6860 matches found
mysqlbug tmpfile/symlink vulnerability.
Product: mysqlbug packaged with MySQL. Versions: All Bug: Symlink bug / tmpfile bug. Impact: Attacker's can overwrite arbitrary files. Risk: Low/Medium Date: March 24, 2004 Author: Shaun Colley Email: shaunige yahoo co uk WWW: http://www.nettwerked.co.uk Introduction MySQL is an open-source, fast...
MySQL insecure temporary file creation (mysqlbug)
Shaun Colley reports that the script mysqlbug' included with MySQL sometimes creates temporary files in an unsafe manner. As a result, an attacker may create a symlink in /tmp so that if another user invokes mysqlbug' and quits without making any changes, an arbitrary file may be overwritten with...
CVE-2004-0283
Mailmgr 1.2.3 allows local users to overwrite arbitrary files via a symlink attack on 1 /tmp/mailmgr.unsort, 2 /tmp/mailmgr.tmp, or 3 /tmp/mailmgr.sort...
CVE-2004-0279
AIM Sniff aimSniff.pl 0.9b allows local users to overwrite arbitrary files via a symlink attack on /tmp/AS.log...
CVE-2004-0267
The 1 inoregupdate, 2 uniftest, or 3 unimove scripts in eTrust InoculateIT for Linux 6.0 allow local users to overwrite arbitrary files via a symlink attack on files in /tmp...
CVE-2004-0279
AIM Sniff (aimSniff.pl) 0.9b is affected. A local user can overwrite arbitrary files via a symlink attack on /tmp/AS.log, indicating a local file overwrite vulnerability in this tool. The provided connected documents confirm the affected component and the root cause (symlink leading to /tmp/AS.lo...
CVE-2004-0283
CVE-2004-0283 affects Mailmgr 1.2.3, where local users can overwrite arbitrary files via a symlink attack against /tmp/mailmgr.unsort, /tmp/mailmgr.tmp, or /tmp/mailmgr.sort. The root cause is improper handling of temporary files that allows a local attacker to leverage symlinks to redirect file ...
CVE-2004-0107
The 1 post and 2 trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108...
Metamail 'extcompose' script Symlink Vulnerability
Product: Extcompose included with the common metamail package. http://bmrc.berkeley.edu/trey/emacs/metamail.html Versions: All Bug: Symlink bug / race condition Impact: Attacker's can write to arbitrary files, and in theory, elevate privileges Date: March 11, 2004 Author: Shaun Colley Email:...
[SECURITY] [DSA 460-1] New sysstat packages fix insecure temporary file creation
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 460-1 [email protected] http://www.debian.org/security/ Matt Zimmerman March 10th, 2004 http://www.debian.org/security/faq -...
Moderate: Red Hat Security Advisory: sysstat security update
Updated sysstat packages that fix various bugs and security issues are now available. Sysstat is a tool for gathering system statistics. Isag is a utility for graphically displaying these statistics. A bug was found in the Red Hat sysstat package post and trigger scripts, which used insecure...
CVE-2004-1360
Unknown vulnerability in convfix in Sun Solaris 7 through 9, when invoked by convlpd, allows local users to overwrite arbitrary files...
CVE-2003-0924
netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files...
Symlink vulnerabilities in mailmgr
--------------------------------------------------------- Title : Symlink vulnerabilities in mailmgr Bug finder : Marco van Berkum [email protected] Website : http://ws.obit.nl URL to mailmgr : http://web.onda.com.br/orso/mailmgr.html Tested version : Mailmgr-1.2.3 Date : 12 Feb 2004...
Multiple tools within the Netpbm package create temporary files in an insecure manner
Overview Multiple tools within the Netpbm package create temporary files in an insecure manner. Description Netpbm is a toolkit that contains over 220 separate tools for manipulating graphic images. Multiple tools within the Netpbm package create temporary files insecurely. --- Impact A local...
DSA-426 netpbm-free - insecure temporary files
Bulletin has no description...
CVE-2004-0059
Directory traversal vulnerability in upload capability of WWW File Share Pro 2.42 and earlier allows remote attackers to overwrite arbitrary files via .. dot dot sequences in the filename parameter of a Content-Disposition: header...
CVE-2004-0064
The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows local users to overwrite arbitrary files via a symlink attack on files within the tmp.SuSEconfig.gnome-filesystem.$RANDOM temporary directory...
wwwfilesharepro.txt
Luigi Auriemma Application: WWW File Share Pro http://www.wfshome.com Versions: From the vendor's website: "WWW File Share Pro is a small HTTP server that can help you share files with your friends. They can download files from your computer or upload files from theirs. Simply specify a directory...
SuSE linux 9.0 YaST config Skribt Local Exploit
Exploit for linux platform in category local exploits =============================================== SuSE linux 9.0 YaST config Skribt Local Exploit =============================================== include include include define PATH "/tmp/tmp.SuSEconfig.gnome-filesystem." define START 1 define E...