CVE Daily
← All tags

Tag: Arbitrary File Write

All CVEs associated with "Arbitrary File Write". Page 6/12 • 1322 CVEs.

Subscribe CVEs: RSS for “Arbitrary File Write”  ·  RSS (High+Critical only)

About “Arbitrary File Write”

A curated feed of “Arbitrary File Write”-related CVEs appears below. We currently track 1322 CVEs for this tag (all time). In the last 365 days, 119 were published. Average CVSS is 5.9 (all time; 7.6 over 365d), and 35% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-59 - Improper Link Resolution Before File Access ('Link Following'), CWE-23 - Relative Path Traversal.

In our taxonomy this topic maps to a HIGH impact class. Common exploitation patterns for this weakness can lead to high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2010-10-14
Low

CVE-2009-5007

The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files.

CVSS: 3.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2010-10-07
Medium

CVE-2010-3692

Directory traversal vulnerability in the callback function in client.php in phpCAS before 1.1.3, when proxy mode is enabled, allows remote attackers to create or overwrite arbitrary files via directo…

CVSS: 6.4 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Low

CVE-2010-3691

PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file.

CVSS: 3.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2010-08-30
Low

CVE-2010-2794

The SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to overwrite arbitrary files via a symlink attack on an unspecified log file.

CVSS: 3.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2010-08-20
Critical

CVE-2010-3100

Directory traversal vulnerability in Porta+ FTP Client 4.1, and possibly other versions, allows remote FTP servers to overwrite arbitrary files via a directory traversal sequences in a filename.

CVSS: 9.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Critical

CVE-2010-3099

Directory traversal vulnerability in SmartSoft Ltd SmartFTP Client 4.0.1124.0, and possibly other versions before 4.0 Build 1133, allows remote FTP servers to overwrite arbitrary files via a "..\" (d…

CVSS: 9.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Critical

CVE-2010-3098

Directory traversal vulnerability in IoRush Software FTP Rush 1.1.3 and possibly earlier allows remote FTP servers to overwrite arbitrary files via a "..\" (dot dot backslash) in a filename.

CVSS: 9.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Critical

CVE-2010-3097

Directory traversal vulnerability in WinFrigate Frigate 3 FTP client 3.36 and earlier allows remote FTP servers to overwrite arbitrary files via a "..\" (dot dot backslash) in a filename.

CVSS: 9.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2010-07-22
Low

CVE-2010-2056

GNU gv before 3.7.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

CVSS: 3.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2010-07-06
Medium

CVE-2010-2252

GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary…

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2010-2251

The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
2010-07-02
Medium

CVE-2010-2627

Multiple directory traversal vulnerabilities in the Refractor 2 engine, as used in Battlefield 2 1.50 (1.5.3153-802.0) and earlier, and Battlefield 2142 (1.10.48.0) and earlier, allow remote servers…

CVSS: 6.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2010-06-29
Critical

CVE-2010-2452

Directory traversal vulnerability in the DCC functionality in KVIrc 3.4 and 4.0 allows remote attackers to overwrite arbitrary files via unknown vectors.

CVSS: 9.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2010-06-22
Low

CVE-2010-2431

The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cach…

CVSS: 2.6 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2010-06-18
Low

CVE-2010-2322

Absolute path traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a full pathname for a file within a .…

CVSS: 2.6 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2010-0831

Directory traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a non-initial pathname…

CVSS: 5.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Low

CVE-2010-2192

The make_lockdir_name function in policy.c in pmount 0.9.18 allow local users to overwrite arbitrary files via a symlink attack on a file in /var/lock/.

CVSS: 1.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2010-06-07
Low

CVE-2010-2053

emesenelib/ProfileManager.py in emesene before 1.6.2 allows local users to overwrite arbitrary files via a symlink attack on the emsnpic temporary file.

CVSS: 3.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2010-05-28
High

CVE-2010-2112

Directory traversal vulnerability in the FTP service in FileCOPA before 5.03 allows remote attackers to read or overwrite arbitrary files via unknown vectors. NOTE: the provenance of this informatio…

CVSS: 8.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2010-05-24
Low

CVE-2010-2027

Mathematica 7, when running on Linux, allows local users to overwrite arbitrary files via a symlink attack on (1) files within /tmp/MathLink/ or (2) /tmp/fonts$$.conf.

