CVE Daily
← All tags

Tag: Arbitrary File Write

All CVEs associated with "Arbitrary File Write". Page 9/12 • 1322 CVEs.

Subscribe CVEs: RSS for “Arbitrary File Write”  ·  RSS (High+Critical only)

About “Arbitrary File Write”

A curated feed of “Arbitrary File Write”-related CVEs appears below. We currently track 1322 CVEs for this tag (all time). In the last 365 days, 119 were published. Average CVSS is 5.9 (all time; 7.6 over 365d), and 35% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-59 - Improper Link Resolution Before File Access ('Link Following'), CWE-23 - Relative Path Traversal.

In our taxonomy this topic maps to a HIGH impact class. Common exploitation patterns for this weakness can lead to high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2006-10-10
Medium

CVE-2006-5072

The System.CodeDom.Compiler classes in Novell Mono create temporary files with insecure permissions, which allows local users to overwrite arbitrary files or execute arbitrary code via a symlink atta…

CVSS: 6.2 CWE: N/A View on NVD
Low

CVE-2006-5215

The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or…

CVSS: 2.6 CWE: N/A View on NVD
2006-09-27
Low

CVE-2006-5004

Unspecified vulnerability in the rdist command in IBM AIX 5.2.0 and 5.3.0 allows local users to overwrite arbitrary files via unspecified vectors.

CVSS: 2.1 CWE: N/A View on NVD
Critical

CVE-2006-5008

Unspecified vulnerability in utape in IBM AIX 5.2.0 and 5.3.0 allows attackers to execute arbitrary commands and overwrite arbitrary files via unspecified vectors.

CVSS: 10.0 CWE: N/A View on NVD
High

CVE-2006-5009

Unspecified vulnerability in xlock in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands and overwrite arbitrary files via unspecified vectors, possibly involving a buffer overf…

CVSS: 7.2 CWE: N/A View on NVD
Medium

CVE-2006-5002

Unspecified vulnerability in IBM Inventory Scout for AIX 2.2.0.0 through 2.2.0.9 (invscoutClient_VPD_Survey) allows attackers to overwrite arbitrary files via unspecified vectors.

CVSS: 5.0 CWE: N/A View on NVD
2006-08-29
High

CVE-2006-4432

Directory traversal vulnerability in Zend Platform 2.2.1 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the final component of the PHP session identif…

CVSS: 7.5 CWE: N/A View on NVD
2006-08-18
Low

CVE-2006-4233

Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allow local users to obtain sensitive information (proxy certificates) and overwrite arbitrary files via a symlink attack on temporary files in…

CVSS: 3.6 CWE: N/A View on NVD
2006-08-17
Medium

CVE-2006-3859

IBM Informix Dynamic Server (IDS) allows remote authenticated users to create and overwrite arbitrary files via the (1) LOTOFILE and (2) trl_tracefile_set functions, and the (3) "SET DEBUG FILE" comm…

CVSS: 4.0 CWE: N/A View on NVD
2006-08-11
Low

CVE-2006-3813

A regression error in the Perl package for Red Hat Enterprise Linux 4 omits the patch for CVE-2005-0155, which allows local users to overwrite arbitrary files with debugging information.

CVSS: 2.1 CWE: N/A View on NVD
2006-08-09
Low

CVE-2006-4049

Unspecified vulnerability in the utxconfig utility in Sun Ray Server Software 3.x allows local users to create or overwrite arbitrary files via unknown attack vectors.

CVSS: 2.1 CWE: N/A View on NVD
2006-07-25
Low

CVE-2006-3619

Directory traversal vulnerability in FastJar 0.93, as used in Gnu GCC 4.1.1 and earlier, and 3.4.6 and earlier, allows user-assisted attackers to overwrite arbitrary files via a .jar file containing…

CVSS: 2.6 CWE: N/A View on NVD
2006-07-18
Medium

CVE-2006-3593

The command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to overwrite arbitrary files by redirecting a command's output to a file or folder, aka…

CVSS: 4.0 CWE: N/A View on NVD
2006-07-07
Medium

CVE-2006-3426

Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbi…

CVSS: 5.0 CWE: N/A View on NVD
2006-06-30
Medium

CVE-2006-3324

The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2006-3325

client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and earlier allows remote malicious servers to overwrite arbitrary write-protected cvars varia…

