1458 matches found
SUSE CVE-2004-1296
The 1 eqn2graph and 2 pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files...
SUSE CVE-2004-1487
wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences...
SUSE CVE-2004-2014
Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded...
SUSE CVE-2005-0099
The SDL port of abuse abuse-SDL before 2.00 does not properly drop privileges before creating certain files, which allows local users to create or overwrite arbitrary files...
SUSE CVE-2005-3343
tkdiff before 4.1.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files...
SUSE CVE-2007-0469
The extractfiles function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages...
SUSE CVE-2007-2654
xfsfsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems...
SUSE CVE-2007-4631
The DataLoader::doStart function in dataloader.cpp in QGit 1.5.6 and other versions up to 2pre1 allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on temporary files with predictable filenames...
SUSE CVE-2007-4998
cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination...
SUSE CVE-2007-5200
hugin, as used on various operating systems including SUSE openSUSE 10.2 and 10.3, allows local users to overwrite arbitrary files via a symlink attack on the hugindebugoptimresults.txt temporary file...
SUSE CVE-2007-5342
The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by...
SUSE CVE-2008-2958
Race condition in 1 checkinstall 1.6.1 and 2 installwatch allows local users to overwrite arbitrary files and have other impacts via symlink and possibly other attacks on temporary working directories...
SUSE CVE-2008-4190
The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the 1 ipseclive.conn and 2 ipsec.olts.remote.log temporary files. NOTE: in many distributions and the upstream...
SUSE CVE-2008-4639
jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file...
SUSE CVE-2008-4959
geo-code in gpsdrive-scripts 2.10pre4 allows local users to overwrite arbitrary files via a symlink attack on 1 /tmp/geo.google, 2 /tmp/geo.yahoo, 3 /tmp/geo.coords, and 4 /tmp/geo.coords temporary files...
SUSE CVE-2008-4982
rkhunter in rkhunter 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rkhunter-debug temporary file. NOTE: this is probably a different vulnerability than CVE-2005-1270...
SUSE CVE-2008-5368
muttprint in muttprint 0.72d allows local users to overwrite arbitrary files via a symlink attack on the /tmp/muttprint.log temporary file...
SUSE CVE-2009-1215
Race condition in GNU screen 4.0.3 allows local users to create or overwrite arbitrary files via a symlink attack on the /tmp/screen-exchange temporary file...
SUSE CVE-2009-3236
The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; reuses temporary filenames during the upload process which allows remote attackers, with...
SUSE CVE-2009-4131
The EXT4IOCMOVEEXT aka move extents ioctl implementation in the ext4 filesystem in the Linux kernel before 2.6.32-git6 allows local users to overwrite arbitrary files via a crafted request, related to insufficient checks for file permissions...