CVE Daily
← All tags

Tag: Arbitrary File Write

All CVEs associated with "Arbitrary File Write". Page 8/12 • 1322 CVEs.

Subscribe CVEs: RSS for “Arbitrary File Write”  ·  RSS (High+Critical only)

About “Arbitrary File Write”

A curated feed of “Arbitrary File Write”-related CVEs appears below. We currently track 1322 CVEs for this tag (all time). In the last 365 days, 119 were published. Average CVSS is 5.9 (all time; 7.6 over 365d), and 35% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-59 - Improper Link Resolution Before File Access ('Link Following'), CWE-23 - Relative Path Traversal.

In our taxonomy this topic maps to a HIGH impact class. Common exploitation patterns for this weakness can lead to high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2008-04-30
Critical

CVE-2008-2015

Multiple absolute path traversal vulnerabilities in certain ActiveX controls in WatchFire AppScan 7.0 allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument…

CVSS: 9.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2008-04-28
High

CVE-2008-1998

The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file para…

CVSS: 8.5 CWE: CWE-264 View on NVD
2008-04-25
Medium

CVE-2008-1933

Absolute path traversal vulnerability in a certain ActiveX control in Zune allows user-assisted remote attackers to overwrite arbitrary files via the SaveToFile method. NOTE: the victim must explici…

CVSS: 4.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2008-04-22
Medium

CVE-2008-1694

vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

CVSS: 4.6 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2008-1901

aptlinex before 0.91 allows local users to overwrite arbitrary files via a symlink attack on the gambas-apt.lock temporary file.

CVSS: 7.2 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2008-04-16
Medium

CVE-2007-5664

db2dasrrm in the DB2 Administration Server (DAS) in IBM DB2 Universal Database 9.5 before Fix Pack 1, 9.1 before Fix Pack 4a, and 8 before FixPak 16 allows local users to overwrite arbitrary files vi…

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Low

CVE-2008-1832

lib/prefs.tcl in Cecilia 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the csvers temporary file.

CVSS: 3.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2008-04-11
Critical

CVE-2008-1725

The IBizEBank.FIProfile.1 ActiveX control in fiprofile20.ocx in IBiz E-Banking Integrator (formerly IBiz OFX Integrator) 2.0.2932 exposes the unsafe WriteOFXDataFile method, which allows remote attac…

CVSS: 9.0 CWE: N/A View on NVD
2008-04-02
High

CVE-2008-1620

Directory traversal vulnerability in 2X TFTP service (TFTPd.exe) 3.2.0.0 and earlier in 2X ThinClientServer 5.0_sp1-r3497 and earlier allows remote attackers to read or overwrite arbitrary files via…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Critical

CVE-2008-1647

The ChilkatHttp.ChilkatHttp.1 and ChilkatHttp.ChilkatHttpRequest.1 ActiveX controls in ChilkatHttp.dll 2.4.0.0, 2.3.0.0, and earlier in ChilkatHttp ActiveX expose the unsafe SaveLastError method, whi…

CVSS: 9.3 CWE: CWE-20 - Improper Input Validation View on NVD
2008-04-01
Medium

CVE-2008-1605

The (1) ltmmCaptureCtrl Class, (2) ltmmConvertCtrl Class, and (3) ltmmPlayCtrl Class ActiveX controls (ltmm15.dll 15.1.0.17 and earlier) in LEADTOOLS Multimedia Toolkit 15 allow attackers to overwrit…

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD
2008-03-20
Medium

CVE-2008-1417

The prerm script in axyl 2.1.7 allows local users to overwrite arbitrary files via a symlink attack on the axyl.conf temporary file.

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2008-03-13
High

CVE-2008-1322

The File Check Utility (fcheck.exe) in ASG-Sentry Network Manager 7.0.0 and earlier allows remote attackers to cause a denial of service (CPU consumption) or overwrite arbitrary files via a query str…

CVSS: 7.8 CWE: N/A View on NVD
2008-03-12
Critical

CVE-2008-1310

Directory traversal vulnerability in the TFTP server in PacketTrap Networks pt360 Tool Suite 1.1.33.1.0, and other versions before 2.0.3900.0, allows remote attackers to read and overwrite arbitrary…

CVSS: 10.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2008-03-06
Low

CVE-2008-0883

acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling.