CVSS: 5.0 CWE: N/A View on NVD
Low

CVE-2006-3326

Directory traversal vulnerability in QuickZip 3.06.3 allows remote user-assisted attackers to overwrite arbitrary files or directories via .. (dot dot) sequences in filenames within (1) TAR,(2) GZ, a…

CVSS: 2.6 CWE: N/A View on NVD
2006-06-28
Medium

CVE-2006-3288

Unspecified vulnerability in the TFTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51), when configured to use a directory path name that contains a space character,…

CVSS: 5.0 CWE: N/A View on NVD
2006-06-24
Medium

CVE-2006-3207

Directory traversal vulnerability in newpost.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence and trailing null (%00)…

CVSS: 5.0 CWE: N/A View on NVD
2006-06-23
Medium

CVE-2006-3178

Directory traversal vulnerability in extract_chmLib example program in CHM Lib (chmlib) before 0.38 allows remote attackers to overwrite arbitrary files via a CHM archive containing files with a .. (…

CVSS: 5.0 CWE: N/A View on NVD
2006-05-31
Medium

CVE-2006-2717

Unspecified vulnerability in Secure Elements Class 5 AVR client and server (aka C5 EVM) before 2.8.1 allows authenticated attackers to overwrite arbitrary files (1) on a server during an update or (2…

CVSS: 4.0 CWE: N/A View on NVD
2006-05-12
Low

CVE-2006-1440

BOM in Apple Mac OS X 10.3.9 and 10.4.6 allows attackers to overwrite arbitrary files via an archive that contains symbolic links.

CVSS: 2.1 CWE: N/A View on NVD
Low

CVE-2006-1457

Safari on Apple Mac OS X 10.4.6, when "Open `safe' files after downloading" is enabled, will automatically expand archives, which could allow remote attackers to overwrite arbitrary files via an arch…

CVSS: 2.6 CWE: N/A View on NVD
2006-04-19
Low

CVE-2006-1247

rm_mlcache_file in bos.rte.install in AIX 5.1.0 through 5.3.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

CVSS: 3.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2006-04-18
Low

CVE-2006-1753

A cron job in fcheck before 2.7.59 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

CVSS: 3.6 CWE: N/A View on NVD
2006-04-11
Low

CVE-2006-1695

The fbgs script in the fbi package 2.01-1.4, when the TMPDIR environment variable is not defined, allows local users to overwrite arbitrary files via a symlink attack on temporary files in /var/tmp/f…

CVSS: 1.2 CWE: N/A View on NVD
2006-04-05
Medium

CVE-2006-1621

Directory traversal vulnerability in admin/folders/saveuploadfiles.asp in Hosting Controller 2002 RC 1 allows remote authenticated users to overwrite arbitrary files via an absolute path in the OpenP…

CVSS: 4.0 CWE: N/A View on NVD
2006-04-04
Medium

CVE-2006-1611

Directory traversal vulnerability in KGB Archiver before 1.1.5.22 allows remote attackers to overwrite arbitrary files wile decompressing an archive, possibly due to directory traversal sequences in…

CVSS: 5.0 CWE: N/A View on NVD
2006-03-25
Medium

CVE-2006-1390

The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a and earlier, and Slash'EM 0.0.760 and earlier on Gentoo Linux allows local users in the games group to modify saved games files…

CVSS: 4.6 CWE: N/A View on NVD
2006-03-23
Low

CVE-2006-0050

snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary log file.

CVSS: 1.2 CWE: N/A View on NVD
2006-03-21
High

CVE-2006-0745

X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users…

CVSS: 7.2 CWE: N/A View on NVD
2006-03-20
Medium

CVE-2006-1323

Directory traversal vulnerability in WinHKI 1.6 and earlier allows user-assisted attackers to overwrite arbitrary files via a (1) RAR, (2) TAR, (3) ZIP, or (4) TAR.GZ archive with a file whose file n…

CVSS: 5.1 CWE: N/A View on NVD
2006-03-19
Medium

CVE-2006-1279

CGI::Session 4.03-1 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by (1) Driver::File, (2) Driver::db_file, and possibly (3) Driver::sqlite.

CVSS: 5.0 CWE: N/A View on NVD
2006-03-16
Low

CVE-2006-1182

Adobe Graphics Server 2.0 and 2.1 (formerly AlterCast) and Adobe Document Server (ADS) 5.0 and 6.0 allows local users to read files with certain extensions or overwrite arbitrary files and execute co…

CVSS: 2.6 CWE: N/A View on NVD
2006-03-14
Low

CVE-2006-1224

Directory traversal vulnerability in dwnld.php in GuppY 4.5.11 allows remote attackers to overwrite arbitrary files via a "%2E." (mixed encoding) in the pg parameter.

