CVE-2008-4474

freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in 1 backupradacct, 2 cleanradacct, 3 monthlytotstats, 4 totstats, and 5 truncateradacct...

CVE-2008-4476

sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sympaaliases.$$ temporary file. NOTE: wwsympa.fcgi was also reported, but the issue occurred in a dead function, so it is not a vulnerability...

CVE-2008-4474

freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in 1 backupradacct, 2 cleanradacct, 3 monthlytotstats, 4 totstats, and 5 truncateradacct...

DEBIAN-CVE-2008-4476

sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sympaaliases.$$ temporary file. NOTE: wwsympa.fcgi was also reported, but the issue occurred in a dead function, so it is not a vulnerability...

CVE-2008-4476

sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sympaaliases.$$ temporary file. NOTE: wwsympa.fcgi was also reported, but the issue occurred in a dead function, so it is not a vulnerability...

Design/Logic Flaw

freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in 1 backupradacct, 2 cleanradacct, 3 monthlytotstats, 4 totstats, and 5 truncateradacct...

Code injection

ibackup 2.27 allows local users to overwrite arbitrary files via a symlink attack on temporary files...

CVE-2008-4475

ibackup 2.27 allows local users to overwrite arbitrary files via a symlink attack on temporary files...

CVE-2008-4476

Sympa vulnerability CVE-2008-4476 affects sympa.pl in sympa 5.3.4, where local users can overwrite arbitrary files via a symlink attack on the temporary file /tmp/sympa_aliases.$$. The related note states wwsympa.fcgi was reported but the issue occurred in a dead function, so it is not a vulnerab...

GdPicture Pro 'gdpicture4s.ocx' ActiveX控件任意文件覆盖漏洞

BUGTRAQ ID:31504 CNCAN ID：CNCAN-2008100305 GdPicture Pro是一款支持多格式的图像管理软件。 GdPicture Pro包含的gdpicture4s.ocx ActiveX控件存在设计错误，远程攻击者可以利用漏洞以应用程序权限覆盖系统文件。 SaveAsPDF方法允许通过sFilePath参数建立和覆盖文件，通过使用其他参数，如sTitle，攻击者可以注入HTML代码，使用hcp://协议执行。GdPicturePro5.Imaging也存在此漏洞。 GdPicture GdPicture Pro GdPicture GdPicture...

GdPicture Multiple ActiveX Control SaveAsPDF Method Arbitrary File Overwrite

The remote host contains the GdPicturePro5S.Imaging or GdPicture4S.Imaging ActiveX control, which is used to manipulate images in a variety of formats. The version of the control installed on the remote host reportedly fails to validate input to the 'sFilePath' argument of the 'SaveAsPDF' method...

GdPicture Pro ActiveX (gdpicture4s.ocx) File Overwrite / Exec Exploit

No description provided by source. !-- --------------------------------------------------------------------------------- GdPicture Pro ActiveX gdpicture4s.ocx Remote File Overwrite / Execution Exploit --------------------------------------------------------------------------------- author...: Egi...

gdpicture-exec.txt

var cmd = "cmd /c net user test test /add & net localgroup Administrators test /add"; var outFile = "c:\windows\pchealth\helpctr\system\errors\badurl.htm"; var BMP = "\x42\x4d\x42\x00\x0...

CVE-2008-4342

NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX control NMSDVDX.dll 1.013C and earlier, as used in CDBurnerXP 4.2.1.976, BurnAware 2.1.3, Blaze Media Pro 8.02 Special Edition, and possibly other products, allows remote attackers to overwrite and create arbitrary files via...

GdPicture Pro - ActiveX gdpicture4s.ocx File Overwrite Exec

GdPicture Pro - ActiveX gdpicture4s.ocx File Overwrite Exec var cmd = "cmd /c net user test test /add & net localgroup Administrators test /add"; var outFile = "c:\windows\pchealth\helpctr\system\errors\badurl.htm"; var BMP = "\x42\x4d\x4...

GdPicture Pro - ActiveX 'gdpicture4s.ocx' File Overwrite / Exec

var cmd = "cmd /c net user test test /add & net localgroup Administrators test /add"; var outFile = "c:\windows\pchealth\helpctr\system\errors\badurl.htm"; var BMP = "\x42\x4d\x42\x00\x00\x00\x00...

GdPicture Pro ActiveX (gdpicture4s.ocx) File Overwrite / Exec Exploit

Exploit for unknown platform in category remote exploits ===================================================================== GdPicture Pro ActiveX gdpicture4s.ocx File Overwrite / Exec Exploit ===================================================================== object...

CVE-2008-4192

The pservershutdown function in fenceegenera in cman 2.20080629 and 2.20080801 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/eglog temporary file...

NMS DVD Burning SDK 'NMSDVDX.dll' ActiveX控件任意文件覆盖漏洞

BUGTRAQ ID: 31374 CNCAN ID：CNCAN-2008092609 NMS DVD Burning SDK是一款用于刻录DVD光盘的工具包。 NMS DVD Burning SDK包含的ActiveX控件存在任意文件覆盖问题，远程攻击者可以利用漏洞以登录用户进程权限执行任意程序。 问题是'NMSDVDX.dll' ActiveX控件处理"EnableLog"和"LogMessage"方法存在问题，构建恶意WEB页，诱使用户访问，可覆盖系统文件，执行任意程序。 Numedia Soft Inc. NMSDVDX DVD Burning SDK 1.008 Numedia...

CVE-2008-4190

The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the 1 ipseclive.conn and 2 ipsec.olts.remote.log temporary files. NOTE: in many distributions and the upstream...