CVSS: 3.7 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2008-02-29
Medium

CVE-2007-6017

The PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0…

CVSS: 5.1 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2008-1078

expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and other distributions, allows local users to overwrite arbitrary files via a symlink attack on the expn[PID] temporary file. NOTE:…

CVSS: 7.2 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2008-02-19
Low

CVE-2008-0806

wyrd 1.4.3b allows local users to overwrite arbitrary files via a symlink attack on the wyrd-tmp.[USERID] temporary file.

CVSS: 3.6 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2008-02-14
Medium

CVE-2008-0782

Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE…

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2008-02-11
Low

CVE-2008-0665

wml_backend/p1_ipp/ipp.src in Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on the ipp.$$.tmp temporary file.

CVSS: 3.6 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Low

CVE-2008-0666

Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on (1) the /tmp/pe.tmp.$$ temporary file used by wml_contrib/wmg.cgi and (2) temporary files us…

CVSS: 3.6 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2008-02-07
Critical

CVE-2008-0656

Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317 allows remote attackers to overwrite arbitrary files via the filename attribute.

CVSS: 10.0 CWE: CWE-20 - Improper Input Validation View on NVD
2008-02-06
Medium

CVE-2008-0631

Multiple ActiveX controls in MailBee.dll in MailBee Objects 5.5 allow remote attackers to (1) overwrite arbitrary files via the SaveToDisk method, or (2) modify files via the AddStringToFile method.

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2008-01-31
Medium

CVE-2007-4998

cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing mul…

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2008-01-17
Medium

CVE-2007-6683

The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 f…

CVSS: 5.0 CWE: N/A View on NVD
2007-12-31
Low

CVE-2007-6595

ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on (1) temporary files used by the cli_gentempfd function in libclamav/others.c or on (2) .ascii files used by sigtool…

CVSS: 2.1 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2007-12-27
Medium

CVE-2007-5342

The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attac…

CVSS: 6.4 CWE: CWE-264 View on NVD
2007-12-19
High

CVE-2007-4709

Directory traversal vulnerability in CFNetwork in Apple Mac OS X 10.5.1 allows remote attackers to overwrite arbitrary files via a crafted HTTP response.

CVSS: 8.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2007-12-15
Medium

CVE-2007-6358

pdftops.pl before 1.20 in alternate pdftops filter allows local users to overwrite arbitrary files via a symlink attack on the pdfin.[PID].tmp temporary file, which is created when pdftops reads a PD…

CVSS: 4.9 CWE: N/A View on NVD
High

CVE-2007-6378

Directory traversal vulnerability in upload.dll in BadBlue 2.72b and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the filename parameter.

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2007-12-04
Low

CVE-2007-6208

sylprint.pl in claws mail tools (claws-mail-tools) allows local users to overwrite arbitrary files via a symlink attack on the sylprint.[USER].[PID] temporary file.

CVSS: 3.6 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2007-6209

Util/difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

CVSS: 4.6 CWE: CWE-264 View on NVD
2007-11-26
Low

CVE-2007-6131

buttonpressed.sh in scanbuttond 0.2.3 allows local users to overwrite arbitrary files via a symlink attack on the (1) scan.pnm and (2) scan.jpg temporary files.

CVSS: 2.1 CWE: CWE-16 View on NVD
2007-11-13
Medium

CVE-2007-5940

feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the feynmf$$.pl temporary file.

CVSS: 4.6 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2007-11-08
Low

CVE-2007-4129

CoolKey 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files in the /tmp/.pk11ipc1/ directory.

CVSS: 3.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2007-11-06
Medium

CVE-2007-5839

The e_hostname function in commands.c in BitchX 1.1a allows local users to overwrite arbitrary files via a symlink attack on temporary files when using the (1) HOSTNAME or (2) IRCHOST command.

CVSS: 4.6 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2007-11-05
High

CVE-2007-5823

Directory traversal vulnerability in forum.php in Ben Ng Scribe 0.2 and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the username parameter in a Regist…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Critical

CVE-2007-5826

Absolute path traversal vulnerability in the EDraw Flowchart ActiveX control in EDImage.ocx 2.0.2005.1104 allows remote attackers to create or overwrite arbitrary files with arbitrary contents via a…

CVSS: 9.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2007-11-02
Medium

CVE-2007-4829

Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name…

CVSS: 6.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2007-10-14
Low

CVE-2007-5200

hugin, as used on various operating systems including SUSE openSUSE 10.2 and 10.3, allows local users to overwrite arbitrary files via a symlink attack on the hugin_debug_optim_results.txt temporary…