CVSS: 2.6 CWE: N/A View on NVD
2006-03-13
Low

CVE-2006-0950

unalz 0.53 allows user-assisted attackers to overwrite arbitrary files via an ALZ archive with ".." (dot dot) sequences in a filename.

CVSS: 2.6 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2006-03-03
Medium

CVE-2006-0981

Directory traversal vulnerability in e-merge WinAce 2.6 and earlier allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a (1) zip or (2) tar archive.

CVSS: 4.0 CWE: N/A View on NVD
2006-02-28
Low

CVE-2006-0926

Multiple directory traversal vulnerabilities in Allume StuffIt Standard and Deluxe 9.0, ZipMagic Deluxe 9.0, and StuffIt Expander 9.0.0.21 Engine 9.0.0.21 allow remote attackers to create and overwri…

CVSS: 2.6 CWE: N/A View on NVD
Medium

CVE-2006-0931

Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other versions before 1.3.2, allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a TAR arc…

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2006-0932

Directory traversal vulnerability in zip.lib.php 0.1.1 in PEAR::Archive_Zip allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a ZIP archive.

CVSS: 5.0 CWE: N/A View on NVD
2006-02-25
Medium

CVE-2006-0890

Directory traversal vulnerability in SpeedProject Squeez 5.1, as used in (1) ZipStar 5.1 and (2) SpeedCommander 11.01.4450, allows remote attackers to overwrite arbitrary files via unspecified manipu…

CVSS: 5.0 CWE: N/A View on NVD
2006-02-08
Low

CVE-2006-0582

Unspecified vulnerability in rshd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2, when storing forwarded credentials, allows attackers to overwrite arbitrary files and change file ownership via…

CVSS: 2.1 CWE: N/A View on NVD
2006-02-07
Medium

CVE-2006-0575

convert-fcrontab in Fcron 2.9.5 and 3.0.0 allows remote attackers to create or overwrite arbitrary files via ".." sequences and a symlink attack on the temporary file that is used during conversion.

CVSS: 5.0 CWE: N/A View on NVD
2006-02-02
Low

CVE-2006-0512

PADL MigrationTools 46 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the temporary files, which are not properly created by (1) mig…

CVSS: 2.1 CWE: N/A View on NVD
2006-01-16
Medium

CVE-2006-0223

Directory traversal vulnerability in Shanghai TopCMM 123 Flash Chat Server Software 5.1 allows attackers to create or overwrite arbitrary files on the server via ".." (dot dot) sequences in the usern…

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2006-01-11
Low

CVE-2006-0055

The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable filenames and does not confirm which file is being written, which allows local users to overwrite arbitrary files via a symlink at…

CVSS: 2.1 CWE: N/A View on NVD
2006-01-04
Medium

CVE-2006-0071

The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, which allows local users to read or overwrite arbitrary files as gid 0.

CVSS: 6.6 CWE: N/A View on NVD
2005-12-31
Low

CVE-2005-1918

The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwr…

CVSS: 2.6 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2005-2714

passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to overwrite arbitrary files via a symlink attack on the .pwtmp.[PID] temporary file.

CVSS: 6.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Low

CVE-2005-3126

The (1) kantiword (kantiword.sh) and (2) gantiword (gantiword.sh) scripts in antiword 0.35 and earlier allow local users to overwrite arbitrary files via a symlink attack on temporary (a) output and…

CVSS: 1.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2005-3240

Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from cert…

CVSS: 5.1 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Low

CVE-2005-3342

noweb 2.10c and earlier allows local users to overwrite arbitrary files via symlink attacks on temporary files in (1) lib/toascii.nw and (2) shell/roff.mm.

