MDKSA-2000:041 - xpdf update

Linux-Mandrake Security Update Advisory Package name: xpdf Date: August 29th, 2000 Advisory ID: MDKSA-2000:041 Affected versions: 6.0, 6.1, 7.0, 7.1 Problem Description: There is a potential race condation when using tmpnam and fopen in xpdf versions prior to 0.91. This exploit can be only used a...

CVE-2000-0614

Tnef program in Linux systems allows remote attackers to overwrite arbitrary files via TNEF encoded compressed attachments which specify absolute path names for the decompressed output...

CVE-2000-0614

The CVE-2000-0614 entry concerns the TNEF program on Linux systems, where remote attackers can overwrite arbitrary files by sending TNEF-encoded compressed attachments that specify absolute paths for decompressed output. The NVD metrics indicate high severity with network attack vector, no authen...

Multiple bugs in Alibaba 2.0

Application: Alibaba 2.0 Problem Type: Multiple Problems3 Author: [email protected] Platforms: Windows 95/98/NT Vendor Status: Not Informed Vendor Website: http://csm.alcyonis.fr Product Description ------------------- Alibaba is a fully functional http server for windows 95/98/NT. It...

alibaba.txt

Application: Alibaba 2.0 Problem Type: Multiple Problems3 Author: Prizm Platforms: Windows 95/98/NT Vendor Status: Not Informed Vendor Website: http://csm.alcyonis.fr Product Description ------------------- Alibaba is a fully functional http server for windows 95/98/NT. It supports cgi among many...

CVE-2000-0387

CVE-2000-0387 affects the FreeBSD ports golddig makelev program, where local users can overwrite arbitrary files. The vulnerability is a local issue with partial integrity impact and a low base score (2.1). The available documents do not provide exploitation details, affected versions beyond the ...

CVE-2000-0409

CVE-2000-0409 affects Netscape 4.73 and earlier. When importing a new certificate, Netscape follows symlinks, allowing a local user to overwrite files owned by the user importing the certificate. The available documents state the issue and the affected behavior but do not specify exact vulnerable...

CVE-2000-0387

The makelev program in the golddig game from the FreeBSD ports collection allows local users to overwrite arbitrary files...

Дырка в Apache::ASP

Один из файлов с примерами ./site/eg/source.asp позволяет перезаписать файл в локальной директории...

CVE-2000-0614

Tnef program in Linux systems allows remote attackers to overwrite arbitrary files via TNEF encoded compressed attachments which specify absolute path names for the decompressed output...

Дырка в IRIX Workshop

Утилита cvconnect позволяет переписать любой файл в системе...

IRIX WorkShop cvconnect(1M) Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Silicon Graphics Inc. Security Advisory Title: IRIX WorkShop cvconnect1M Vulnerability Number: 20000601-01-P Date: June 20, 2000 Silicon Graphics provides this information freely to the SGI user community for its consideration, interpretation, implementation and...

HP Security vulnerability in the man command

Systems Affected: HPUX 10.20 and 11.00 and probably other revs. Short Description: The 'man' command potentially allows attackers to overwrite any arbitrary file on the system via symlink bugs. I notified HP on 5-8-2000 and I've been told that a patch is forthcoming soon. No HP advisory has come...

CVE-2000-0468

man in HP-UX 10.20 and 11 allows local attackers to overwrite files via a symlink attack...

HP-UX 10.2011.0 - man tmp Symlink

HP-UX 10.2011.0 - man tmp Symlink source: https://www.securityfocus.com/bid/1302/info The programmers of the 'man' command on various HPUX releases have made several fatal mistakes that allow an attacker to trivially set a trap that could result in any arbitrary file being overwritten on the syst...

HP-UX 10.20/11.0 - man '/tmp' Symlink

source: https://www.securityfocus.com/bid/1302/info The programmers of the 'man' command on various HPUX releases have made several fatal mistakes that allow an attacker to trivially set a trap that could result in any arbitrary file being overwritten on the system when root runs the 'man' comman...

CVE-2000-0530

The KApplication class in the KDE 1.1.2 configuration file management capability allows local users to overwrite arbitrary files...

Проблема символьных линков в Netscape

При создании временого файла с предсказуемым именем для хранения сертификата сервера не проверяется наличие символьного линка. Таким образом может быть перезаписан файл принадлежащий пользователю...

CVE-2000-0387

The makelev program in the golddig game from the FreeBSD ports collection allows local users to overwrite arbitrary files...

CVE-1999-0676

sdtcmconvert in Solaris 2.6 allows a local user to overwrite sensitive files via a symlink attack...