CVE-2004-0971

The krb5-send-pr script in the kerberos5 krb5 package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files...

CVE-2004-0976

CVE-2004-0976 affects the perl package, notably in Trustix Secure Linux 1.5–2.1 and similar OSes, due to a symlink attack that lets local users overwrite files via temporary files. Root cause is insecure temporary file handling in Perl modules; impact is local with partial integrity impact and no...

CVE-2004-0559

The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory...

CVE-2004-0966

CVE-2004-0966 : The GNU gettext package (versions 1.14 and later) contains insecure handling in the autopoint and gettextize scripts that can create or overwrite files via a symlink attack on temporary files. This affects Trustix Secure Linux 1.5–2.1 and other OSs that ship gettext. The vulnerabi...

CVE-2004-0971

The krb5-send-pr script in the kerberos5 krb5 package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files...

CVE-2004-0975

The CVE-2004-0975 issue affects the der_chop script in OpenSSL implementations (notably Trustix Secure Linux 1.5–2.1 and other OSes). The vulnerability arises from insecure temporary file handling, enabling a local user to overwrite files via a symlink attack. Documented impact is local privilege...

CVE-2004-0969

The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files...

CVE-2004-0967

The 1 pj-gs.sh, 2 ps2epsi, 3 pv.sh, and 4 sysvlp.sh scripts in the ESP Ghostscript espgs package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files...

CVE-2004-0975

The derchop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files...

CVE-2004-0976

Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files...

GLSA-200410-16 : PostgreSQL: Insecure temporary file use in make_oidjoins_check

The remote host is affected by the vulnerability described in GLSA-200410-16 PostgreSQL: Insecure temporary file use in makeoidjoinscheck The makeoidjoinscheck script insecurely creates temporary files in world-writeable directories with predictable names. Impact : A local attacker could create...

PostgreSQL: Insecure temporary file use in make_oidjoins_check

Background PostgreSQL is an open source database based on the POSTGRES database management system. It includes several contributed scripts including the makeoidjoinscheck script. Description The makeoidjoinscheck script insecurely creates temporary files in world-writeable directories with...

unarj -- directory traversal vulnerability

unarj has insufficient checks for filenames that contain ... This can allow an attacker to overwrite arbitrary files with the permissions of the user running unarj...

Mozilla Multiple Products XPInstall Arbitrary File Overwrite

The remote host is using Mozilla and/or Firefox, an alternative web browser. The version of this software is prone to an improper file permission setting. This flaw only exists if the browser is installed by the Mozilla Foundation package management, therefore, this alert might be a false positiv...

CubeCart index.php cat_id Parameter SQL Injection

There is a SQL injection issue in the remote version of CubeCart that could allow an attacker to execute arbitrary SQL statements on the remote host and to potentially overwrite arbitrary files on the remote system, by sending a malformed value to the 'catid' argument of the file 'index.php'...

PostgreSQL make_oidjoins_check Arbitrary File Overwrite

The remote PostgreSQL server, according to its version number, is vulnerable to an unspecified insecure temporary file creation flaw, which may allow a local attacker to overwrite arbitrary files with the privileges of the application. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

DSA-557-1 pppoe - missing privilegue dropping

Bulletin has no description...

PHP File Upload Vulnerability POC

PHP File Upload Vulnerability POC Title: Overwrite $FILE array in rfc1867 - Mime multipart/form-data File Upload Author: Stefano Di Paola Affected: Php = 5.0.1 Not Affected: Maybe some old Version of Php before 4.2.x Vulnerability Type: Possible write of a downloaded file in an arbitrary location...

Vulnerability in OpenSSL CVE-2004-0975

The derchop script created temporary files insecurely which could allow local users to overwrite files via a symlink attack on temporary files. Note that it is quite unlikely that a user would be using the redundant derchop script, and this script was removed from the OpenSSL distribution...

Debian DSA-053-1 : nedit - insecure temporary file

The nedit Nirvana editor package as shipped in the non-free section accompanying Debian GNU/Linux 2.2/potato had a bug in its printing code: when printing text it would create a temporary file with the to be printed text and pass that on to the print system. The temporary file was not created...