Linbert.txt

Vulnerability: Any user can overwrite any file in the system. title=Linberto v1.0.2 Q-Bert clone [email protected] Diego Javier Grigna system=Linux, svgalib [email protected] Grampa Elite Overview: Linberto under default installation creates screenshots under the /tmp directory wh...

CVE-1999-0298

The CVE-1999-0298 issue affects ypbind when the -ypset and -ypsetme options are activated in Linux Slackware and SunOS. The underlying vulnerability is a directory traversal attack (".." path) that allows overwriting files. Reported impact includes local and remote attackers able to modify files....

CVE-1999-1177

Directory traversal vulnerability in nph-publish before 1.2 allows remote attackers to overwrite arbitrary files via a .. dot dot in the pathname for an upload operation...

FreeBSD 3.3 - gdc Symlink

FreeBSD 3.3 - gdc Symlink source: https://www.securityfocus.com/bid/835/info It is possible to write debug ouput from gdc to a file /var/tmp/gdbdump. Unfortunately, gdc follows symbolic links which can be created in tmp and will overwrite any file on the system thanks to it being setiud root. Thi...

HP HP-UX 10.2011.0 IBM AIX 4.3 SCO Unixware 7.0 Sun Solaris 2.6 - Change File Permission

HP HP-UX 10.2011.0 IBM AIX 4.3 SCO Unixware 7.0 Sun Solaris 2.6 - Change File Permission source: https://www.securityfocus.com/bid/131/info Due to improper checking of ownership, the dtappgather utility shipped with the Common Desktop Environment allows arbitrary users to overwrite any file prese...

Computer Software Manufaktur Alibaba 2.0 - Multiple CGI Vulnerabilities

Computer Software Manufaktur Alibaba 2.0 - Multiple CGI Vulnerabilities // source: https://www.securityfocus.com/bid/770/info There are several CGI programs that ship with the Alibaba webserver. Many of these do not do proper input handling, and therefore will allow requests for access to files...

SCOUNIX_shadow_exploit.txt

Greetings, Any user may overwrite any file with group auth i.e. /etc/shadow, /etc/passwd using /etc/sysadm.d/bin/userOsa. Note that this will not change the permissions of the file or allow for the user to input a passwd entry string into these files, it will simply clobber the contents of the fi...

SCO Open Server 5.0.5 - userOsa Symlink

SCO Open Server 5.0.5 - userOsa Symlink source: https://www.securityfocus.com/bid/701/info Under certain versions of SCO OpenServer there exists a symlink vulnerability which can be exploited to overwrite any file which is group writable by the 'auth' group. The problem in particular is in the th...

SCO Open Server 5.0.5 - 'userOsa' Symlink

source: https://www.securityfocus.com/bid/701/info Under certain versions of SCO OpenServer there exists a symlink vulnerability which can be exploited to overwrite any file which is group writable by the 'auth' group. The problem in particular is in the the /etc/sysadm.d/bin/userOsa executable...

CVE-1999-0133

fmfls license server for Adobe Framemaker allows local users to overwrite arbitrary files and gain root access...

CVE-1999-0190

The connected documents confirm CVE-1999-0190 affects Solaris rpcbind, where the vulnerable component (rpcbind) can be exploited to overwrite arbitrary files and gain root access. The materials do not provide version details, exploit vectors, or remediation steps. There is no information on explo...

CVE-1999-0424

The CVE-1999-0424 entry concerns Netscape 4.5’s talkback feature, allowing a local user to overwrite arbitrary files of another user when Netscape crashes. Affected software: Netscape 4.5; Vulnerable component/behavior: talkback causing local file overwrite after crash. Impact: partial confidenti...

CVE-1999-0320

CVE-1999-0320 affects SunOS where the rpc.cmsd service is able to overwrite arbitrary files, enabling an attacker to obtain root access. The vulnerability is described as a remote, unauthenticated issue with high impact (COMPLETE confidentiality, integrity, and availability impacts) and a CVSS v2...

CVE-1999-0424

talkback in Netscape 4.5 allows a local user to overwrite arbitrary files of another user whose Netscape crashes...

CVE-1999-0164

CVE-1999-0164 involves a race condition in the Solaris ps command that can allow an attacker to overwrite critical files. The available documents identify the affected component as the Solaris ps utility and describe the root cause as a race condition, with the impact stated as potential modifica...

CVE-1999-0132

Expreserve, as used in vi and ex, allows local users to overwrite arbitrary files and gain root access...

CVE-1999-0191

IIS newdsn.exe CGI script allows remote users to overwrite files...

CVE-1999-0049

Csetup under IRIX allows arbitrary file creation or overwriting...

CVE-1999-0132

CVE-1999-0132 describes a local privilege escalation in Expreserve used by vi and ex, where local users can overwrite arbitrary files and gain root access. The connected documents confirm the affected components (vi/ex and Expreserve) and the outcome, but do not provide the underlying root cause ...

CVE-1999-0320

SunOS rpc.cmsd allows attackers to obtain root access by overwriting arbitrary files...