CVE-2002-1600

Directory traversal vulnerability in Mike Spice's My Classifieds classifieds.cgi before 1.3 allows remote attackers to overwrite arbitrary files via the category parameter...

KDE dcopidlng: Insecure temporary file creation

Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. DCOP is KDE's simple IPC/RPC mechanism. dcopidlng is a DCOP helper script. Description Davide Madrisan has discovered that the dcopidlng script creates temporary files in a world-writable...

RHEL 2.1 / 3 : vim (RHSA-2005:122)

Updated vim packages that fix a security vulnerability are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. VIM Vi IMproved is an updated and improved version of the vi screen-based editor. The Debian Security Audit Project discovered ...

security flaw

The DBI library libdbi-perl for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file...

DEBIAN-CVE-2004-0971

The krb5-send-pr script in the kerberos5 krb5 package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files...

DEBIAN-CVE-2004-0974

The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files...

CVE-2004-0972

The lvmcreateinitrd script in the lvm package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files...

CVE-2004-0970

The 1 gzexe, 2 zdiff, and 3 znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367...

DEBIAN-CVE-2004-0916

Directory traversal vulnerability in cabextract before 1.1 allows remote attackers to overwrite arbitrary files via a cabinet file containing .. dot dot sequences in a filename...

KLA10419 WLF vulnerability in getmail

Unspecified vulnerabilities were found in getmail. By exploiting these vulnerabilities malicious users can overwrite arbitrary files in arbitrary directories. These vulnerabilities can be exploited locally via a symlink attack. Original advisories - Related products getmail CVE list CVE-2004-0881...

CVE-2005-0069

The 1 tcltags or 2 vimspell.sh scripts in vim 6.3 allow local users to overwrite or create arbitrary files via a symlink attack on temporary files...

DEBIAN-CVE-2004-1179

The debstd script in debmake 3.6.x before 3.6.10 and 3.7.x before 3.7.7 allows local users to overwrite arbitrary files via a symlink attack on temporary directories...

CVE-2004-1382

The glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2004-0968...

DEBIAN-CVE-2004-2014

Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded...

CVE-2004-0564

Roaring Penguin pppoe rp-ppoe, if installed or configured to run setuid root contrary to its design, allows local users to overwrite arbitrary files. NOTE: the developer has publicly disputed the claim that this is a vulnerability because pppoe "is NOT designed to run setuid-root." Therefore this...

Mandrake Linux Security Advisory : logcheck (MDKSA-2004:155)

A vulnerability was discovered in the logcheck program by Christian Jaeger. This could potentially lead to a local attacker overwriting files with root privileges. The updated packages have been patched to prevent the problem. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...

Cscope: Insecure creation of temporary files

Background Cscope is a developer utility used to browse and manage source code. Description Cscope creates temporary files in world-writable directories with predictable names. Impact A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere...

mirrorselect: Insecure temporary file creation

Background mirrorselect is a tool to help select distfiles mirrors for Gentoo. Description Ervin Nemeth discovered that mirrorselect creates temporary files in world-writable directories with predictable names. Impact A local attacker could create symbolic links in the temporary files directory,...

CVE-2004-1110

The mtink status monitor before 1.0.5 for Epson printers allows local users to overwrite arbitrary files via a symlink attack on the epson temporary file...

PT-2004-1119 · Unarj · Unarj

Name of the Vulnerable Software and Affected Versions: unarj affected versions not specified Description: The issue is related to a directory traversal vulnerability in the -x extract command line option. This vulnerability allows remote attackers to overwrite arbitrary files by using an arj...