CVSS: 3.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2007-5446

Absolute path traversal vulnerability in a certain ActiveX control in PBEmail7Ax.dll in PBEmail 7 ActiveX Edition allows remote attackers to create or overwrite arbitrary files via a full pathname in…

CVSS: 6.4 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2007-10-12
Medium

CVE-2007-5377

The (1) tramp-make-temp-file and (2) tramp-make-tramp-temp-file functions in Tramp 2.1.10 extension for Emacs, and possibly earlier 2.1.x versions, allows local users to overwrite arbitrary files via…

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2007-10-09
Medium

CVE-2007-5320

Multiple absolute path traversal vulnerabilities in Pegasus Imaging ImagXpress 8.0 allow remote attackers to (1) delete arbitrary files via the CacheFile attribute in the ThumbnailXpres.1 ActiveX con…

CVSS: 4.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2007-10-08
High

CVE-2007-5270

Unspecified vulnerability in the Boost module before 4.7.x-1.0, and 5.x before 5.x-1.0, for Drupal allows remote attackers to create or overwrite arbitrary files, and conduct cross-site scripting att…

CVSS: 7.5 CWE: N/A View on NVD
2007-10-05
Medium

CVE-2007-5219

Directory traversal vulnerability in the CLAVSetting.CLSetting.1 ActiveX control in CLAVSetting.DLL 1.00.1829 in the CLAVSetting module in CyberLink PowerDVD 7.0 allows remote attackers to create or…

CVSS: 6.4 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2007-10-04
Low

CVE-2007-5207

guilt 0.27 allows local users to overwrite arbitrary files via a symlink attack on a guilt.log.[PID] temporary file.

CVSS: 3.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2007-10-01
Critical

CVE-2007-5005

Directory traversal vulnerability in rxRPC.dll in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allows remote attackers to upload and overwrite arbi…

CVSS: 10.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2007-09-26
High

CVE-2007-5110

Absolute path traversal vulnerability in the EbCrypt.eb_c_PRNGenerator.1 ActiveX control in EBCRYPT.DLL 2.0.0.2087 and earlier in EB Design ebCrypt allows remote attackers to create or overwrite arbi…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2007-09-20
Medium

CVE-2007-5017

Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite ar…

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2007-09-19
Critical

CVE-2007-4982

Multiple absolute path traversal vulnerabilities in the MW6QRCode.QRCode.1 ActiveX control in MW6QRCode.dll in MW6 Technologies QRCode ActiveX 3.0.0.1 and earlier allow remote attackers to create or…

CVSS: 10.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2007-09-18
Critical

CVE-2007-4962

Directory traversal vulnerability in WinImage 8.10 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a filename within a (1) .IMG or (2) .…

CVSS: 9.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2007-4957

Multiple directory traversal vulnerabilities in download.php in Chupix CMS 0.2.3 allow remote attackers to read or overwrite arbitrary files via a .. (dot dot) in the (1) fichier or (2) repertoire pa…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2007-09-14
Medium

CVE-2007-4890

Absolute directory traversal vulnerability in a certain ActiveX control in the VB To VSI Support Library (VBTOVSI.DLL) 1.0.0.0 in Microsoft Visual Studio 6.0 allows remote attackers to create or over…

CVSS: 5.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2007-09-12
Critical

CVE-2007-4842

Directory traversal vulnerability in Enriva Development Magellan Explorer 3.32 build 2305 and earlier allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a filename…

CVSS: 9.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2007-4843

Directory traversal vulnerability in X-Diesel Unreal Commander 0.92 build 565 and 573 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a filename. NOTE: this ca…

CVSS: 5.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2007-09-08
Medium

CVE-2007-4756

Directory traversal vulnerability in the FTP client in Total Commander before 7.02 allows remote FTP servers to create or overwrite arbitrary files via "..\" (dot dot backslash) sequences in a filena…

CVSS: 6.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2007-09-05
Critical

CVE-2007-4471

Multiple unspecified vulnerabilities in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to create or overwrite arbitrary files via unspecified arguments to the (…

CVSS: 9.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2007-08-31
Medium

CVE-2007-4631

The DataLoader::doStart function in dataloader.cpp in QGit 1.5.6 and other versions up to 2pre1 allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on temp…

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2007-08-30
Medium

CVE-2007-4134

Directory traversal vulnerability in extract.c in star before 1.5a84 allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory s…

CVSS: 6.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2007-08-29
Medium

CVE-2007-4583

Multiple absolute path traversal vulnerabilities in the nvUtility.Utility.1 ActiveX control in nvUtility.dll 1.0.14.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allow remote attackers to (1) create…

