CVE-2002-2267

bogopass in bogofilter 0.9.0.4 allows local users to overwrite arbitrary files via a symlink attack on the bogopass temporary file...

CVE-2002-1366

Common Unix Printing System CUPS 1.1.14 through 1.1.17 allows local users with lp privileges to create or overwrite arbitrary files via file race conditions, as demonstrated by ice-cream...

CVE-2002-1344

Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing 1 /absolute/path or 2 .. dot dot sequences...

CVE-2002-1345

Technical details for CVE-2002-1345 are not provided in the supplied connected documents; no explicit affected products, versions, or fixes are available here. Monitor for updates.

Moderate: Red Hat Security Advisory: wget security update

The wget packages shipped with Red Hat Linux Advanced Server 2.1 contain a security bug which, under certain circumstances, can cause local files to be written outside the download directory. Updated 09 Jan 2003 Added fixed packages for the Itanium IA64 architecture. Updated 06 Feb 2003 Added fix...

CVE-2002-1216

GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check...

CVE-2002-1216

GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check...

CVE-2002-1216

GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check...

CVE-2002-0399

Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a 1 "/.." or 2 "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267...

[SECURITY] [DSA 172-1] New tkmail packages fix insecure temporary file creation

-------------------------------------------------------------------------- Debian Security Advisory DSA 172-1 [email protected] http://www.debian.org/security/ Martin Schulze October 8th, 2002 http://www.debian.org/security/faq -...

DSA-172 tkmail - insecure temporary files

Bulletin has no description...

CVE-2002-0887

scoadmin for Caldera/SCO OpenServer 5.0.5 and 5.0.6 allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using log files...

Unauthorized access in OpenVMS POP3 server

It's possible to overwrite local file by specifing it as a log file...

OpenVMS POP server local vulnerability

Akita Security Advisory 27/09/2002 OpenVMS UCX$POPSERVER.EXE vulnerability Advisory: http://www.akita-security.co.uk/VMS/ucxpopserver.txt VMS security tool http://www.akita-security.co.uk/stoat Overview ======== UCX is the main TCP/IP stack for OpenVMS. Akita Security have discovered a...

Low: Red Hat Security Advisory: : : : Updated unzip and tar packages fix vulnerabilities

The unzip and tar utilities contain vulnerabilities which can allow arbitrary files to be overwritten during archive extraction. updated Jan 22 2003 Added description of CAN-2002-1216 which was also fixed by these erratum packages The unzip and tar utilities are used for manipulating archives,...

Mike Spice's Quiz Me! does not adequately validate user input

Overview Mike Spice's Quiz Me! does not adequately validate user input, allowing directory traversal. As a result, an attacker can cause Quiz Me! to overwrite any file on the server to which the web server process has write privileges. Description Mike Spice's Quiz Me! is a CGI script written in...

Mike Spice's My Calendar does not adequately validate user input

Overview Mike Spice's My Calendar does not adequately validate user input, allowing directory traversal. As a result, an attacker can cause My Calendar to overwrite any file on the server to which the web server process has write privileges. Description Mike Spice's My Calendar is a CGI script...

Mike Spice's Vote does not adequately validate user input

Overview Mike Spice's Vote does not adequately validate user input, allowing directory traversal. As a result, an attacker can cause Vote to overwrite any file on the server to which the web server process has write privileges. Description Mike Spice's Vote is a CGI script written in Perl and...

Security Issue with Mac OS X

Below is the copy of the email I sent to Apple a week ago I have dropped them a copy of the mail on their feedback web page, too. Since I haven't heard of them since, I have chosen to make the security issue available to the community. Below the copy of the mail is a short discussion of the...

scrollkeeper.txt

------------------------------------------------------------------------- Release date : September 2 2002 Author : Spybreak [email protected] Package : Scrollkeeper Version : 0.3.4, 0.3.11 Severity : Medium to High Vendor homepage : scrollkeeper.sourceforge.net Status : vendor contacted Problem :...