6915 matches found
CVE-2001-0105
Vulnerability in top in HP-UX 11.04 and earlier allows local users to overwrite files owned by the "sys" group...
CVE-2001-0119
Getty_ps 2.0.7j is affected by a local symlink race that can cause overwriting of arbitrary files in /tmp, potentially impacting files writable by the effective UID (often root). Mandrake/MGK advisories indicate a temporary-file race fix, updating to getty_ps 2.1.0a (or newer) to remediate. CERT ...
CVE-2001-0141
mgetty 1.1.22 allows local users to overwrite arbitrary files via a symlink attack in some configurations...
CVE-2001-0118
rdist 6.1.5 allows local users to overwrite arbitrary files via a symlink attack...
CVE-2001-0059
patchadd in Solaris allows local users to overwrite arbitrary files via a symlink attack...
CVE-2001-0169
When using the LDPRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib...
CVE-2001-0036
KTH Kerberos IV allows local users to overwrite arbitrary files via a symlink attack on a ticket file...
CVE-2001-0125
CVE-2001-0125 affects exmh 2.2 and earlier, where insecure handling of temporary files in /tmp (e.g., exmhErrorMsg) allows local users to overwrite files via a symlink attack. Connected advisories confirm the issue and note that newer versions (e.g., exmh 2.3.1+) fix the vulnerability by switchin...
CVE-2001-0116
The CVE concerns gpm 1.19.3 where a race condition allows a local user to exploit predictable /tmp filenames and symlink targets to overwrite/modify files the privileged gpm process uses. This is described in CERT/CC and Mandrake advisories, which note a temporary-file handling flaw; the impact i...
CVE-2001-0142
CVE-2001-0142 affects squid 2.3 and earlier. The issue is a local symlink/race condition that can cause local users to overwrite arbitrary files via temporary file handling in certain configurations. Impact is described as local privilege/content modification without remote access; CVSS reflects ...
CVE-2001-0120
CVE-2001-0120 relates to the shadow-utils package, specifically the useradd component. The vulnerability arises from insecure temporary file handling: useradd creates temporary files in /etc/default with predictable names. If /etc/default is world-writable, an attacker could perform a symbolic-li...
Drummond Miles A1Stats 1.0 - a1disp3.cgi Traversal Arbitrary File Read
Drummond Miles A1Stats 1.0 - a1disp3.cgi Traversal Arbitrary File Read source: https://www.securityfocus.com/bid/2705/info A1Stats is a CGI product by Drummon Miles used to report on a website's visitor traffic. Versions of this product fail to properly validate user-supplied input submitted as...
Drummond Miles A1Stats 1.0 - 'a1disp3.cgi' Traversal Arbitrary File Read
source: https://www.securityfocus.com/bid/2705/info A1Stats is a CGI product by Drummon Miles used to report on a website's visitor traffic. Versions of this product fail to properly validate user-supplied input submitted as querystrings to the A1Stats script. An attacker can compose a long path...
[SECURITY] [DSA-053-1] nedit symlink attack
Package : nedit Problem type : insecure temporary file Debian-specific: no The nedit Nirvana editor package as shipped in the non-free section accompanying Debian GNU/Linux 2.2/potato had a bug in its printing code: when printing text it would create a temporary file with the to be printed text a...
Дырка в PGP для Windows (ASCII parser)
Можно сконфигурировать .asc-файл таким образом, что при его разборе будет перезаписан любой файл...
Siemens Reliant UNIX 5.4 - ppd -T Race Condition
source: https://www.securityfocus.com/bid/2606/info Reliant Unix is a variant of the UNIX Operating System distributed by Fujitsu-Siemens. Reliant Unix is a scalable UNIX Operating system designed for use on Siemens servers. A problem in the operating system could make it possible for a user to...
CVE-2001-0222
webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack...
Дырка в perfmon под SunOS
Некорректная работа с лог-файлом позволяет переписать любой системный файл...
Junsoft JSparm 4.0 - Logging Output File
Junsoft JSparm 4.0 - Logging Output File source: https://www.securityfocus.com/bid/2515/info JSparm is the Junsoft Performance Analysis Report Maker package. This software package provides an enhanced perfmon performance monitoring package and interface, as well as a performance report generation...
Junsoft JSparm 4.0 - Logging Output File
source: https://www.securityfocus.com/bid/2515/info JSparm is the Junsoft Performance Analysis Report Maker package. This software package provides an enhanced perfmon performance monitoring package and interface, as well as a performance report generation interface. A problem with the package...