CVSS: 1.2 CWE: N/A View on NVD
Low

CVE-2005-4536

Mail::Audit module in libmail-audit-perl 2.1-5, when logging is enabled without a default log file specified, uses predictable log filenames, which allows local users to overwrite arbitrary files via…

CVSS: 2.1 CWE: N/A View on NVD
Low

CVE-2005-4690

Six Apart Movable Type 3.16 allows local users with blog-creation privileges to create or overwrite arbitrary files of certain types (such as HTML and image files) by selecting an arbitrary directory…

CVSS: 2.1 CWE: N/A View on NVD
Low

CVE-2005-4691

imake in NetBSD before 2.0.3, NetBSD-current before 12 September 2005, certain versions of X.Org, and certain versions of XFree86 allows local users to overwrite arbitrary files via a symlink attack…

CVSS: 2.1 CWE: N/A View on NVD
Low

CVE-2005-4803

graphviz before 2.2.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files. NOTE: this issue was originally associated with a different CVE identifier, CVE-2005-29…

CVSS: 3.6 CWE: N/A View on NVD
2005-12-28
High

CVE-2005-4534

The shadow database feature (syncshadowdb) in Bugzilla 2.9 through 2.16.10 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

CVSS: 7.5 CWE: N/A View on NVD
2005-12-27
Low

CVE-2005-3341

DHIS tools DNS package (dhis-tools-dns) before 5.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files created by (1) register-q.sh and (2) register-p.sh.

CVSS: 2.1 CWE: N/A View on NVD
Medium

CVE-2005-3343

tkdiff before 4.1.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

CVSS: 4.6 CWE: N/A View on NVD
2005-11-30
Medium

CVE-2005-3929

Directory traversal vulnerability in the create function in xarMLSXML2PHPBackend.php in Xaraya 1.0 allows remote attackers to create directories and overwrite arbitrary files via ".." sequences in th…

CVSS: 5.0 CWE: N/A View on NVD
2005-11-29
Low

CVE-2005-3885

The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file.

CVSS: 2.1 CWE: N/A View on NVD
2005-11-25
Medium

CVE-2005-3811

Directory traversal vulnerability in admin/main.php in AMAX Magic Winmail Server 4.2 (build 0824) and earlier allows remote attackers to overwrite arbitrary files with session information via the sid…

CVSS: 5.0 CWE: N/A View on NVD
2005-11-23
Medium

CVE-2005-3785

Second-order symlink vulnerability in eix-sync.in in Ebuild IndeX (eix) before 0.5.0_pre2 allows local users to overwrite arbitrary files via a symlink attack on the exi.X.sync temporary file, which…

CVSS: 5.0 CWE: N/A View on NVD
2005-10-27
Low

CVE-2005-3331

viewpatch in mgdiff 1.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

CVSS: 2.1 CWE: N/A View on NVD
2005-10-26
Low

CVE-2005-3311

BMC Software Control-M 6.1.03 for Solaris, and possibly other platforms, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

CVSS: 2.1 CWE: N/A View on NVD
2005-10-25
Low

CVE-2005-2748

The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users to overwrite arbitrary files by setting the MallocLogFile environment variable to the target file b…

CVSS: 2.1 CWE: N/A View on NVD
2005-10-13
Low

CVE-2005-2992

arc 5.21j and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different type of vulnerability than CVE-2005-2945.

CVSS: 2.1 CWE: N/A View on NVD
2005-10-05
Low

CVE-2005-2960

cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137.

CVSS: 2.1 CWE: N/A View on NVD
Low

CVE-2005-3137

The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2005-2960.

CVSS: 2.1 CWE: N/A View on NVD
2005-10-04
Medium

CVE-2005-3136

Directory traversal vulnerability in Virtools Web Player 3.0.0.100 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a filename.

CVSS: 5.0 CWE: N/A View on NVD
2005-09-30
Low

CVE-2005-3115

mpeg-tools before 1.5b-r2 creates multiple temporary files insecurely, which allows local users to overwrite arbitrary files via (1) ts.stat, (2) ts.mpg, (3) foobar, (4) blockbar, or (5) foobar[NNN].

CVSS: 2.1 CWE: N/A View on NVD
2005-09-28
Medium

CVE-2005-3097

Directory traversal vulnerability in Avi Alkalay contribute.cgi (aka contribute.pl), dated 16 Jun 2002, allows remote attackers to overwrite arbitrary files via ".." sequences in the contribdir varia…

CVSS: 5.0 CWE: N/A View on NVD
2005-09-27
Low

CVE-2005-3069

xferfaxstats in HylaFax 4.2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on the xferfax$$ temporary file.

CVSS: 2.1 CWE: N/A View on NVD
2005-09-21
Low

CVE-2005-3011

The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.

CVSS: 1.2 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Low

CVE-2005-2663

masqmail before 0.2.18 allows local users to overwrite arbitrary files via a symlink attack on a log file.

