6871 matches found
CVE-2007-4631
The DataLoader::doStart function in dataloader.cpp in QGit 1.5.6 and other versions up to 2pre1 allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on temporary files with predictable filenames...
CVE-2007-4631
The CVE-2007-4631 issue affects QGit (notably versions including 1.5.6 up to 2pre1) where DataLoader::doStart() creates temporary files insecurely. A local attacker could exploit a symlink attack on predictable temporary filenames to overwrite arbitrary files or execute arbitrary code. Public adv...
CVE-2007-4559
Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267...
Design/Logic Flaw
Unreal Commander 0.92 build 565 and 573 lists the filenames from the Central Directory of a ZIP archive, but extracts to local filenames corresponding to names in Local File Header fields in this archive, which might allow remote attackers to trick a user into performing a dangerous file overwrit...
CVE-2007-4546
Unreal Commander 0.92 build 565 and 573 is affected. The software extracts ZIP entries using Local File Header names instead of Central Directory filenames, enabling an attacker to cause a user to overwrite or create local files via a crafted archive. The description notes the mismatch between Ce...
rPSA-2007-0172-1 tar
rPath Security Advisory: 2007-0172-1 Published: 2007-08-25 Products: rPath Linux 1 Rating: Severe Exposure Level Classification: Indirect User Deterministic Vulnerability Updated Versions: tar=/conary.rpath.com@rpl:devel//1/1.15.1-7.2-1 References: https://vulners.com/cve/CVE-2001-1267...
Directory traversal and absolute path in multiple archivers
Directory traversal and absolute path allow to overwrite any file during archive extraction...
CVE-2007-4131
Directory traversal vulnerability in the containsdotdot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. slash slash dot dot sequences in directory symlinks in a TAR archive...
EUVD-2007-4115
Directory traversal vulnerability in the containsdotdot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. slash slash dot dot sequences in directory symlinks in a TAR archive...
PT-2007-1155
Name of the Vulnerable Software and Affected Versions: Python tarfile module versions affected versions not specified Description: A directory traversal vulnerability in the extract and extractall functions of the tarfile module in Python allows user-assisted remote attackers to overwrite arbitra...
Unreal Commander 0.92 - ZIP RAR Archive Handling Traversal Arbitrary File Overwrite
Unreal Commander 0.92 - ZIP RAR Archive Handling Traversal Arbitrary File Overwrite source: https://www.securityfocus.com/bid/25419/info Unreal Commander is prone to multiple remote vulnerabilities when handling malformed ZIP and RAR archives. These vulnerabilities include a directory-traversal...
DEBIAN-CVE-2007-4462
lib/Locale/Po4a/Po.pm in po4a before 0.32 allows local users to overwrite arbitrary files via a symlink attack on the gettextization.failed.po temporary file...
CVE-2007-4460
The RenderV2ToFile function in tagfile.cpp in id3lib aka libid3 3.8.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file whose name is constructed from the name of a file being tagged...
CVE-2007-4462
lib/Locale/Po4a/Po.pm in po4a before 0.32 allows local users to overwrite arbitrary files via a symlink attack on the gettextization.failed.po temporary file...
CVE-2007-4462
lib/Locale/Po4a/Po.pm in po4a before 0.32 allows local users to overwrite arbitrary files via a symlink attack on the gettextization.failed.po temporary file...
ArgoSoft Mail Server MLSRVX.DLL任意文件覆盖漏洞
ArgoSoft Mail Server是一款多功能的邮件服务程序。 ArgoSoft Mail Server存在任意文件覆盖问题,远程攻击者可以利用漏洞进行拒绝服务攻击。 问题存在于MLSRVX.DLL中。使用恶意的ActiveX控件,调用不安全的方法,诱使用户访问可覆盖目标用户系统上的文件,造成拒绝服务攻击,或可能以登录用户进程权限执行任意指令。 ArGo Software Design ArGoSoft Mail Server 1.8.9.1 目前没有解决方案提供: http://www.argosoft.com/rootpages/MailServerNet/Default.as...
VMware IntraProcessLogging.dll 5.5.3.42958 Arbitrary Data Write Exploit
No description provided by source. !-- --------------------------------------------------------------------------- :. GOODFELLAS Security Research TEAM .: :. http://goodfellas.shellcode.com.ar .: IntraProcessLogging.dll 5.5.3.42958 VmWare Inc Arbitrary Data Write Exploit...
clever-overwrite.txt
------------------------------------------------------------------------------------------------- Clever Internet ActiveX Suite 6.2 CLINETSUITEX6.OCX Arbitrary file download/overwrite Exploit url: http://www.clevercomponents.com/home/news.asp author: shinnai mail: shinnaiatautisticidotorg site:...
CVE-2007-3531
NVClock (backend/backend.c) is vulnerable prior to 0.8b2: a symlink attack on /tmp/nvclock allows a local user to overwrite arbitrary files. This is a local-privilege issue with complete confidentiality, integrity, and availability impact as described, enabling arbitrary code execution via insecu...
Security feature bypass
The Data Dynamics ActiveBar ActiveX control actbar3.ocx 3.2 and earlier allows remote attackers to create or overwrite files via a full pathname in 1 the second argument to the Save method, or the first argument to the 2 SaveLayoutChanges or 3 SaveMenuUsageData method...