CVSS: 1.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2010-05-17
Medium

CVE-2010-1511

KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink…

CVSS: 6.4 CWE: CWE-264 View on NVD
2010-05-06
Medium

CVE-2010-1438

Web Application Finger Printer (WAFP) 0.01-26c3 uses fixed pathnames under /tmp for temporary files and directories, which (1) allows local users to cause a denial of service (application outage) by…

CVSS: 4.4 CWE: N/A View on NVD
2010-04-16
Low

CVE-2010-1160

GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a…

CVSS: 1.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2010-03-03
Low

CVE-2010-0156

Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or…

CVSS: 3.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2010-02-25
Critical

CVE-2010-0620

Directory traversal vulnerability in the SSL Service in EMC HomeBase Server 6.2.x before 6.2.3 and 6.3.x before 6.3.2 allows remote attackers to overwrite arbitrary files with any content, and conseq…

CVSS: 9.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Low

CVE-2010-0118

Bournal before 1.4.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files associated with a --hack_the_gibson update check.

CVSS: 3.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2010-02-02
Critical

CVE-2009-4013

Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive i…

CVSS: 9.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2010-01-28
Medium

CVE-2009-2693

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR…

CVSS: 5.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2010-01-20
Critical

CVE-2009-4000

Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traver…

CVSS: 10.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2010-01-08
High

CVE-2010-0012

Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within…

CVSS: 8.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2009-12-29
Low

CVE-2009-4454

vccleaner in VideoCache 1.9.2 allows local users with Squid proxy user privileges to overwrite arbitrary files via a symlink attack on /var/log/videocache/vccleaner.log.

CVSS: 3.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2009-4453

Insecure method vulnerability in SoftCab Sound Converter ActiveX control (sndConverter.ocx) 1.2 allows remote attackers to create or overwrite arbitrary files via the SaveFormat method. NOTE: some o…

CVSS: 8.8 CWE: N/A View on NVD
2009-12-13
High

CVE-2009-4131

The EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel before 2.6.32-git6 allows local users to overwrite arbitrary files via a crafted request, rela…

CVSS: 7.2 CWE: CWE-264 View on NVD
2009-12-04
Low

CVE-2009-3304

GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to overwrite arbitrary files via a symlink attack on authorized_keys files in users' home directories, related to deb-specific/ssh_dump_update.pl…

CVSS: 3.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2009-11-24
Medium

CVE-2009-3898

Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite ar…

CVSS: 4.9 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2009-11-10
Medium

CVE-2009-2840

Spotlight in Apple Mac OS X 10.5.8 does not properly handle temporary files, which allows local users to overwrite arbitrary files in the context of a different user's privileges via unspecified vect…

CVSS: 4.9 CWE: N/A View on NVD
2009-11-04
Medium

CVE-2009-3860

Multiple insecure method vulnerabilities in Idefense Labs COMRaider allow remote attackers to create or overwrite arbitrary files via the (1) CreateFolder and (2) Copy methods. NOTE: this might only…

CVSS: 5.8 CWE: CWE-264 View on NVD
2009-10-23
Medium

CVE-2009-1297

iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a syml…

CVSS: 4.4 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2009-10-06
Critical

CVE-2009-3573

Multiple insecure method vulnerabilities in the PDIControl.PDI.1 ActiveX control (PDIControl.dll) 2.2.3160.0 in EMC Captiva PixTools Distributed Imaging 2.2 allow remote attackers to create or overwr…

CVSS: 9.3 CWE: N/A View on NVD
2009-09-21
Medium

CVE-2009-2939

The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink a…

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2009-09-17
Medium

CVE-2009-3236

The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1…

CVSS: 4.3 CWE: N/A View on NVD
2009-09-11
Medium

CVE-2009-3181

Directory traversal vulnerability in Anantasoft Gazelle CMS 1.0 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the customizetemplate parameter in a direct request to admin…

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2009-08-12
Critical

CVE-2008-6959

Insecure method vulnerability in the Chilkat Socket ActiveX control (ChilkatSocket.ChilkatSocket.1) in ChilkatSocket.dll 2.3.1.1 allows remote attackers to overwrite arbitrary files via the SaveLastE…

CVSS: 9.3 CWE: N/A View on NVD
2009-08-11
Critical

CVE-2008-6937

Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in an x…

CVSS: 10.0 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Critical

CVE-2008-6936

Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in a pr…

CVSS: 9.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Critical

CVE-2008-6935

Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in an i…

CVSS: 10.0 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2009-08-04
High

CVE-2009-2658

Directory traversal vulnerability in ZNC before 0.072 allows remote attackers to overwrite arbitrary files via a crafted DCC SEND request.

