that Tenable Network Security has extracted the preceding description block...

Fedora 15 : widelands-0-0.24.build16.fc15 (2011-6133)

Rebase to new upstream release build16 - Besides various enhancements this also fixes an arbitrary file overwrite vulnerability, which could be exploited when connecting to malicious servers for internet play! Note that Tenable Network Security has extracted the preceding description block...

Debian DSA-2219-1 : xmlsec1 - arbitrary file overwrite

Nicolas Gregoire discovered that the XML Security Library xmlsec allowed remote attackers to create or overwrite arbitrary files through specially crafted XML files using the libxslt output extension and a ds:Transform element during signature verification. %NASLMINLEVEL 70300 C Tenable Network...

[SECURITY] [DSA 2219-1] xmlsec1 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2219-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst April 18, 2011 http://www.debian.org/security/faq -...

CVE-2010-4229

Directory traversal vulnerability in an unspecified servlet in the Inventory component in ZENworks Asset Management ZAM in Novell ZENworks Configuration Management 10.3 before 10.3.2, and 11, allows remote attackers to overwrite files, and subsequently execute arbitrary code, via directory...

CVE-2011-0012

The SPICE Firefox plug-in spice-xpi 2.4, 2.3, 2.2, and possibly other versions allows local users to overwrite arbitrary files via a symlink attack on the usbrdrctl log file, which has a predictable name...

DSA-2219-1 xmlsec1 - file overwrite

Bulletin has no description...

ZDI-11-118: Novell ZENworks Asset Management Path Traversal File Overwrite Remote Code Execution Vulnerability

ZDI-11-118: Novell ZENworks Asset Management Path Traversal File Overwrite Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-118 April 11, 2011 -- CVE ID: CVE-2010-4229 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Novell -- Affected Products:...

Novell ZENworks Asset Management Path Traversal File Overwrite Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks Asset Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within a servlet provided within the Novell Zenworks distribution for...

Code injection

xslt.c in XML Security Library aka xmlsec before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification...

QNX Neutrino RTOS privilege escalation

It's possible to overwrite files via LDDEBUGOUTPUT for suid applications...

CVE-2010-4651

Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. dot dot or full pathname, a related issue to CVE-2010-1679...

CVE-2011-1144

The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the 1 downloaddir, 2 cachedir, 3 tmpdir, and 4 pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for...

Design/Logic Flaw

The XML-RPC implementation on Cisco TelePresence Recording Server devices with software 1.6.x and 1.7.x before 1.7.1 allows remote attackers to overwrite files and consequently execute arbitrary code via a malformed request, aka Bug ID CSCti50739...

CVE-2011-0702

The fehuniquefilename function in utils.c in feh before 1.11.2 might allow local users to overwrite arbitrary files via a symlink attack on a /tmp/feh temporary file...

CVE-2011-0702

CVE-2011-0702 affects feh before 1.11.2, where feh_unique_filename in utils.c can be exploited by local users via a symlink attack on a /tmp/feh_ temporary file to overwrite arbitrary files. Public references describe this as a local vulnerability with potential for file overwrite; remediation ob...