CVE-2005-3137

The 1 cfmailfilter and 2 cfcron.in files for cfengine 1.6.5 allow local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2005-2960...

cfengine -- arbitrary file overwriting vulnerability

A Debian Security Advisory reports: Javier Fernández-Sanguino Peña discovered several insecure temporary file uses in cfengine, a tool for configuring and maintaining networked machines, that can be exploited by a symlink attack to overwrite arbitrary files owned by the user executing cfengine,...

security flaw

Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded...

DEBIAN-CVE-2005-3011

The sortoffline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files...

security flaw

cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack...

CVE-2005-1915

The log4shreadProperties function in log4sh 1.2.5 and earlier allows local users to overwrite arbitrary files via a symlink attack on predictable log4sh.$$ filenames...

CVE-2005-1915

The log4shreadProperties function in log4sh 1.2.5 and earlier allows local users to overwrite arbitrary files via a symlink attack on predictable log4sh.$$ filenames...

CVE-2005-1856

The CD-burning feature in backup-manager 0.5.8 and earlier uses a fixed filename in a world-writable directory for logging, which allows local users to overwrite files via a symlink attack...

CVE-2005-2670

Directory traversal vulnerability in HAURI Anti-Virus products including ViRobot Expert 4.0, Advanced Server, Linux Server 2.0, and LiveCall allows remote attackers to overwrite arbitrary files via ".." sequences in filenames contained in 1 ACE, 2 ARJ, 3 CAB, 4 LZH, 5 RAR, 6 TAR and 7 ZIP files...

CVE-2005-2371

Directory traversal vulnerability in Oracle Reports Services (Oracle Application Server) allows remote attackers to overwrite arbitrary files via the desname parameter (e.g., using .., Windows drive letters, or absolute paths). Affected: Oracle Reports 6.0, 6i, 9i, 10g. Root cause: insufficient v...

CVE-2005-2371

Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows remote attackers to overwrite arbitrary files via 1 "..", 2 Windows drive letter C:, and 3 absolute path sequences in the desname parameter. NOTE: this issue was probably fixed by REP06 in CPU Jan 2006, in which case ...

CVE-2005-2300

Skype 1.1.0.20 and earlier allows local users to overwrite arbitrary files via a symlink attack on the skypeprofile.jpg temporary file...

CVE-2002-2001

jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable names, which allows local users to overwrite arbitrary files via a symlink attack...

CVE-2002-2050

CVE-2002-2050 affects the ModLogAn processor_web plugin (versions 0.5.0 through 0.7.11) where the splitby option enables a directory traversal via a .. in the hostname of a log entry. This can allow local users to overwrite arbitrary files. The available references do not provide exploit details,...

CVE-2005-2231

High Availability Linux Project Heartbeat 1.2.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files...

DEBIAN-CVE-2005-2231

High Availability Linux Project Heartbeat 1.2.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files...

CVE-2005-2180

Removed by vendor...

GNU GNATS 4.0/4.1 - Gen-Index Arbitrary Local File Disclosure/Overwrite

source: https://www.securityfocus.com/bid/14169/info GNU GNATS gen-index allows local attackers to disclose and overwrite arbitrary files. A successful attack can result in privilege escalation and a complete compromise of the affected computer as gen-index is installed with setuid permissions. G...

CVE-2002-1890

rhmask 1.0-9 in Red Hat Linux 7.1 allows local users to overwrite arbitrary files via a symlink attack on the mask file...

CVE-2001-1494

script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command...