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2009-07-17
Medium

CVE-2009-1893

The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise Linux (RHEL) 3 allows local users to overwrite arbitrary files via a symlink attack on an unspecified tem…

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2009-07-05
Low

CVE-2009-2314

Race condition in the Sun Lightweight Availability Collection Tool 3.0 on Solaris 7 through 10 allows local users to overwrite arbitrary files via unspecified vectors.

CVSS: 2.1 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2009-06-23
Medium

CVE-2009-2177

code/display.php in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to conduct directory traversal attacks and overwrite arbitrary files via a "....//" (…

CVSS: 6.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2009-06-22
Critical

CVE-2009-2169

Insecure method vulnerability in the PDFVIEWER.PDFViewerCtrl.1 ActiveX control (pdfviewer.ocx) in Edraw PDF Viewer Component before 3.2.0.126 allows remote attackers to create and overwrite arbitrary…

CVSS: 9.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2009-06-11
Medium

CVE-2009-1760

Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar libtorrent before 0.14.4, as used in firetorrent, qBittorrent, deluge Torrent, and other applications, allows remote attackers t…

CVSS: 5.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2009-06-03
Medium

CVE-2008-2154

IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 provides an INSTALL_JAR (aka sqlj.install_jar) procedure, which allows remote authenticated users to create or overwrite arbitrary files via…

CVSS: 6.0 CWE: CWE-16 View on NVD
2009-05-26
Medium

CVE-2009-1786

The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows local users to create or overwrite arbitrary files via a symlink attack on the log file associated with the MALLOCDEBUG environment variable.

CVSS: 6.9 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2009-05-22
Low

CVE-2009-1753

Coccinelle 0.1.7 allows local users to overwrite arbitrary files via a symlink attack on an unspecified "result file."

CVSS: 3.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2009-05-21
Critical

CVE-2009-1743

Directory traversal vulnerability in InstallHFZ.exe 6.5.201.0 in Pinnacle Hollywood Effects 6, a module in Pinnacle Systems Pinnacle Studio 12, allows remote attackers to create and overwrite arbitra…

CVSS: 9.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2009-05-18
High

CVE-2009-1678

Directory traversal vulnerability in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot)…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2009-04-16
Critical

CVE-2008-4830

Insecure method vulnerability in the KWEdit ActiveX control in SAP GUI 6.40 Patch 29 (KWEDIT.DLL 6400.1.1.41) and 7.10 Patch 5 (KWEDIT.DLL 7100.1.1.43) allows remote attackers to (1) overwrite arbitr…

CVSS: 9.3 CWE: N/A View on NVD
2009-04-09
Medium

CVE-2009-1253

James Stone Tunapie 2.1 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file.

CVSS: 4.4 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2009-04-01
Low

CVE-2009-1215

Race condition in GNU screen 4.0.3 allows local users to create or overwrite arbitrary files via a symlink attack on the /tmp/screen-exchange temporary file.

CVSS: 1.9 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2009-1212

Multiple insecure method vulnerabilities in PRECIS~2.DLL in the PrecisionID Datamatrix ActiveX control (DMATRIXLib.Datamatrix) allow remote attackers to overwrite arbitrary files via the (1) SaveBarC…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2009-1207

Race condition in the dircmp script in Sun Solaris 8 through 10, and OpenSolaris snv_01 through snv_111, allows local users to overwrite arbitrary files, probably involving a symlink attack on tempor…

CVSS: 4.4 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2009-03-30
Medium

CVE-2008-6552

Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager)…

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2009-03-27
High

CVE-2009-0637

The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based CLI Access is enabled, does not enforce the CLI view configuration for file transfers, which allows remote authenticated users with an a…

CVSS: 7.1 CWE: CWE-264 View on NVD
2009-03-26
Medium

CVE-2009-1064

Argument injection vulnerability in orbitmxt.dll 2.1.0.2 in the Orbit Downloader 2.8.7 and earlier ActiveX control allows remote attackers to overwrite arbitrary files via whitespace and a command-li…

CVSS: 5.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2009-03-20
High

CVE-2008-6496

Insecure method vulnerability in the VSPDFEditorX.VSPDFEdit ActiveX control in VSPDFEditorX.ocx 1.0.200.0 in VISAGESOFT eXPert PDF EditorX allows remote attackers to create or overwrite arbitrary fil…

CVSS: 8.8 CWE: CWE-264 View on NVD
2009-03-19
High

CVE-2008-6490

function/update_xml.php in FLABER 1.1 and earlier allows remote attackers to overwrite arbitrary files by specifying the target filename in the target_file parameter. NOTE: this can be leveraged for…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
2009-03-10
High

