CVE-2005-0161

CVE-2005-0161 concerns unace 1.2b, with confirmed issues in multiple advisories. The vulnerability allows directory traversal via ACE archives containing sequences such as "../" or absolute pathnames, potentially enabling overwriting arbitrary files. Some sources also describe buffer overflows du...

Overwrite arbitrary files downloading .lnk twice — Mozilla

If a windows user can be convinced to download a .lnk file twice to the same location an attacker can overwrite essentially delete arbitrary files on the user's machine: the file referenced by the first .lnk will be overwritten by the second download rather than replacing the .lnk itself. On some...

CVE-2005-0161

Multiple directory traversal vulnerabilities in unace 1.2b allow attackers to overwrite arbitrary files via an ACE archive containing 1 ../ sequences or 2 absolute pathnames...

CVE-2005-0161

Multiple directory traversal vulnerabilities in unace 1.2b allow attackers to overwrite arbitrary files via an ACE archive containing 1 ../ sequences or 2 absolute pathnames...

DEBIAN-CVE-2005-0161

Multiple directory traversal vulnerabilities in unace 1.2b allow attackers to overwrite arbitrary files via an ACE archive containing 1 ../ sequences or 2 absolute pathnames...

xfinder-ds.pl

HEADER: OSX Finder DSStore arbitrary file overwrite vulnerability. CONTACT: vade79 - [email protected] fakehalo/realhalo CATEGORY: Local with user intervention. IMPACT: Privilege escalation. REFERENCE: http://fakehalo.us/xfinder-ds.pl BACKGROUND: The Finder is the application that Mac OS X and earli...

CVE-2004-1487

CVE-2004-1487 affects wget 1.8.x and 1.9.x, where a remote server can cause overwriting of local files via a redirect URL containing ".." that resolves to the attacker’s IP, bypassing wget’s ".." filtering. Connected docs confirm this as a vulnerability in redirection URL handling and indicate up...

CVE-2005-0159

The tpkg- scripts in the toolchain-source 3.0.4 package on Debian GNU/Linux 3.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files...

CVE-2004-1487

wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences...

CVE-2004-1487

wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences...

GLSA-200501-24 : tnftp: Arbitrary file overwriting

The remote host is affected by the vulnerability described in GLSA-200501-24 tnftp: Arbitrary file overwriting The 'mget' function in cmds.c lacks validation of the filenames that are supplied by the server. Impact : An attacker running an FTP server could supply clients with malicious filenames,...

CVE-2004-0851

CVE-2004-0851 affects Net-Acct before version 0.71, where write_list and dump_curr_list could allow local users to overwrite arbitrary files via insecure temporary file handling (symlink attack). Mitigation: Debian fixed in DSA-559-1, upgrading net-acct to 0.71-5woody1 (and 0.71-7 for sid) is rec...

CVE-2004-0851

The 1 writelist and 2 dumpcurrlist functions in Net-Acct before 0.71 allows local users to overwrite arbitrary files via a symlink attack on temporary files...

CVE-2005-0342

The Finder in Mac OS X and earlier allows local users to overwrite arbitrary files and gain privileges by creating a hard link from the .DSStore file to an arbitrary file...

CVE-2005-0304

CVE-2005-0304 describes a directory traversal in DivX Player 2.6 and earlier. A specially crafted ZIP file containing a skin allows a remote attacker to overwrite arbitrary files by using a .. in a filename, enabling possible partial availability impact as reflected in the CVSS score. The records...

Mandrake Linux Security Advisory : perl-DBI (MDKSA-2005:030)

Javier Fernandez-Sanguino Pena disovered the perl5 DBI library created a temporary PID file in an insecure manner, which could be exploited by a malicious user to overwrite arbitrary files owned by the user executing the parts of the library. The updated packages have been patched to prevent thes...

CVE-2004-0967

The 1 pj-gs.sh, 2 ps2epsi, 3 pv.sh, and 4 sysvlp.sh scripts in the ESP Ghostscript espgs package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files...

CVE-2004-0974

The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files...

CVE-2004-0966

The 1 autopoint and 2 gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a symlink attack on temporary files...

CVE-2004-0966

The 1 autopoint and 2 gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a symlink attack on temporary files...