CVE-2007-0469

The CVE-2007-0469 issue affects RubyGems before 0.9.1. The extract_files function in installer.rb can overwrite existing files without checking for their existence, allowing user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via craft...

CVE-2006-6939

GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the opensbuf function...

CVE-2006-6939

GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the opensbuf function...

DEBIAN-CVE-2007-0159

Directory traversal vulnerability in the GeoIPupdatedatabasegeneral function in libGeoIP/GeoIPUpdate.c in GeoIP 1.4.0 allows remote malicious update servers possibly only update.maxmind.com to overwrite arbitrary files via a .. dot dot in the database filename, which is returned by a request to...

CVE-2007-0159

Directory traversal vulnerability in the GeoIPupdatedatabasegeneral function in libGeoIP/GeoIPUpdate.c in GeoIP 1.4.0 allows remote malicious update servers possibly only update.maxmind.com to overwrite arbitrary files via a .. dot dot in the database filename, which is returned by a request to...

CVE-2007-0100

The CVE-2007-0100 entry describes a vulnerability in the Perforce client where the client does not restrict the set of files it overwrites after receiving a server request. The root cause is that the client can overwrite arbitrary files if the server or a malicious server is used, by modifying th...

security flaw

GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPENAMES record with a symbolic link, which is not properly handled by the extractarchive function in extract.c and extractmangle function in...

CVE-2006-6328

Directory traversal vulnerability in index.php for TorrentFlux 2.2 allows remote attackers to create or overwrite arbitrary files via sequences in the aliasfile parameter...

[SECURITY] [DSA 1223-1] New tar packages fix arbitrary file overwrite

------------------------------------------------------------------------ Debian Security Advisory DSA-1223-1 [email protected] http://www.debian.org/security/ Noah Meyerhans December 01, 2006 - ------------------------------------------------------------------------ Package : tar Vulnerability...

DSA-1223-1 tar

Bulletin has no description...

GLSA-200611-23 : Mono: Insecure temporary file creation

The remote host is affected by the vulnerability described in GLSA-200611-23 Mono: Insecure temporary file creation Sebastian Krahmer of the SuSE Security Team discovered that the System.CodeDom.Compiler classes of Mono create temporary files with insecure permissions. Impact : A local attacker...

DSA-1219 texinfo

Bulletin has no description...

CVE-2006-6097

GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPENAMES record with a symbolic link, which is not properly handled by the extractarchive function in extract.c and extractmangle function in...

DEBIAN-CVE-2006-6097

GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPENAMES record with a symbolic link, which is not properly handled by the extractarchive function in extract.c and extractmangle function in...

CVE-2006-6097

Summary: CVE-2006-6097 affects GNU tar (notably v1.15.1 and v1.16) due to improper handling of GNUTYPE_NAMES symlink records during extraction, enabling a user-assisted attacker to overwrite arbitrary files. Multiple advisories report the issue as a path-traversal vulnerability in tar extraction,...

CVE-2006-6097

GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPENAMES record with a symbolic link, which is not properly handled by the extractarchive function in extract.c and extractmangle function in...

RHEL 2.1 / 3 / 4 : texinfo (RHSA-2006:0727)

New Texinfo packages that fix various security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Texinfo is a documentation system that can produce both online information and printed output from a single source...

info, texinfo security update

CentOS Errata and Security Advisory CESA-2006:0727-1 New Texinfo packages that fix various security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Texinfo is a documentation system that can produce both onlin...

info, texinfo security update

CentOS Errata and Security Advisory CESA-2006:0727 New Texinfo packages that fix various security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Texinfo is a documentation system that can produce both online...

Moderate: Red Hat Security Advisory: texinfo security update

New Texinfo packages that fix various security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Texinfo is a documentation system that can produce both online information and printed output from a single source...