CVE-2009-0865

Directory traversal vulnerability in the SnapShotToFile method in the GeoVision LiveX (aka LiveX_v8200) ActiveX control 8.1.2 and 8.2.0 in LIVEX_~1.OCX allows remote attackers to create or overwrite…

CVSS: 8.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2009-03-09
Medium

CVE-2008-6442

Insecure method vulnerability in Sina Inc. DLoader Class ActiveX Control allows remote attackers to overwrite arbitrary files via a URL in the first parameter to the DonwloadAndInstall method. NOTE:…

CVSS: 5.8 CWE: N/A View on NVD
2009-03-06
High

CVE-2008-6424

Directory traversal vulnerability in FFFTP 1.96b allows remote FTP servers to create or overwrite arbitrary files via a response to an FTP LIST command with a filename that contains a .. (dot dot).

CVSS: 8.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2009-03-05
Medium

CVE-2009-0037

The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger ar…

CVSS: 6.8 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
2009-03-04
Medium

CVE-2008-6398

sng_regress in SNG 1.0.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/recompiled$$.png, (2) /tmp/decompiled$$.sng, and (3) /tmp/canonicalized$$.sng temporary f…

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2008-6397

rlatex in AlcoveBook sgml2x 1.0.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

CVSS: 4.4 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2009-02-13
High

CVE-2009-0011

Certificate Assistant in Apple Mac OS X 10.5.6 allows local users to overwrite arbitrary files via unknown vectors related to an "insecure file operation" on a temporary file.

CVSS: 7.2 CWE: CWE-264 View on NVD
2009-02-10
Critical

CVE-2009-0465

The SaveDoc method in the All_In_The_Box.AllBox ActiveX control in ALL_IN_THE_BOX.OCX in Synactis ALL In-The-Box ActiveX 3 allows remote attackers to create and overwrite arbitrary files via an argum…

CVSS: 9.3 CWE: CWE-20 - Improper Input Validation View on NVD
2009-02-03
Medium

CVE-2009-0416

The SSL certificate setup program (genSslCert.sh) in Standards Based Linux Instrumentation for Manageability (SBLIM) sblim-sfcb 1.3.2 allows local users to overwrite arbitrary files via a symlink att…

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2009-02-02
Medium

CVE-2008-4990

Enomaly Elastic Computing Platform (ECP), formerly Enomalism, before 2.1.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/enomalism2.pid temporary file.

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Critical

CVE-2009-0389

Multiple insecure method vulnerabilities in the Web On Windows (WOW) ActiveX control in WOW ActiveX 2 allow remote attackers to (1) create and overwrite arbitrary files via the WriteIniFileString met…

CVSS: 9.3 CWE: N/A View on NVD
2009-01-28
Medium

CVE-2009-0313

winetricks before 20081223 allows local users to overwrite arbitrary files via a symlink attack on the x_showmenu.txt temporary file.

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2009-01-27
Medium

CVE-2009-0301

Multiple insecure method vulnerabilities in the FlexCell.Grid ActiveX control (FlexCell.ocx) in FlexCell Grid Control 5.6.9 allow remote attackers to create and overwrite arbitrary files via the (1)…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2009-0032

CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0 and 4.0, and Multi Network Firewall (MNF) 2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp…

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2009-01-26
High

CVE-2008-5966

globsy_edit.php in Globsy 1.0 and earlier allows remote attackers to create or overwrite arbitrary files via a filename in the file parameter and file contents in the data parameter.

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
2009-01-21
Medium

CVE-2008-5919

Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to overwrite arbitrary files via directory traversal sequences in th…

CVSS: 6.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2009-01-16
Critical

CVE-2009-0134

Insecure method vulnerability in the EasyGrid.SGCtrl.32 ActiveX control in EasyGrid.ocx 1.0.0.1 in AAA EasyGrid ActiveX 3.51 allows remote attackers to create and overwrite arbitrary files via the (1…

CVSS: 9.3 CWE: N/A View on NVD
2008-12-29
Medium

CVE-2008-5746

Sun SNMP Management Agent (SUNWmasf) 1.4u2 through 1.5.4 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on temporary files.

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2008-12-26
Medium

CVE-2008-5743

pdfjam creates the (1) pdf90, (2) pdfjoin, and (3) pdfnup files with a predictable name, which allows local users to overwrite arbitrary files via a symlink attack.