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2007-08-28
Critical

CVE-2007-4559

Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot)…

CVSS: 9.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2007-08-27
Medium

CVE-2007-4545

Multiple directory traversal vulnerabilities in Unreal Commander 0.92 build 565 and 573 allow user-assisted remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a filename wi…

CVSS: 6.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2007-08-25
Medium

CVE-2007-4131

Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot)…

CVSS: 6.8 CWE: N/A View on NVD
2007-08-21
High

CVE-2007-4460

The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) 3.8.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file whose name is constructed from the na…

CVSS: 7.2 CWE: N/A View on NVD
Low

CVE-2007-4462

lib/Locale/Po4a/Po.pm in po4a before 0.32 allows local users to overwrite arbitrary files via a symlink attack on the gettextization.failed.po temporary file.

CVSS: 3.3 CWE: N/A View on NVD
2007-08-18
Critical

CVE-2007-4420

Absolute path traversal vulnerability in a certain ActiveX control in officeviewer.ocx 5.1.199.1 in EDraw Office Viewer Component 5.1 allows remote attackers to create or overwrite arbitrary files vi…

CVSS: 9.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2007-08-08
Medium

CVE-2007-4252

Absolute path traversal vulnerability in a certain ActiveX control in CkString.dll 1.1 and earlier in CHILKAT ASP String allows remote attackers to create or overwrite arbitrary files via a full path…

CVSS: 4.3 CWE: N/A View on NVD
High

CVE-2007-4226

Directory traversal vulnerability in the BlueCat Networks Proteus IPAM appliance 2.0.2.0 (Adonis DNS/DHCP appliance 5.0.2.8) allows remote authenticated administrators, with certain TFTP privileges,…

CVSS: 7.1 CWE: N/A View on NVD
2007-08-03
Critical

CVE-2007-4149

The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 does not require authentication for (1) the "LOG." command, which allows remote attackers to create or overwrite arbitrary…

CVSS: 10.0 CWE: N/A View on NVD
2007-07-30
Medium

CVE-2007-4059

Absolute path traversal vulnerability in a certain ActiveX control in IntraProcessLogging.dll 5.5.3.42958 in EMC VMware allows remote attackers to create or overwrite arbitrary files via a full pathn…

CVSS: 5.8 CWE: N/A View on NVD
Critical

CVE-2007-4061

Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument…

CVSS: 9.3 CWE: N/A View on NVD
Critical

CVE-2007-4067

Absolute path traversal vulnerability in the clInetSuiteX6.clWebDav ActiveX control in CLINETSUITEX6.OCX in Clever Internet ActiveX Suite 6.2 allows remote attackers to create or overwrite arbitrary…

CVSS: 9.3 CWE: N/A View on NVD
2007-07-25
Medium

CVE-2007-3531

The set_default_speeds function in backend/backend.c in NVidia NVClock before 0.8b2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvclock temporary file.

CVSS: 6.6 CWE: N/A View on NVD
Medium

CVE-2007-3982

Absolute path traversal vulnerability in the Data Dynamics ActiveReport (ActiveReports) ActiveX control in actrpt2.dll 2.5 and earlier allows remote attackers to create or overwrite arbitrary files v…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2007-3983

Absolute path traversal vulnerability in the Data Dynamics DDActiveReports2.ActiveReport.2 (ActiveReports) ActiveX control in arpro2.dll in ActiveReports 2.0 Professional Edition 2.5.0.1308 (SP5 RC)…

CVSS: 5.0 CWE: N/A View on NVD
2007-07-15
Medium

CVE-2007-3785

Absolute path traversal vulnerability in a certain ActiveX control in PGPBBox.dll in EldoS SecureBlackbox (sbb) 5.1.0.112 allows remote attackers to create or overwrite arbitrary files via a full pat…

CVSS: 4.0 CWE: N/A View on NVD
2007-07-10
High

CVE-2007-3660

The Nonnoi ASP/Barcode ActiveX control (nonnoi_ASPBarcode.dll) allows remote attackers to overwrite arbitrary files via an argument to the SaveBarcode function.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2007-3649

Absolute path traversal vulnerability in a certain ActiveX control in hpqvwocx.dll 2.1.0.556 in Hewlett-Packard (HP) Digital Imaging allows remote attackers to create or overwrite arbitrary files via…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2007-3633

Absolute path traversal vulnerability in the Chilkat Software Chilkat Zip ActiveX control in ChilkatZip2.dll 12.4.2.0 allows remote attackers to create or overwrite arbitrary files via a full pathnam…

CVSS: 6.4 CWE: N/A View on NVD
2007-07-03
Low

CVE-2007-2837

The (1) getRule and (2) getChains functions in server/rules.cpp in fireflierd (fireflier-server) in FireFlier 1.1.6 allow local users to overwrite arbitrary files via a symlink attack on the /tmp/fir…

CVSS: 3.6 CWE: N/A View on NVD
High

CVE-2007-2838

The populate_conns function in src/populate_conns.c in GSAMBAD 0.1.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gsambadtmp temporary file.

