CVE-2001-0842

Directory traversal vulnerability in Search.cgi in Leoboard LB5000 LB5000II 1029 and earlier allows remote attackers to overwrite files and gain privileges via .. dot dot sequences in the amembernamecookie cookie...

CVE-2001-0842

The CVE-2001-0842 entry describes a directory traversal in Search.cgi on Leoboard LB5000/LB5000II (versions up to 1029 and earlier). The vulnerability occurs via .. sequences in the amembernamecookie cookie, enabling remote attackers to overwrite files and gain privileges. Affected component: Sea...

CVE-2001-0736

Vulnerability in 1 pine before 4.33 and 2 the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack...

CVE-2001-0774

Tripwire 1.3.1, 2.2.1 and 2.3.0 allows local users to overwrite arbitrary files and possible gain privileges via a symbolic link attack on temporary files...

CVE-2001-0744

Summary: CVE-2001-0744 affects Horde IMP 2.2.4 and earlier. The vulnerability arises from a symlink attack on a temporary file that allows local users to overwrite files. The impact is limited to local integrity (partial) with no confidentiality or availability impact stated, according to the pro...

CVE-1999-1210

Affected software: xterm on Digital UNIX 4.0B with patch kit 5. The vulnerability arises from a symlink attack on a core-dump file created when xterm is invoked with DISPLAY set to an inaccessible display. Local attackers can use this to overwrite arbitrary files. The description does not provide...

CVE-1999-1036

COPS 1.04 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files in 1 resdiff, 2 ca.src, and 3 mail.chk...

CVE-1999-1299

CVE-1999-1299 concerns rcp on various Linux systems, including Red Hat 4.0. Root cause: UID 65535 is interpreted as -1 by chown and related system calls, causing ownership changes to fail and potentially allow a nobody or UID 65535 to overwrite arbitrary files. Impact: writable/overwritable files...

patchadd.pl

Here is an exploit to an old bug for patchadd in Solaris. It exploits a symlink vulnerability to clobber files with output from patchadd. This was written and tested on Solaris 2.8 Sparc with the current patch cluster applied. -- Larry http://vapid.dhs.org:8080 !/usr/local/bin/perl Exploit for...

Dangerous temp file creation during installation of Netscape 6.

During installation of Netscape 6.01a for Solaris 2.7/8 Sparc, I noticed the file /tmp/admin.3842 was created with mode 644. As you already know if this package is installed by root in multiuser mode a malicious user could use this to overwrite system files etc.. Here is the dangerous code: grep...

CVE-2001-0556

The Nirvana Editor NEdit 5.1.1 and earlier allows a local attacker to overwrite other users' files via a symlink attack on 1 backup files or 2 temporary files used when nedit prints a file or portions of a file...

Aladdin Ghostscript creates insecure temporary files allowing a local user to create symbolic links to other files

Overview Alladin Ghostscript, a previewer for postscript files, creates temporary files with a predictable names. The creation allows attackers to use symbolic links to overwrite other files on the host. Description Alladin Ghostscript is a previewer for postscript files. It creates temporary fil...

CVE-2001-0556

The Nirvana Editor NEdit 5.1.1 and earlier allows a local attacker to overwrite other users' files via a symlink attack on 1 backup files or 2 temporary files used when nedit prints a file or portions of a file...

CVE-2001-0417

The CVE-2001-0417 entry concerns Kerberos 4 (krb4) where local users can overwrite arbitrary files via a symlink attack on new ticket files. The connected records corroborate a local-privilege impact vector with a partial integrity impact, and a low overall CVSS score (2.1/10, AV:L/AC:L/Au:N/I:P/...

CVE-2001-0117

CVE-2001-0117 concerns diffutils’ sdiff 2.7, where sdiff creates temporary files insecurely, enabling a local user to overwrite files via a symlink attack. The issue affects diffutils in affected distributions (e.g., Red Hat advisories note a temporary-file handling vulnerability in sdiff). Explo...

CVE-2001-0222

CVE-2001-0222 affects Webmin 0.84 and earlier. The vulnerability is a local, file-overwrite via a symlink attack, enabling local users to create or overwrite arbitrary files on the system. The available sources (NVD/CVE listing and Nessus plugin linking CVE-2001-0222 with Webmin 0.85+ family) con...

CVE-2001-0140

arpwatch 2.1a4 allows local users to overwrite arbitrary files via a symlink attack in some configurations...

CVE-2001-0118

CVE-2001-0118 affects rdist 6.1.5 and describes a local vulnerability where an attacker can overwrite arbitrary files via a symlink attack. The Connected documents corroborate the issue as a local symlink-based overwrite vulnerability. No specific remediation, affected versions beyond 6.1.5, expl...

CVE-2001-0059

CVE-2001-0059 : Solaris’s patchadd is vulnerable to a local symlink attack that allows a local user to overwrite arbitrary files. This affects the patchadd utility used on Solaris, with a CVSSv2 base score of 6.2 (MEDIUM) and an impact of Confidentiality=Complete, Integrity=Complete, Availability...

CVE-2001-0069

CVE-2001-0069 affects the Debian GNU/Linux package dialog prior to version 0.9a-20000118-3bis. The vulnerability is a symlink attack that allows a local user to overwrite arbitrary files. The issue arises from a race condition involving symlinks, enabling manipulation of file targets by a non-pri...