Design/Logic Flaw

Unspecified vulnerability in the camera application in HP Palm webOS 1.4.1 allows local users to overwrite arbitrary files via unknown vectors...

CVE-2010-4027

The CVE-2010-4027 issue affects HP Palm webOS 1.4.1, specifically the camera application, enabling a local user to overwrite arbitrary files on the device filesystem via unknown vectors. HP’s security bulletin (HPSBMI02582 SSRT100269 rev.1) confirms the vulnerability and assigns CVSS v2 base metr...

CVE-2010-1693

openibd in OpenFabrics Enterprise Distribution OFED 1.5.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ibsetnodedesc.sh temporary file...

CVE-2010-1693

openibd in OpenFabrics Enterprise Distribution OFED 1.5.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ibsetnodedesc.sh temporary file...

CVE-2010-1693

openibd in OpenFabrics Enterprise Distribution OFED 1.5.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ibsetnodedesc.sh temporary file...

Code injection

The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files...

local file overwrite

curl offers a command line option --remote-header-name also usable as -J which uses the filename of the Content-disposition: header when it saves the downloaded data locally. curl attempts to cut off the directory parts from any given filename in the header to only store files in the current...

CURL-CVE-2010-3842 local file overwrite

curl offers a command line option --remote-header-name also usable as -J which uses the filename of the Content-disposition: header when it saves the downloaded data locally. curl attempts to cut off the directory parts from any given filename in the header to only store files in the current...

CVE-2009-5007

The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files...

CVE-2010-3691

PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file...

CVE-2010-3691

PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file...

CVE-2010-3691

CVE-2010-3691 affects phpCAS (in Moodle) prior to version 1.1.3. When proxy mode is enabled, PGTStorage/pgt-file.php is vulnerable to a local symlink attack that allows a local user to overwrite arbitrary files. The exposed component is phpCAS in Moodle installations, with potential for file over...

Mandriva Update for perl-libwww-perl MDVSA-2010:167 (perl-libwww-perl)

Check for the Version of perl-libwww-perl OpenVAS Vulnerability Test Mandriva Update for perl-libwww-perl MDVSA-2010:167 perl-libwww-perl Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribu...

Mandriva Linux Security Advisory : wget (MDVSA-2010:170)

A vulnerability has been found and corrected in wget : GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a...

Mandriva Linux Security Advisory : perl-libwww-perl (MDVSA-2010:167)

A vulnerability has been found and corrected in perl-libwww-perl : lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . dot character, which allows remote servers to create or overwrite files via 1 a 3xx redirect to a URL with a crafted filename or 2...

spice-xpi symlink attack

The SPICE aka spice-xpi plug-in 2.2 for Firefox allows local users to overwrite arbitrary files via a symlink attack on an unspecified log file...

CVE-2010-3098

Directory traversal vulnerability in IoRush Software FTP Rush 1.1.3 and possibly earlier allows remote FTP servers to overwrite arbitrary files via a ".." dot dot backslash in a filename...

CVE-2010-3098

CVE-2010-3098 affects IoRush Software FTP Rush 1.1.3 (and possibly earlier). The issue is a directory-traversal flaw caused by insufficient sanitization of the downloaded filename, allowing a remote FTP server to push a filename containing traversal sequences (e.g., ..) and overwrite arbitrary fi...

RHEL 5 : kernel (RHSA-2010:0610)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2010:0610 advisory. - kernel: bluetooth: potential bad memory access with sysfs files CVE-2010-1084 - kernel: ext4: Make sure the MOVEEXT ioctl can't overwrite...

[SECURITY] [DSA 2085-1] New lftp packages fix file overwrite vulnerability

------------------------------------------------------------------------ Debian Security Advisory DSA-2085-1 [email protected] http://www.debian.org/security/ Sebastien Delafond August 03, 2010 http://www.debian.org/security/faq -...