CVE-2003-0022

Removed by vendor...

CVE-2004-0108

The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107...

CVE-1999-1486

sadc in IBM AIX 4.1 through 4.3, when called from programs such as timex that are setgid adm, allows local users to overwrite arbitrary files via a symlink attack...

CVE-2004-0256

GNU libtool before 1.5.2, during compile time, allows local users to overwrite arbitrary files via a symlink attack on libtool directories in /tmp...

CVE-2003-0021

The "screen dump" feature in Eterm 0.9.1 and earlier allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, e.g. when the user views a file containing the malicious sequence...

CVE-2003-0021

The CVE-2003-0021 issue affects Eterm 0.9.1 and earlier, where the terminal’s screen-dump feature can be abused by a crafted escape sequence to overwrite arbitrary files when echoed to a user’s terminal (e.g., during viewing a file containing the sequence). The root cause is a vulnerability in ho...

MySQL: Insecure temporary file creation in mysqlhotcopy

Background MySQL is a popular open-source multi-threaded, multi-user SQL database server. Description Jeroen van Wolffelaar discovered that the MySQL database hot copy utility mysqlhotcopy.sh, when using the scp method, uses temporary files with predictable names. A malicious local user with writ...

GLSA-200408-13 : kdebase, kdelibs: Multiple security issues

The remote host is affected by the vulnerability described in GLSA-200408-13 kdebase, kdelibs: Multiple security issues KDE contains three security issues: Insecure handling of temporary files when running KDE applications outside of the KDE environment DCOPServer creates temporary files in an...

GLSA-200405-05 : Utempter symlink vulnerability

The remote host is affected by the vulnerability described in GLSA-200405-05 Utempter symlink vulnerability Utempter contains a vulnerability that may allow local users to overwrite arbitrary files via a symlink attack. Impact : This vulnerability may allow arbitrary files to be overwritten with...

GLSA-200405-11 : KDE URI Handler Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200405-11 KDE URI Handler Vulnerabilities The telnet, rlogin, ssh and mailto URI handlers in KDE do not check for '-' at the beginning of the hostname passed. By crafting a malicious URI and entice an user to click on it, it is...

Mandrake Linux Security Advisory : shorewall (MDKSA-2004:080)

The shorewall package has a vulnerability when creating temporary files and directories, which could allow non-root users to overwrite arbitrary files on the system. The updated packages are patched to fix the problem. As well, for Mandrakelinux 10.0, the updated packages have been fixed to start...

PHP Topsites 'counter.php' Arbitrary File Overwrite

Binary data 1533.prm...

Samba < 2.2.8 Fragment Reassembly Overflow / Arbitrary File Overwrite

Binary data 1339.prm...

scp < 2.1 Traversal File Create/Overwrite

Binary data 1970.prm...

Mozilla Predictable Temporary File Symbolic Link Arbitrary File Overwrite (deprecated)

Binary data 1309.prm...

CVE-2004-0457

The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the scp method from the mysql-server package, allows local users to overwrite arbitrary files via a symlink attack on temporary files...

CVE-2003-0193

msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users to overwrite arbitrary files via a symlink attack on predictable temporary file names "word$$.html"...

CVE-2004-0233

Utempter allows device names that contain .. dot dot directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files...

DEBIAN-CVE-2004-0175

Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992...

CVE-2003-0193

msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users to overwrite arbitrary files via a symlink attack on predictable temporary file names "word$$.html"...