CVE-1999-0277

CVE-1999-0277 concerns the WorkMan program, where the vulnerability allows an attacker to overwrite arbitrary files, potentially gaining root access. The connected documents consistently describe the issue as an ability to overwrite files to escalate privileges to root. Specific affected versions...

"mirror" directory traversal

mirror is a Perl script which is widely used for making copy of remote FTP site. It's included in FreeBSD packages. There are security holes, which allows overwrite local files from remote ftp site with permissions of the user who uses mirror. Then retrieving directory listing mirror doesn't chec...

Sendmail RCPT TO Command Arbitrary File Overwrite

The remote SMTP server did not complain when issued the command : MAIL FROM: root@thishost RCPT TO: /tmp/nessustest This probably means that it is possible to send mail directly to files, which is a serious threat, since this allows anyone to overwrite any file on the remote server. This security...

Sendmail decode Alias Arbitrary File Overwrite

The remote SMTP server seems to pipe mail sent to the 'decode' alias to a program. There have been in the past a lot of security problems regarding this, as it would allow an attacker to overwrite arbitrary files on the remote server. We suggest you deactivate this alias. C Tenable Network...

Microsoft Internet Explorer 5 - ActiveX Object For Constructing Type Libraries For Scriptlets File Write

Microsoft Internet Explorer 5 - ActiveX Object For Constructing Type Libraries For Scriptlets File Write Microsoft Internet Explorer 5.0 for Windows 95/Windows 98/Windows NT 4 ActiveX "Object for constructing type libraries for scriptlets" Vulnerability source:...

Microsoft Internet Explorer 5 - ActiveX Object For Constructing Type Libraries For Scriptlets File Write

Microsoft Internet Explorer 5.0 for Windows 95/Windows 98/Windows NT 4 ActiveX "Object for constructing type libraries for scriptlets" Vulnerability source: https://www.securityfocus.com/bid/598/info The 'scriptlet.typlib' ActiveX control can create, edit, and overwrite files on the local disk...

CVE-1999-1565

Man2html 2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file...

lynxtmp.txt

Date: Tue, 9 Feb 1999 20:57:30 -0500 From: Juan Diego Bolanos To: [email protected] Subject: Lynx /tmp problem Hi Aleph, please filter this if already posted.... ------ Hello.... I have found a bug in Lynx all versions, except the latest stable release... lynx create temporary files in /tmp in...

wide-dhcp.txt

http://www.rootshell.com/ From [email protected] Fri Jul 17 12:47:17 1998 Date: Fri, 17 Jul 1998 19:52:31 +0700 NOVST From: Oleg Safiullin To: [email protected] Subject: wide-dhcp security hole Bug found in OpenBSD port of wide-dhcp /created by me :-/. WIDE DHCP server creates...

svga.textmode.1.8.txt

Date: Tue, 26 Oct 1999 19:14:50 +0300 From: [email protected] To: [email protected] Subject: svgatextmode hello, I sent on bugtraq the bug with savetextmode. I thought that it belonged to SVGATextMode, but it is included in svgalib. So the threat is bigger... Please update your page...

website.pro.txt

Date: Tue, 16 Feb 1999 17:45:09 -0600 From: Christian Antkow To: [email protected] Subject: Website Pro v2.0 NT Configuration Issues As some of you might be aware, our website www.idsoftware.com was hacked this morning using the "out-of-the-box" features of Website Pro 2.0. The perpetrator use...

solaris7.ff.core.txt

Date: Wed, 7 Apr 1999 22:11:03 -0700 From: Russell Van Tassell To: [email protected] Subject: Solaris7 and ff.core Forgive me as I just started playing with Solaris 7 and don't recall seeing this yet posted to Bugtraq. It would appear as though an old bug with the OpenWeirdos File Mangler has...

xtvscreen.suse6.txt

Date: Thu, 18 Feb 1999 15:54:24 +0000 From: Andre Cruz To: [email protected] Subject: xtvscreen and suse 6 You can use xtvscreen to overwrite any file on the system. Xtvscreen has a function to capture a snapshot and will write it as pic000.pnm, pic001.pnm, etc in it's working directory. It...

CVE-1999-0676

sdtcmconvert in Solaris 2.6 allows a local user to overwrite sensitive files via a symlink attack...

CVE-1999-0730

The zsoelim program in the Debian man-db package allows local users to overwrite files via a symlink attack...

Caldera kdenetwork 1.1.1-1 / Caldera OpenLinux 1.3/2.2 / KDE KDE 1.1/1.1. / RedHat Linux 6.0 - K-Mail File Creation

// source: https://www.securityfocus.com/bid/300/info KMail is a mail user agent that comes with the kdenetwork package, part of the K Desktop Environment. A vulnerability in the way KMail creates temporary files to save attachments may allow malicious users to overwrite any file that user runnin...

IBM AIX eNetwork Firewall 3.2/3.3 - Insecure Temporary File Creation

soure: https://www.securityfocus.com/bid/287/info IBM's eNetwork Firewall for AIX contains a number of vulnerability in scripts which manipulate files insecurely. When fwlsuser script is run it creates a temporary file called /tmp/fwlsuser.PID where PID is the process ID of the command being run...

CVE-1999-0424

talkback in Netscape 4.5 allows a local user to overwrite arbitrary files of another user whose Netscape crashes...

CVE-1999-1495

xtvscreen in SuSE Linux 6.0 allows local users to overwrite arbitrary files via a symlink attack on the pic000.pnm file...

PT-1999-1058 · Lynx · Lynx

Name of the Vulnerable Software and Affected Versions: Lynx affected versions not specified Description: The issue allows a local user to overwrite sensitive files through /tmp symlinks, potentially leading to security breaches. Recommendations: At the moment, there is no information about a newe...