CVSS: 2.1 CWE: N/A View on NVD
2005-09-20
Low

CVE-2005-2991

ncompress 4.2.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files using (1) zdiff or (2) zcmp, a different vulnerability than CVE-2004-0970.

CVSS: 2.1 CWE: N/A View on NVD
2005-09-16
Medium

CVE-2005-2944

The perform_file_save function in GNOME Workstation Command Center (gwcc) 0.9.6 and earlier allows local users to create and overwrite arbitrary files via a symlink attack on the gwcc_out.txt tempora…

CVSS: 4.6 CWE: N/A View on NVD
2005-09-15
Medium

CVE-2005-2918

The open_cmd_tube function in mount.c for gtkdiskfree 1.9.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the gtkdiskfree temporary file.

CVSS: 5.0 CWE: N/A View on NVD
2005-09-08
Low

CVE-2005-2864

URBAN 1.5.3_1 allows local users to overwrite arbitrary files via a symlink attack on the (1) high score or (2) save game files.

CVSS: 2.1 CWE: N/A View on NVD
2005-09-07
Low

CVE-2005-2809

silc daemon (silcd.c) in Secure Internet Live Conferencing (SILC) 1.0 and earlier allows local users to overwrite arbitrary files via a symlink attack on the silcd.[PID].stats temporary file.

CVSS: 2.1 CWE: N/A View on NVD
2005-09-02
Low

CVE-2005-1915

The log4sh_readProperties function in log4sh 1.2.5 and earlier allows local users to overwrite arbitrary files via a symlink attack on predictable log4sh.$$ filenames.

CVSS: 2.1 CWE: N/A View on NVD
2005-08-26
Medium

CVE-2005-2693

cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack.

CVSS: 4.6 CWE: N/A View on NVD
2005-08-23
Medium

CVE-2005-2670

Directory traversal vulnerability in HAURI Anti-Virus products including ViRobot Expert 4.0, Advanced Server, Linux Server 2.0, and LiveCall allows remote attackers to overwrite arbitrary files via "…

CVSS: 5.0 CWE: N/A View on NVD
Low

CVE-2005-2672

pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file.

CVSS: 2.1 CWE: N/A View on NVD
2005-08-17
Medium

CVE-2005-2101

langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in /tmp with predictable names, which allows local users to overwrite arbitrary files.

CVSS: 5.0 CWE: N/A View on NVD
2005-08-05
Low

CVE-2005-2353

run-mozilla.sh in Thunderbird, with debugging enabled, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.

CVSS: 2.1 CWE: N/A View on NVD
2005-08-03
Low

CVE-2005-2449

Race condition in sandbox before 1.2.11 allows local users to create or overwrite arbitrary files via symlink attack on sandboxpids.tmp.

CVSS: 1.2 CWE: N/A View on NVD
2005-07-26
Medium

CVE-2005-2371

Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows remote attackers to overwrite arbitrary files via (1) "..", (2) Windows drive letter (C:), and (3) absolute path sequen…

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2005-07-19
Low

CVE-2005-2300

Skype 1.1.0.20 and earlier allows local users to overwrite arbitrary files via a symlink attack on the skype_profile.jpg temporary file.

CVSS: 2.1 CWE: N/A View on NVD
Low

CVE-2005-2311

SMS 1.9.2m and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) request1 or (2) request2 temporary files.

CVSS: 2.1 CWE: N/A View on NVD
2005-07-18
Low

CVE-2005-1914

CenterICQ 4.20.0 and earlier creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack on the gg.token.PID temporary file.

CVSS: 2.1 CWE: N/A View on NVD
2005-07-12
Low

CVE-2005-2230

Electronic Mail Operator (elmo) 1.3.2-r1 and earlier creates the elmostats temporary file insecurely, which allows local users to overwrite arbitrary files.

CVSS: 2.1 CWE: N/A View on NVD
Low

CVE-2005-2231

High Availability Linux Project Heartbeat 1.2.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

CVSS: 2.1 CWE: N/A View on NVD
Low

CVE-2005-2240

xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary files via a symlink attack on the xpvm.trace.$user temporary file.

CVSS: 2.1 CWE: N/A View on NVD
2005-07-11
Low

CVE-2005-2180

gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when installed setuid, does not properly check files passed to the -o argument and opens the file with write access, which allows local u…

CVSS: 2.1 CWE: N/A View on NVD
2005-07-05
Low

CVE-2005-1917

kpopper 1.0 and earlier allows local users to create and overwrite arbitrary files via a symlink attack on the .popper-new temporary file.