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2008-12-22
Medium

CVE-2008-5706

The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechanism in the daemon in Verlihub 0.9.8d-RC2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /…

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2008-5704

src/unit_test.c in gpsdrive (aka gpsdrive-scripts) 2.10~pre4 might allow local users to overwrite arbitrary files via a symlink attack on the /tmp/gpsdrive-unit-test/proc temporary file, a different…

CVSS: 7.6 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2008-5703

gpsdrive (aka gpsdrive-scripts) 2.10~pre4 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/.smswatch or (b) /tmp/gpsdrivepos temporary file, related to (1) example…

CVSS: 6.2 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2008-12-10
Critical

CVE-2008-5404

Insecure method vulnerability in the FlexCell.Grid ActiveX control in FlexCell.ocx 5.7.0.1 in FlexCell Grid ActiveX Component allows remote attackers to create and overwrite arbitrary files via the H…

CVSS: 10.0 CWE: N/A View on NVD
2008-12-09
High

CVE-2008-5394

/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file r…

CVSS: 7.2 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2008-12-08
Medium

CVE-2008-5380

gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite arbitrary files via a symlink attack on an (a) /tmp/geo#####, a (b) /tmp/geocaching.loc, a (c) /tmp/geo#####.*, or a (d) /tmp/geo.…

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2008-5379

netdisco-mibs-installer 1.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/netdisco-mibs-0.6.tar.gz temporary file, related to the (1) netdisco-mibs-install and (2)…

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2008-5378

arb-kill in arb 0.0.20071207.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/arb_pids_*_* temporary file.

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2008-5377

pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333.

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2008-5376

editcomment in crip 3.7 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.tag.tmp temporary file.

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2008-5375

cmus-status-display in cmus 2.2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/cmus-status temporary file.

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2008-5374

bash-doc 3.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/cb#####.? temporary file, related to the (1) aliasconv.sh, (2) aliasconv.bash, and (3) cshtobash scripts.

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2008-5373

mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mtx.##### temporary file, probably a related issue to CVE-2005-2995.

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2008-5372

sdm-login in sdm-terminal 0.4.0b allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sdm.autologin.once temporary file.

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2008-5371

screenie in screenie 1.30.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.screenie.##### temporary file.

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2008-5370

pvpgn-support-installer in pvpgn 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pvpgn-support-1.0.tar.gz temporary file.

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2008-5369

noip2 in noip2 2.1.7 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/noip2 temporary file.

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2008-5368

muttprint in muttprint 0.72d allows local users to overwrite arbitrary files via a symlink attack on the /tmp/muttprint.log temporary file.

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2008-5367

ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the /tmp/resolv.conf.tmp temporary file.

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2008-5366

The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/probe-finished or (2) /tmp/ppp-errors temporary file.

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2008-12-03
Medium

CVE-2008-5313

mailscanner 4.68.8 and other versions before 4.74.16-1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files used by the (1) f-prot-autoupdate, (2) clam…

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2008-5312

mailscanner 4.55.10 and other versions before 4.74.16-1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files used by the (1) f-prot-autoupdate, (2) cla…

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2008-11-27
Medium

CVE-2008-5256

The AcquireDaemonLock function in ipcdUnix.cpp in Sun Innotek VirtualBox before 2.0.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.vbox-$USER-ipc/lock temporary fil…

CVSS: 4.4 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2008-11-19
Critical

CVE-2008-5175

Directory traversal vulnerability in the FTP client in AceFTP Freeware 3.80.3 and AceFTP Pro 3.80.3 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response t…

CVSS: 9.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2008-11-18
Medium

CVE-2008-5157

tau 2.16.4 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/makefile.tau.*.##### or (2) /tmp/makefile.tau*.##### temporary file, related to the (a) tau_cxx, (b) tau_…

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2008-5156

si_mkbootserver in systemimager-server 3.6.3 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/*.inetd.conf or (2) /tmp/pxe.conf.*.tmp temporary file.

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Critical

CVE-2008-5155

mail2sms.sh in smsclient 2.0.8z allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/header.##### or (2) /tmp/body.##### temporary file, or append data to arbitrary file…

CVSS: 9.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2008-5154

bluetooth.rc in p3nfs 5.19 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/blue.log temporary file.

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2008-5153

spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/spell-check-debug.log, (2) /tmp/spell-check-before, or (3) /tmp/spell-check-…

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2008-5152

inmail-show in mh-book 200605 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/inmail#####.log or (2) /tmp/inmail#####.stdin temporary file.

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2008-5151

test_parser.py in mayavi 1.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/err.log temporary file.

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2008-5149

fwd_check.sh in libncbi6 6.1.20080302 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/##### temporary file.

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2008-5148

sch2eaglepos.sh in geda-gnetlist 1.4.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/##### temporary file.

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2008-5147

test-pipe-to-pyodconverter.org.sh in docvert 2.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/outer.odt temporary file.

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD