Design/Logic Flaw

Untrusted search path vulnerability in the perfconfig function in tools/perf/util/config.c in perf, as distributed in the Linux kernel before 3.1, allows local users to overwrite arbitrary files via a crafted config file in the current working directory...

Code injection

The diffpp function in lib/gauntletrubyparser.rb in the rubyparser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp...

Server: Multiple CSRF vulnerabilities

Multiple cross-site request forgery CSRF vulnerabilities in ownCloud 4.5.6 and 4.0.11 and all prior versions before allows remote attackers to hijack the authentication for users via the "lat" and "lng" POST parameters to guesstimezone.php in /apps/calendar/ajax/settings/ CVE-2013-0299 Commits:...

Pidgin Multiple Denial of Service Vulnerabilities (Feb 2013) - Windows

Pidgin is prone to multiple denial of service vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2012-5564

android-tools 4.1.1 in Android Debug Bridge ADB allows local users to overwrite arbitrary files via a symlink attack on /tmp/adb.log...

UBUNTU-CVE-2013-0265

The redirectstderr function in xnbdcommon.c in xnbd-server and xndb-wrapper in xNBD 0.1.0 allow local users to overwrite arbitrary files via a symlink attack on /tmp/xnbd.log...

AIX 6.1 TL 0 : libc (IZ50139)

There is a race condition in the MALLOCDEBUG debugging component of the malloc subsystem in the library libc.a. A local user can exploit this race condition when executing setuid root programs and thereby overwrite any file in the system. The successful exploitation of this vulnerability allows a...

AIX 5.3 TL 8 : libc (IZ50447)

There is a race condition in the MALLOCDEBUG debugging component of the malloc subsystem in the library libc.a. A local user can exploit this race condition when executing setuid root programs and thereby overwrite any file in the system. The successful exploitation of this vulnerability allows a...

CVE-2012-6080

Removed by vendor...

Ubuntu: Security Advisory (USN-1680-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2012-3329

IBM Advanced Settings Utility ASU through 3.62 and 3.70 through 9.21 and Bootable Media Creator BoMC through 2.30 and 3.00 through 9.21 on Linux allow local users to overwrite arbitrary files via a symlink attack on a 1 temporary file or 2 log file...

DEBIAN-CVE-2012-4510

cups-pk-helper before 0.2.3 does not properly wrap the 1 cupsGetFile and 2 cupsPutFile function calls, which allows user-assisted remote attackers to read or overwrite sensitive files using CUPS resources...

CVE-2012-4417

GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names...

GlusterFS: insecure temporary file creation

GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names...

CVE-2012-3504

The nssconfigFound function in genkey.pl in crypto-utils 2.4.1-34 allows local users to overwrite arbitrary files via a symlink attack on the "list" file in the current working directory...

CVE-2011-4363

ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS...

[USN-1543-1] Config-IniFiles vulnerability

========================================================================== Ubuntu Security Notice USN-1543-1 August 20, 2012 libconfig-inifiles-perl vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...

CVE-2012-2103

The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names...

Ubuntu: Security Advisory (USN-1543-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2012-3447

virt/disk/api.py in OpenStack Compute Nova 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. NOTE: this vulnerability exists because of an...