CVE-2008-4947

dhis-dummy-log-engine in dhis-server 5.3 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/dhis-dummy-log-engine.log temporary file...

DEBIAN-CVE-2008-4908

maps/Info/combine.pl in CrossFire crossfire-maps 1.11.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file...

CVE-2008-4749

Multiple insecure method vulnerabilities in the VImpX.VImpAX ActiveX control VImpX.ocx 4.8.8.0 in DB Software Laboratory VImp X, possibly 4.7.7, allow remote attackers to overwrite arbitrary files via 1 the LogFile property and ClearLogFile method, and 2 the SaveToFile method...

CVE-2008-4639

jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file...

CVE-2008-4583

Insecure method vulnerability in the Chilkat FTP 2.0 ActiveX component ChilkatCert.dll allows remote attackers to overwrite arbitrary files via a full pathname in the SavePkcs8File method...

CVE-2008-4501

Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\ dot dot backslash in the RNTO command...

CVE-2008-4477

Removed by vendor...

CVE-2008-4476

sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sympaaliases.$$ temporary file. NOTE: wwsympa.fcgi was also reported, but the issue occurred in a dead function, so it is not a vulnerability...

CVE-2008-4475

ibackup 2.27 allows local users to overwrite arbitrary files via a symlink attack on temporary files...

Code injection

The to-upgrade plugin in feta 1.4.16 allows local users to overwrite arbitrary files via a symlink on the 1 /tmp/feta.install.$USER and 2 /tmp/feta.avail.$USER temporary files...

Apache Tomcat's default security policy is too open

The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by...

Gentoo Security Advisory GLSA 200411-15 (OpenSSL)

The remote host is missing updates announced in advisory GLSA 200411-15. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200510-01 (gtkdiskfree)

The remote host is missing updates announced in advisory GLSA 200510-01. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 200711-32 (feynmf)

The remote host is missing updates announced in advisory GLSA 200711-32. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200508-19 (lm_sensors)

The remote host is missing updates announced in advisory GLSA 200508-19. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 200611-23 (mono)

The remote host is missing updates announced in advisory GLSA 200611-23. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 200410-02 (Netpbm)

The remote host is missing updates announced in advisory GLSA 200410-02. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Apache Tomcat's default security policy is too open

The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by...

Directory traversal

Tools/faqwiz/move-faqwiz.sh aka the generic FAQ wizard moving tool in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directo...

Design/Logic Flaw

migratealiases.sh in Citadel Server 7.37 allows local users to overwrite arbitrary files via a symlink attack on a temporary file...