6871 matches found
CVE-2001-1494
CVE-2001-1494 affects util-linux (and mount) prior to versions updated in RHSA-2005:782. The issue is a hardlink-based flaw in the script command: a local attacker can create a hardlink named typescript in a writable directory, and when the script command is run by root, the attacker’s file can b...
[SA15723] Sun Solaris lpadmin Arbitrary File Overwrite Vulnerability
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
[ GLSA 200506-08 ] GNU shtool, ocaml-mysql: Insecure temporary file creation
Gentoo Linux Security Advisory GLSA 200506-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
GNU shtool, ocaml-mysql: Insecure temporary file creation
Background GNU shtool is a compilation of small shell scripts into a single shell tool. The ocaml-mysql package includes the GNU shtool code. Description Eric Romang has discovered that GNU shtool insecurely creates temporary files with predictable filenames CAN-2005-1751. On closer inspection,...
security flaw
Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992...
CVE-2005-1880
Vulnerability summary (CVE-2005-1880) everybuddy versions 0.4.3 and earlier are affected. Local users can overwrite arbitrary files through a symlink attack on a temporary file created by a system call to wget. The PT-2005-2837 entry confirms the affected versions and describes the issue as a sym...
PT-2005-2836 · Lutelwall · Lutelwall
Name of the Vulnerable Software and Affected Versions: LutelWall versions 0.97 and earlier Description: The issue allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget. This is a result of a symlink attack vulnerability...
CVE-2005-1846
Multiple directory traversal vulnerabilities in YaMT before 0.52 allow attackers to overwrite arbitrary files via the 1 rename or 2 sort options...
CVE-2004-2097
Multiple scripts on SuSE Linux 9.0 allow local users to overwrite arbitrary files via a symlink attack on 1 /tmp/fvwm-bug created by fvwm-bug, 2 /tmp/wmmenu created by wm-oldmenu2new, 3 /tmp/rates created by x11perfcomp, 4 /tmp/xf86debug.1.log created by xf86debug, 5 /tmp/.winpopup-new created by...
shtool insecure temporary file creation
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 shtool insecure temporary file creation Vendor: http://www.gnu.org/software/shtool/ Advisory: http://www.zataz.net/adviso/shtool-05252005.txt Vendor informed: no more vendor Exploit available: yes Impact : low Exploitation : low shtool contain a...
CVE-2004-1894
TEXutil in ConTEXt, when executed with the --silent option, allows local users to overwrite arbitrary files via a symlink attack on texutil.log...
CVE-2004-1894
The CVE-2004-1894 issue concerns TEXutil in ConTEXt. When TEXutil is run with the --silent option, a local user can cause a symlink attack on texutil.log to overwrite arbitrary files. Affected component: TEXutil/ConTEXt. Root cause: symlink handling during silent mode leading to unauthorized file...
CVE-2004-1951
CVE-2004-1951 affects xine 1.x (alpha/beta, 1.0rc through 1.0rc3a) and xine-ui 0.9.21–0.9.23. The vulnerability allows a remote attacker to overwrite arbitrary files via MRL links using the audio.sun_audio_device or dxr3.devicename options. Impact is arbitrary file writes within the permissions o...
CVE-2004-1901
Portage (Gentoo) vulnerability CVE-2004-1901: Portage before 2.0.50-r3 allows a local attacker to overwrite arbitrary files via a hard link attack on the lockfiles. This is a local-privilege issue tied to the lockfile handling. Affected software is Portage; the root cause is the hard link attack ...
CVE-2004-1951
xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the 1 audio.sunaudiodevice or 2 dxr3.devicename options in an MRL link...
CVE-2003-1155
X-CD-Roast 0.98 alpha10 through alpha14 allows local users to overwrite arbitrary files via a symlink attack on an unknown file...
CVE-2003-1155
X-CD-Roast 0.98 alpha10 through alpha14 is vulnerable to a local symlink attack that allows a local user to overwrite arbitrary files. Affected: X-CD-Roast 0.98 alpha10–alpha14. Root cause: symlink manipulation enabling file overwrite. Impact: as described, enables partial impact to confidentiali...
CVE-2004-1808
The CVE-2004-1808 issue concerns Extcompose in metamail, where the tool does not verify the output file before writing, permitting a local user to overwrite arbitrary files via a symlink attack. Affected component: Extcompose/m metamail (exact version not specified in provided documents). Root ca...
CVE-2004-1951
xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the 1 audio.sunaudiodevice or 2 dxr3.devicename options in an MRL link...
CVE-2004-2014
Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded...