Trojan file issue in Musicmatch software

Hyperdose Security Advisory Name: Arbitrary file overwrite in Musicmatch Systems Affected: Musicmatch v10.00.2047 or earlier according to Yahoo v9.00.5059 and earlier are also affected Severity: Moderate Author: Robert Fly - [email protected] Advisory URL:...

CVE-2005-0004

The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files...

CVE-2005-1066

Race condition in rpdump in Pine 4.62 and earlier allows local users to overwrite arbitrary files via a symlink attack...

CVE-2005-0465

CVE-2005-0465 concerns SGI IRIX gr_osview, a setuid-root utility. Local attackers can exploit a privilege-inheritance flaw by using gr_osview -s to open files without dropping privileges, potentially overwriting arbitrary files (e.g., /etc/shadow) when an attacker has a local account and an open ...

iDEFENSE Security Advisory 04.07.05: SGI IRIX gr_osview File Overwrite Vulnerability

SGI IRIX grosview File Overwrite Vulnerability iDEFENSE Security Advisory 04.07.05 http://www.idefense.com/application/poi/display?type=vulnerabilities April 7, 2005 I. BACKGROUND The grosview application is a setuid root application that provides a graphical display of usage of certain types of...

SGI IRIX 6.5.22 - GR_OSView Local Arbitrary File Overwrite

SGI IRIX 6.5.22 - GROSView Local Arbitrary File Overwrite source: https://www.securityfocus.com/bid/13058/info A local file overwrite vulnerability affects SGI IRIX. This issue is due to a failure of the affected utility to drop privileges prior to carrying out critical functionality. An attacker...

SGI IRIX 6.5.22 - GR_OSView Local Arbitrary File Overwrite

source: https://www.securityfocus.com/bid/13058/info A local file overwrite vulnerability affects SGI IRIX. This issue is due to a failure of the affected utility to drop privileges prior to carrying out critical functionality. An attacker may leverage this issue to cause the affected utility to...

CVE-2005-0991

CVE-2005-0991 concerns IBM AIX 5.1/5.2/5.3 where the RC.BOOT component does not use a secure location for temporary files. The connected documents confirm a local-access vulnerability with an unknown impact, reportedly possibly enabling overwriting of files. The vulnerability details are consiste...

CVE-2005-0894

The CVE-2005-0894 issue affects OpenMosixview 1.5 (OpenmosixView) and its OpenMosixcollector daemon. A symlink attack allows local users to overwrite or delete arbitrary files by exploiting insecure temporary file handling in the openmosixcollector directory and in nodes.tmp. Connected advisories...

CVE-2005-0866

cdrecord before 4:2.0, when DEBUG is enabled, allows local users to overwrite arbitrary files via a symlink attack on temporary files...

CVE-2005-0866

CVE-2005-0866 affects cdrecord before 4:2.0. When DEBUG is enabled, it allows local users to overwrite arbitrary files via a symlink attack on temporary files. The issue is documented across NVD, Ubuntu, Mandrake advisories, and related CVE entries, which note that an updated package containing a...

CVE-2005-0587

Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK link file twice, which overwrites the file that was referenced in the first .LNK file...

GLSA-200503-30 : Mozilla Suite: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200503-30 Mozilla Suite: Multiple vulnerabilities The following vulnerabilities were found and fixed in the Mozilla Suite: Mark Dowd from ISS X-Force reported an exploitable heap overrun in the GIF processing of obsolete Netscape...

CVE-2002-1600

CVE-2002-1600 describes a directory traversal vulnerability in Mike Spice’s My Classifieds (classifieds.cgi) prior to version 1.3. The flaw enables remote attackers to overwrite arbitrary files via the category parameter, indicating insufficient input validation/sanitization in the CGI handling o...

CVE-2005-0099

The SDL port of abuse abuse-SDL before 2.00 does not properly drop privileges before creating certain files, which allows local users to create or overwrite arbitrary files...

GLSA-200503-14 : KDE dcopidlng: Insecure temporary file creation

The remote host is affected by the vulnerability described in GLSA-200503-14 KDE dcopidlng: Insecure temporary file creation Davide Madrisan has discovered that the dcopidlng script creates temporary files in a world-writable directory with predictable names. Impact : A local attacker could creat...

CVE-2004-1027

Directory traversal vulnerability in the -x extract command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. dot dot sequences...

GLSA-200502-32 : UnAce: Buffer overflow and directory traversal vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200502-32 UnAce: Buffer overflow and directory traversal vulnerabilities Ulf Harnhammar discovered that UnAce suffers from buffer overflows when testing, unpacking or listing specially crafted ACE archives CAN-2005-0160. He also...

CVE-2005-0587

CVE-2005-0587 : Firefox versions before 1.0.1 and Mozilla before 1.7.6 are affected. A remote attacker can trick a user into downloading a .LNK file twice, causing arbitrary files referenced by the first link to be overwritten. This stems from how the .LNK files are processed during download. Aff...

UnAce: Buffer overflow and directory traversal vulnerabilities

Background UnAce is an utility to extract, view and test the contents of an ACE archive. Description Ulf Harnhammar discovered that UnAce suffers from buffer overflows when testing, unpacking or listing specially crafted ACE archives CAN-2005-0160. He also found out that UnAce is vulnerable to...