GLSA-200412-04 : Perl: Insecure temporary file creation

The remote host is affected by the vulnerability described in GLSA-200412-04 Perl: Insecure temporary file creation Some Perl modules create temporary files in world-writable directories with predictable names. Impact : A local attacker could create symbolic links in the temporary files directory...

CVE-2004-0996

CVE-2004-0996 affects cscope 15-4 and 15-5 where main.c creates temporary files with predictable names, enabling local symlink attacks to overwrite arbitrary files. The issue is a local-security vulnerability arising from insecure temporary file creation. Publicly documented fixes show upgrades t...

CVE-2004-1108

qpkg in Gentoolkit 0.2.0pre10 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary directory...

CVE-2004-1110

The mtink status monitor before 1.0.5 for Epson printers allows local users to overwrite arbitrary files via a symlink attack on the epson temporary file...

DSA-603-1 openssl - insecure temporary file

Bulletin has no description...

CVE-2004-0267

The 1 inoregupdate, 2 uniftest, or 3 unimove scripts in eTrust InoculateIT for Linux 6.0 allow local users to overwrite arbitrary files via a symlink attack on files in /tmp...

CVE-2004-0279

AIM Sniff aimSniff.pl 0.9b allows local users to overwrite arbitrary files via a symlink attack on /tmp/AS.log...

CVE-2004-0256

GNU libtool before 1.5.2, during compile time, allows local users to overwrite arbitrary files via a symlink attack on libtool directories in /tmp...

CVE-2004-0256

GNU libtool before 1.5.2, during compile time, allows local users to overwrite arbitrary files via a symlink attack on libtool directories in /tmp...

GLSA-200411-29 : unarj: Long filenames buffer overflow and a path traversal vulnerability

The remote host is affected by the vulnerability described in GLSA-200411-29 unarj: Long filenames buffer overflow and a path traversal vulnerability unarj has a bounds checking vulnerability within the handling of long filenames in archives. It also fails to properly sanitize paths when extracti...

Invision Power Board sources/post.php qpid Parameter SQL Injection

The version of Invision Power Board on the remote host suffers from a flaw in 'sources/post.php' that allows injection of SQL commands into the remote SQL database. An attacker may use this flaw to gain control of the remote database and possibly to overwrite files on the remote host. %NASLMINLEV...

CVE-2004-0564

Roaring Penguin pppoe rp-ppoe, if installed or configured to run setuid root contrary to its design, allows local users to overwrite arbitrary files. NOTE: the developer has publicly disputed the claim that this is a vulnerability because pppoe "is NOT designed to run setuid-root." Therefore this...

CVE-2004-0564

Roaring Penguin pppoe rp-ppoe, if installed or configured to run setuid root contrary to its design, allows local users to overwrite arbitrary files. NOTE: the developer has publicly disputed the claim that this is a vulnerability because pppoe "is NOT designed to run setuid-root." Therefore this...

CVE-2004-0916

Directory traversal vulnerability in cabextract before 1.1 allows remote attackers to overwrite arbitrary files via a cabinet file containing .. dot dot sequences in a filename...

unarj: Long filenames buffer overflow and a path traversal vulnerability

Background unarj is an ARJ archive decompressor. Description unarj has a bounds checking vulnerability within the handling of long filenames in archives. It also fails to properly sanitize paths when extracting an archive if the "x" option is used to preserve paths. Impact An attacker could trigg...

Cscope 13.015.x - Insecure Temporary File Creation (1)

Cscope 13.015.x - Insecure Temporary File Creation 1 source: https://www.securityfocus.com/bid/11697/info Cscope creates temporary files in an insecure way. A design error causes the application to fail to verify the presence of a file before writing to it. During execution, the utility reportedl...

Cscope 13.015.x - Insecure Temporary File Creation (2)

Cscope 13.015.x - Insecure Temporary File Creation 2 // source: https://www.securityfocus.com/bid/11697/info Cscope creates temporary files in an insecure way. A design error causes the application to fail to verify the presence of a file before writing to it. During execution, the utility...

Cscope 13.0/15.x - Insecure Temporary File Creation (2)

// source: https://www.securityfocus.com/bid/11697/info Cscope creates temporary files in an insecure way. A design error causes the application to fail to verify the presence of a file before writing to it. During execution, the utility reportedly creates temporary files in the system's temporar...

Cscope 13.0/15.x - Insecure Temporary File Creation (1)

source: https://www.securityfocus.com/bid/11697/info Cscope creates temporary files in an insecure way. A design error causes the application to fail to verify the presence of a file before writing to it. During execution, the utility reportedly creates temporary files in the system's temporary...

CVE-2004-1027

CVE-2004-1027 describes a directory traversal vulnerability in unarj, exploited via the -x (extract) option to create/write files outside the archive directory when filenames include “..”. The impact documented across connected sources includes potential overwriting of arbitrary files and, in com...