CVE-2005-3240

CVE-2005-3240 is described as a race condition in Microsoft Internet Explorer where a user-assisted drag-and-drop action could overwrite files or possibly execute code. The connected CVE-3840 records indicate this SQL injection entry is a duplicate/typo and that the correct identifier is CVE-2005...

Code injection

Unspecified vulnerability in rshd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2, when storing forwarded credentials, allows attackers to overwrite arbitrary files and change file ownership via unknown vectors...

CVE-2006-0582

Unspecified vulnerability in rshd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2, when storing forwarded credentials, allows attackers to overwrite arbitrary files and change file ownership via unknown vectors...

CVE-2006-0582

Unspecified vulnerability in rshd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2, when storing forwarded credentials, allows attackers to overwrite arbitrary files and change file ownership via unknown vectors...

CVE-2006-0582

CVE-2006-0582 affects Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2. In rshd, when storing forwarded credentials, an attacker can overwrite arbitrary files and change file ownership via unknown vectors. This is a local‑impact vulnerability with low CVSS base score (2.1) per the NVD data, and ...

CVE-2006-0575

convert-fcrontab in Fcron 2.9.5 and 3.0.0 allows remote attackers to create or overwrite arbitrary files via ".." sequences and a symlink attack on the temporary file that is used during conversion...

CVE-2005-4690

Six Apart Movable Type 3.16 allows local users with blog-creation privileges to create or overwrite arbitrary files of certain types such as HTML and image files by selecting an arbitrary directory as a blog's top-level directory. NOTE: this issue can be used in conjunction with CVE-2005-3102 to...

CVE-2005-4691

CVE-2005-4691 covers a local privilege issue in imake across NetBSD (before 2.0.3 and NetBSD-current before 2005-09-12) and certain X.Org/XFree86 versions. The vulnerability arises from a symlink attack on the temporary file used for the file.0 target, allowing a local user to overwrite arbitrary...

[Full-disclosure] Oracle Reports - Overwrite any application server file via desname (fixed after 889 days)

Hello FD-Reader It took only 889 days to fix this problem. Summary and additional information concerning the Oracle January 2006 CPU is available here: http://www.red-database-security.com/advisory/oraclecpujan2006.html http://www.red-database-security.com/advisory/oraclereportsoverwritea...

CVE-2005-3126

The CVE-2005-3126 issue affects antiword scripts (kantiword.sh and gantiword.sh) in antiword up to version 0.35 and earlier. A symlink-based insecure temporary file creation in the scripts allows local attackers to overwrite arbitrary files via temporary output and error files. Debian DSAs (DSA-9...

CVE-2005-3126

The 1 kantiword kantiword.sh and 2 gantiword gantiword.sh scripts in antiword 0.35 and earlier allow local users to overwrite arbitrary files via a symlink attack on temporary a output and b error files...

CVE-2006-0223

CVE-2006-0223 is a directory traversal vulnerability in Shanghai TopCMM 123 Flash Chat Server Software 5.1. Attackers can create or overwrite arbitrary files on the server by supplying ".." sequences in the username field. The provided documents describe the affected product and the vulnerability...

CVE-2005-3126

The 1 kantiword kantiword.sh and 2 gantiword gantiword.sh scripts in antiword 0.35 and earlier allow local users to overwrite arbitrary files via a symlink attack on temporary a output and b error files...

CVE-2005-4803

graphviz before 2.2.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files. NOTE: this issue was originally associated with a different CVE identifier, CVE-2005-2965, which had been used for multiple different issues. This is the correct identifier...

CVE-2005-4802

Flexbackup 1.2.1 and earlier allows local users to overwrite files and execute code via a symlink attack on temporary files. NOTE: the raw source referenced an incorrect candidate number; this is the correct number to use...

CVE-2005-4802

Flexbackup 1.2.1 and earlier allows local users to overwrite files and execute code via a symlink attack on temporary files. NOTE: the raw source referenced an incorrect candidate number; this is the correct number to use...

CVE-2005-3126

The 1 kantiword kantiword.sh and 2 gantiword gantiword.sh scripts in antiword 0.35 and earlier allow local users to overwrite arbitrary files via a symlink attack on temporary a output and b error files...

CVE-2005-1918

The original patch for a GNU tar directory traversal vulnerability CVE-2002-0399 in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/"...

CVE-2005-4803

graphviz before 2.2.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files. NOTE: this issue was originally associated with a different CVE identifier, CVE-2005-2965, which had been used for multiple different issues. This is the correct identifier...

CVE-2005-3341

DHIS tools DNS package dhis-tools-dns before 5.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files created by 1 register-q.sh and 2 register-p.sh...