6860 matches found
CVE-2000-0728
xpdf PDF viewer client earlier than 0.91 allows local users to overwrite arbitrary files via a symlink attack...
CVE-2000-0715
DiskCheck script diskcheck.pl in Red Hat Linux 6.2 allows local users to create or overwrite arbitrary files via a symlink attack on a temporary file...
CVE-2000-0702
The net.init rc script in HP-UX 11.00 S008net.init allows local users to overwrite arbitrary files via a symlink attack that points from /tmp/stcp.conf to the targeted file...
CVE-2000-0533
Vulnerability in cvconnect in SGI IRIX WorkShop allows local users to overwrite arbitrary files...
CVE-2000-0728
xpdf PDF viewer client earlier than 0.91 allows local users to overwrite arbitrary files via a symlink attack...
CVE-2000-0566
The CVE-2000-0566 issue concerns the makewhatis script in the Linux man package. The attached documents confirm a local-privilege escalation/vector: makewhatis creates files in /tmp with predictable names and can be exploited via symlink attacks to overwrite arbitrary files or gain elevated privi...
CVE-2000-0533
Technical details about CVE-2000-0533 (SGI IRIX WorkShop cvconnect) are not publicly provided in the supplied documents. Monitor for updates from official sources.
CVE-2000-0566
makewhatis in Linux man package allows local users to overwrite files via a symlink attack...
CVE-2000-0530
The CVE-2000-0530 entry describes a vulnerability in KDE 1.1.2 where the KApplication-class creates configuration files without proper ownership checks or existence verification. The result is a local privilege-attack risk: a local user can exploit a symlink/ownership flaw to overwrite arbitrary ...
CVE-2000-0530
The KApplication class in the KDE 1.1.2 configuration file management capability allows local users to overwrite arbitrary files...
CVE-2000-0728
CVE-2000-0728 affects the xpdf PDF viewer client prior to 0.91. The issue is a local file overwrite via a symlink attack, enabling a local user to overwrite arbitrary files. The connected documents do not provide explicit exploit details, mitigations, or patched versions beyond this description. ...
FreeBSD-SA-00:55.xpdf
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:55 Security Advisory FreeBSD, Inc. Topic: xpdf contains multiple vulnerabilities Category: ports Module: xpdf Announced: 2000-10-13 Credits: Unknown Affects: Ports...
MDKSA-2000:057 - openssh update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Linux-Mandrake Security Update Advisory Package name: openssh Date: October 10th, 2000 Advisory ID: MDKSA-2000:057 Affected versions: 7.0, 7.1 Problem Description: A problem exists with openssh's scp program. If a user uses scp to move files from a...
Дырка в GNOrpm
Некорректная работа с временными файлами позволяет переписать любой файл...
scp.hole.txt
This issue appears quite often - tar suffers from problem of this kind as well using cute symlink tricks, you can create an archive, which, when unpacked, can overwrite or create specific files anywhere in your filesystem. This time, similar scp vulnerability has been found and acknowledged in ss...
OpenSSH 1.2 - '.scp' File Create/Overwrite
source: https://www.securityfocus.com/bid/1742/info A vulnerability exists in the 1.2.x releases of scp which, if properly exploited using a modified scp binary on the server end, can permit the remote server to spoof local pathnames and overwrite files belonging to the local user. For example,...
ld.so bug - LD_DEBUG_OUTPUT follows symlinks
Hi, ld.so from glibc2 doesn't unset variables LDDEBUGOUTPUT and LDDEBUG when running suid. If program calls setuid0 and then fork, child process will follow prepared symlink $LDDEBUGOUTPUT.$pid and overwrites any file in system. Jakub Vlasek...
CVE-2000-0724
CVE-2000-0724 involves the go-gnome Helix GNOME pre-installer. The vulnerability arises from a symlink attack in /tmp that lets local users overwrite arbitrary files, including uudecode, snarf, and some installer files. The described impact is complete confidentiality, integrity, and availability...
CVE-2000-0724
The go-gnome Helix GNOME pre-installer allows local users to overwrite arbitrary files via a symlink attack on various files in /tmp, including uudecode, snarf, and some installer files...
Дырка в keydebugd в True64 Unix
ПРотокол позволяет перезаписать любой файл неавторизованным пользователем с привилегией root...