CVSS: 2.1 CWE: N/A View on NVD
2005-06-29
Medium

CVE-2005-2054

Unknown vulnerability in RealPlayer 10 and 10.5 (6.0.12.1040-1069) and RealOne Player v1 and v2 allows remote attackers to overwrite arbitrary files or execute arbitrary ActiveX controls via a crafte…

CVSS: 5.1 CWE: N/A View on NVD
2005-06-16
Low

CVE-2005-2032

Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows local users to overwrite arbitrary files.

CVSS: 2.1 CWE: N/A View on NVD
2005-06-09
Low

CVE-2005-1878

GIPTables Firewall 1.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on the temp.ip.addresses temporary file.

CVSS: 1.2 CWE: N/A View on NVD
Medium

CVE-2005-1879

LutelWall 0.97 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.

CVSS: 5.5 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2005-06-08
Low

CVE-2005-1725

launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local users to overwrite arbitrary files via a symlink attack on the socket file in an insecure temporary directory.

CVSS: 2.1 CWE: N/A View on NVD
2005-06-06
Medium

CVE-2005-1880

everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.

CVSS: 5.5 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2005-05-24
Medium

CVE-2005-1707

The fn_show_postinst function in Gentoo webapp-config before 1.10-r14 allows local users to overwrite arbitrary files via a symlink attack on the postinst.txt temporary file.

CVSS: 4.6 CWE: N/A View on NVD
Critical

CVE-2005-1740

fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files insecurely, which allows local users to modify the contents of those files to execute arbitrary commands, or overwrite arbitrary files…

CVSS: 10.0 CWE: N/A View on NVD
2005-05-02
Medium

CVE-2005-0071

vdr before 1.2.6 does not securely create files, which allows attackers to overwrite arbitrary files.

CVSS: 5.0 CWE: N/A View on NVD
Low

CVE-2005-0077

The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.

CVSS: 2.1 CWE: N/A View on NVD
Medium

CVE-2005-0213

Directory traversal vulnerability in WinHKI 1.4d allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a zip file.

CVSS: 5.0 CWE: N/A View on NVD
Low

CVE-2005-0225

firehol.sh in FireHOL before 1.224 creates temporary files with predictable file names, which could allow local users to overwrite arbitrary files via a symlink attack.

CVSS: 2.1 CWE: N/A View on NVD
Medium

CVE-2005-0304

Directory traversal vulnerability in DivX Player 2.6 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a filename in a ZIP file for a skin.

CVSS: 5.0 CWE: N/A View on NVD
Low

CVE-2005-0342

The Finder in Mac OS X and earlier allows local users to overwrite arbitrary files and gain privileges by creating a hard link from the .DS_Store file to an arbitrary file.

CVSS: 2.1 CWE: N/A View on NVD
Low

CVE-2005-0365

The dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.

CVSS: 2.1 CWE: N/A View on NVD
Low

CVE-2005-0387

remstats 1.0.13 and earlier, when processing uptime data, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.

CVSS: 2.1 CWE: N/A View on NVD
Low

CVE-2005-0465

gr_osview in SGI IRIX does not drop privileges before opening files, which allows local users to overwrite arbitrary files via the -s option.

CVSS: 2.1 CWE: N/A View on NVD
Low

CVE-2005-0711

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary fi…

CVSS: 2.1 CWE: N/A View on NVD
Medium

CVE-2005-0796

Directory traversal vulnerability in HolaCMS 1.4.9-1 allows remote attackers to overwrite arbitrary files via a "holaDB/votes" followed by a .. (dot dot) in the vote_filename parameter, which bypasse…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-0824

The internal_dump function in Mathopd before 1.5p5, and 1.6x before 1.6b6 BETA, when Mathopd is running with the -n option, allows local users to overwrite arbitrary files via a symlink attack on dum…

CVSS: 5.5 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Low

CVE-2005-0866

cdrecord before 4:2.0, when DEBUG is enabled, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

CVSS: 2.1 CWE: N/A View on NVD
Low

CVE-2005-0990

unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file.

CVSS: 2.1 CWE: N/A View on NVD
Low

CVE-2005-1066

Race condition in rpdump in Pine 4.62 and earlier allows local users to overwrite arbitrary files via a symlink attack.

CVSS: 1.2 CWE: N/A View on NVD
Medium

CVE-2005-1080

Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in f…

CVSS: 5.0 CWE: N/A View on NVD