DEBIAN-CVE-2007-0657

Unspecified vulnerability in Nexuiz 2.2.2 allows remote attackers to read and overwrite arbitrary files via the gamedir command...

CVE-2007-0469

The extractfiles function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages...

CVE-2006-6939

GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the opensbuf function...

CVE-2007-0166

The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify pathnames when writing to /var/log/console.log during a jail start-up, or when file systems are mounted or unmounted, which allows local root users to overwrite arbitrary files, or mount/unmount files, outside of the jail via a symlink...

Directory traversal

Directory traversal vulnerability in the GeoIPupdatedatabasegeneral function in libGeoIP/GeoIPUpdate.c in GeoIP 1.4.0 allows remote malicious update servers possibly only update.maxmind.com to overwrite arbitrary files via a .. dot dot in the database filename, which is returned by a request to...

CVE-2007-0159

Directory traversal vulnerability in the GeoIPupdatedatabasegeneral function in libGeoIP/GeoIPUpdate.c in GeoIP 1.4.0 allows remote malicious update servers possibly only update.maxmind.com to overwrite arbitrary files via a .. dot dot in the database filename, which is returned by a request to...

Design/Logic Flaw

The Perforce client does not restrict the set of files that it overwrites upon receiving a request from the server, which allows remote attackers to overwrite arbitrary files by modifying the client config file on the server, or by operating a malicious server...

CVE-2007-0100

The Perforce client does not restrict the set of files that it overwrites upon receiving a request from the server, which allows remote attackers to overwrite arbitrary files by modifying the client config file on the server, or by operating a malicious server...

CVE-2006-6097

GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPENAMES record with a symbolic link, which is not properly handled by the extractarchive function in extract.c and extractmangle function in...

GNU Tar 1.1x - 'GNUTYPE_NAMES' Directory Traversal

/ source: https://www.securityfocus.com/bid/21235/info GNU Tar is prone to a vulnerability that may allow an attacker to place files and overwrite files in arbitrary locations on a vulnerable computer. These issues present themselves when the application processes malicious archives. A successful...

GNU Tar 1.1x - GNUTYPE_NAMES Directory Traversal

GNU Tar 1.1x - GNUTYPENAMES Directory Traversal / source: https://www.securityfocus.com/bid/21235/info GNU Tar is prone to a vulnerability that may allow an attacker to place files and overwrite files in arbitrary locations on a vulnerable computer. These issues present themselves when the...

DEBIAN-CVE-2006-5705

Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequences in the 1 backup and 2 fragment parameters in a GET request...

Debian DSA-999-1 : lurker - several vulnerabilities

Several security related problems have been discovered in lurker, an archive tool for mailing lists with integrated search engine. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-1062 Lurker's mechanism for specifying configuration files was...

CVE-2006-5002

Unspecified vulnerability in IBM Inventory Scout for AIX 2.2.0.0 through 2.2.0.9 invscoutClientVPDSurvey allows attackers to overwrite arbitrary files via unspecified vectors...

CVE-2006-4346

Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to 1 execute code via format string specifiers or 2 overwrite files via directory traversals involving unspecified vectors, as demonstrated by the...

CVE-2006-4233

Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allow local users to obtain sensitive information proxy certificates and overwrite arbitrary files via a symlink attack on temporary files in the /tmp directory, as demonstrated by files created by 1 myproxy-admin-adduser, 2 grid-ca-sign, and...

CVE-2006-3859

IBM Informix Dynamic Server IDS allows remote authenticated users to create and overwrite arbitrary files via the 1 LOTOFILE and 2 trltracefileset functions, and the 3 "SET DEBUG FILE" commands...

CVE-2006-3207

CVE-2006-3207 : Affected product is Ultimate PHP Board (UPB)

CVE-2006-3178

Directory traversal vulnerability in extractchmLib example program in CHM Lib chmlib before 0.38 allows remote attackers to overwrite arbitrary files via a CHM archive containing files with a .. dot dot in their filename...

CVE-2006-1753

A cron job in fcheck before 2.7.59 allows local users to overwrite arbitrary files via a symlink attack on a temporary file...