CVSS: 7.2 CWE: N/A View on NVD
2007-06-29
Medium

CVE-2007-3487

Absolute path traversal in a certain ActiveX control in hpqxml.dll 2.0.0.133 in Hewlett-Packard (HP) Photo Digital Imaging allows remote attackers to create or overwrite arbitrary files via the argum…

CVSS: 6.4 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2007-3493

A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in NCTAudioStudio (NCTAudioStudio2) 2.7, as used by Sienzo DMM and probably other products, allows remote attackers to create or overwri…

CVSS: 7.5 CWE: N/A View on NVD
2007-06-27
Medium

CVE-2007-3459

A certain ActiveX control in Avaxswf.dll 1.0.0.1 in Civitech Avax Vector 1.3 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the WriteMovie metho…

CVSS: 6.4 CWE: N/A View on NVD
2007-06-26
Critical

CVE-2007-3400

The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157, as distributed in NCTAudioEditor and NCTAudioStudio 2.7, allows remote attackers to overwrite arbitrary files via the CreateFile meth…

CVSS: 9.3 CWE: CWE-20 - Improper Input Validation View on NVD
2007-06-15
Medium

CVE-2007-3233

The TEC-IT TBarCode OCX ActiveX control (TBarCode7.ocx) 7.0.2.3524 allows remote attackers to overwrite arbitrary files via the SaveImage method.

CVSS: 5.0 CWE: N/A View on NVD
2007-05-24
High

CVE-2007-2851

A certain ActiveX control in LeadTools Raster Variant Object Library (LTRVR14e.dll) 14.5.0.44 allows remote attackers to overwrite arbitrary files via the WriteDataToFile method.

CVSS: 7.5 CWE: N/A View on NVD
2007-05-22
Medium

CVE-2007-2519

Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attri…

CVSS: 6.8 CWE: N/A View on NVD
2007-05-17
Critical

CVE-2007-2755

The PrecisionID Barcode 1.9 ActiveX control in PrecisionID_Barcode.dll, when Internet Explorer 6 is used, allows remote attackers to overwrite arbitrary files via a full pathname to the SaveToFile fu…

CVSS: 10.0 CWE: N/A View on NVD
2007-05-16
High

CVE-2007-2725

The DB Software Laboratory DeWizardX (DEWizardAX.ocx) ActiveX control allows remote attackers to overwrite arbitrary files via the SaveToFile function.

CVSS: 7.5 CWE: N/A View on NVD
2007-05-14
Medium

CVE-2007-2654

xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems.

CVSS: 4.4 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2007-05-13
Critical

CVE-2007-2644

A certain ActiveX control in Morovia Barcode ActiveX Professional 3.3.1304 allows remote attackers to overwrite arbitrary files by calling the Save method with an arbitrary filename.

CVSS: 9.4 CWE: N/A View on NVD
2007-05-08
Critical

CVE-2007-2221

Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Window…

CVSS: 9.3 CWE: N/A View on NVD
2007-04-18
Medium

CVE-2007-2058

Directory traversal vulnerability in Acubix PicoZip 4.02 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the file path in an (1) GZ, (2) TAR, (3) RAR…

CVSS: 6.8 CWE: N/A View on NVD
2007-04-02
Medium

CVE-2007-1799

Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.3 only checks for the ".." string, which allows remote attackers to overwrite arbitrary files via modified ".." sequences in a…

CVSS: 6.4 CWE: N/A View on NVD
2007-03-19
Medium

CVE-2007-1500

The Linux Security Auditing Tool (LSAT) allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using /tmp/lsat1.lsat.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2007-0237

The ndeb-binary feature in Lookup (lookup-el) allows local users to overwrite arbitrary files via a symlink attack on temporary files.

CVSS: 4.6 CWE: N/A View on NVD
2007-03-14
Medium

CVE-2007-1444

netserver in netperf 2.4.3 allows local users to overwrite arbitrary files via a symlink attack on /tmp/netperf.debug.

CVSS: 4.4 CWE: N/A View on NVD
2007-03-13
Medium

CVE-2007-0728

Unspecified vulnerability in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 creates files insecurely while initializing a USB printer, which allows local users to create or overwrite arbitrary files.

CVSS: 4.4 CWE: N/A View on NVD
2007-03-10
Medium

CVE-2007-1384

Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.2 allows remote attackers to overwrite arbitrary files via ".." sequences in a torrent filename.

CVSS: 6.4 CWE: N/A View on NVD
2007-03-07
Critical

CVE-2007-1329

Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent…

CVSS: 10.0 CWE: N/A View on NVD
2007-02-21
Medium

CVE-2007-1027

Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file.

CVSS: 4.4 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2007-02-20
Low

CVE-2007-0007

gnucash 2.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) gnucash.trace, (2) qof.trace, and (3) qof.trace.[PID] temporary files.

CVSS: 3.6 CWE: N/A View on NVD
2007-02-16
Medium

CVE-2007-0898

Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the id MIME header parameter in a multi-part…

CVSS: 6.4 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2007-02-14
Critical

CVE-2007-0915

Distributed SLS daemon (SLSd) on HP-UX B.11.11 allows remote attackers to overwrite arbitrary files and gain privileges via a crafted RPC request.

CVSS: 10.0 CWE: N/A View on NVD
2007-02-01
High

CVE-2007-0657

Unspecified vulnerability in Nexuiz 2.2.2 allows remote attackers to read and overwrite arbitrary files via the gamedir command.

CVSS: 7.5 CWE: N/A View on NVD
2007-01-25
Medium

CVE-2007-0476

The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2.x before 2.2.28-r7, and 2.3.x before 2.3.30-r2 as an ebuild in Gentoo Linux, does not create temporary directories in /tmp secur…

CVSS: 4.6 CWE: N/A View on NVD
2007-01-24
Critical

CVE-2007-0469

The extract_files function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary file…

CVSS: 9.3 CWE: N/A View on NVD
2007-01-18
Medium

CVE-2007-0336

Undercover.app/Contents/Resources/uc in Rixstep Undercover allows local users to overwrite arbitrary files, probably related to a race condition.

CVSS: 4.4 CWE: N/A View on NVD
2007-01-17
Medium

CVE-2006-6939

GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function.

CVSS: 4.6 CWE: N/A View on NVD
2007-01-11
Medium

CVE-2007-0166

The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify pathnames when writing to /var/log/console.log during a jail start-up, or when file systems are mounted or unmounted, which allows local…

CVSS: 6.6 CWE: N/A View on NVD
2007-01-10
Medium

CVE-2007-0159

Directory traversal vulnerability in the GeoIP_update_database_general function in libGeoIP/GeoIPUpdate.c in GeoIP 1.4.0 allows remote malicious update servers (possibly only update.maxmind.com) to o…

CVSS: 6.4 CWE: N/A View on NVD
2007-01-08
Critical

CVE-2007-0100

The Perforce client does not restrict the set of files that it overwrites upon receiving a request from the server, which allows remote attackers to overwrite arbitrary files by modifying the client…

CVSS: 10.0 CWE: N/A View on NVD
2006-12-13
High

CVE-2006-5584

The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain priv…

CVSS: 7.5 CWE: N/A View on NVD
2006-12-06
Medium

CVE-2006-6328

Directory traversal vulnerability in index.php for TorrentFlux 2.2 allows remote attackers to create or overwrite arbitrary files via sequences in the alias_file parameter.

CVSS: 4.9 CWE: N/A View on NVD
2006-11-24
Medium

CVE-2006-6097

GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is no…

CVSS: 4.0 CWE: N/A View on NVD
2006-11-04
Medium

CVE-2006-5705

Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequen…

CVSS: 6.0 CWE: N/A View on NVD
2006-10-20
Low

CVE-2006-5432

Multiple direct static code injection vulnerabilities in db/txt.inc.php in phpPowerCards 2.10, when register_globals is enabled, allow remote attackers to create or overwrite arbitrary files via the…

CVSS: 2.6 CWE: N/A View on NVD
2006-10-16
Low

CVE-2006-5297

Race condition in the safe_open function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitat…

CVSS: 1.2 CWE: N/A View on NVD
2006-10-12
Low

CVE-2006-4842

The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which…

CVSS: 3.6 CWE: CWE-20 - Improper Input Validation View on NVD