[CLOSE] OSVDB ID : 49954 - Disclosed: 2008-08-13

Description:

(Description Provided by CVE) : tau 2.16.4 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/makefile.tau.*.##### or (2) /tmp/makefile.tau*.##### temporary file, related to the (a) tau_cxx, (b) tau_f90, and (c) tau_cc scripts.

[CLOSE] OSVDB ID : 49955 - Disclosed: 2008-08-13

Description:

(Description Provided by CVE) : tau 2.16.4 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/makefile.tau.*.##### or (2) /tmp/makefile.tau*.##### temporary file, related to the (a) tau_cxx, (b) tau_f90, and (c) tau_cc scripts.

[CLOSE] OSVDB ID : 49956 - Disclosed: 2008-08-13

Description:

(Description Provided by CVE) : tau 2.16.4 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/makefile.tau.*.##### or (2) /tmp/makefile.tau*.##### temporary file, related to the (a) tau_cxx, (b) tau_f90, and (c) tau_cc scripts.

[CLOSE] OSVDB ID : 49988 - Disclosed: 2008-08-13

Description:

p3nfs contains a flaw that may allow a malicious local user to overwrite arbitrary files on the system. The issue is due to the bluetooth.rc script creating temporary files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 49974 - Disclosed: 2008-08-13

Description:

(Description Provided by CVE) : add-accession-numbers in ctn 3.0.6 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/accession temporary file.

[CLOSE] OSVDB ID : 49975 - Disclosed: 2008-08-13

Description:

docvert contains a flaw that may allow a malicious local user to overwrite arbitrary files on the system. The issue is due to the 'test-pipe-to-pyodconverter.org.sh' program creating temporary files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 49978 - Disclosed: 2008-08-13

Description:

(Description Provided by CVE) : sch2eaglepos.sh in geda-gnetlist 1.4.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/##### temporary file.

[CLOSE] OSVDB ID : 49979 - Disclosed: 2008-08-13

Description:

libncbi6 contains a flaw that may allow a malicious local user to overwrite arbitrary files on the system. The issue is due to the fwd_check.sh script creating temporary files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 49982 - Disclosed: 2008-08-13

Description:

maildirsync contains a flaw that may allow a malicious local user to manipulate arbitrary files on the system. The issue is due to the sample.sh script creating temporary files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 49984 - Disclosed: 2008-08-13

Description:

mayavi contains a flaw that may allow a malicious local user to overwrite arbitrary files on the system. The issue is due to the 'test_parser.py' script creating temporary files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 49985 - Disclosed: 2008-08-13

Description:

mh-book contains a flaw that may allow a malicious local user to overwrite arbitrary files on the system. The issue is due to the inmail-show script creating temporary files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 49989 - Disclosed: 2008-08-13

Description:

(Description Provided by CVE) : mail2sms.sh in smsclient 2.0.8z allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/header.##### or (2) /tmp/body.##### temporary file, or append data to arbitrary files via a symlink attack on the (3) /tmp/sms.log temporary file.

[CLOSE] OSVDB ID : 50637 - Disclosed: 2008-08-13

Description:

(Description Provided by CVE) : pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333.

[CLOSE] OSVDB ID : 50638 - Disclosed: 2008-08-13

Description:

(Description Provided by CVE) : editcomment in crip 3.7 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.tag.tmp temporary file.

[CLOSE] OSVDB ID : 50667 - Disclosed: 2008-08-13

Description:

(Description Provided by CVE) : cmus-status-display in cmus 2.2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/cmus-status temporary file.

[CLOSE] OSVDB ID : 50921 - Disclosed: 2008-08-13

Description:

(Description Provided by CVE) : mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mtx.##### temporary file, probably a related issue to CVE-2005-2995.

[CLOSE] OSVDB ID : 51508 - Disclosed: 2008-08-13

Description:

YapBB contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'include/class_yapbbcooker.php' script not properly sanitizing user input supplied to the 'cfgIncludeDirectory' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 51509 - Disclosed: 2008-08-13

Description:

PHP-Fusion contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'readmore.php' script not properly sanitizing user-supplied input to the 'news_id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 51511 - Disclosed: 2008-08-13

Description:

(Description Provided by CVE) : Nukeviet 2.0 Beta allows remote attackers to bypass authentication and gain administrative access by setting the admf cookie to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 51690 - Disclosed: 2008-08-13

Description:

(Description Provided by CVE) : bash-doc 3.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/cb#####.? temporary file, related to the (1) aliasconv.sh, (2) aliasconv.bash, and (3) cshtobash scripts.

[CLOSE] OSVDB ID : 51772 - Disclosed: 2008-08-13

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Meet#Web 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) modules.php, (2) ManagerResource.class.php, (3) ManagerRightsResource.class.php, (4) RegForm.class.php, (5) RegResource.class.php, and (6) RegRightsResource.class.php in classes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 51773 - Disclosed: 2008-08-13

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Meet#Web 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) modules.php, (2) ManagerResource.class.php, (3) ManagerRightsResource.class.php, (4) RegForm.class.php, (5) RegResource.class.php, and (6) RegRightsResource.class.php in classes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 51774 - Disclosed: 2008-08-13

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Meet#Web 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) modules.php, (2) ManagerResource.class.php, (3) ManagerRightsResource.class.php, (4) RegForm.class.php, (5) RegResource.class.php, and (6) RegRightsResource.class.php in classes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 51775 - Disclosed: 2008-08-13

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Meet#Web 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) modules.php, (2) ManagerResource.class.php, (3) ManagerRightsResource.class.php, (4) RegForm.class.php, (5) RegResource.class.php, and (6) RegRightsResource.class.php in classes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 51776 - Disclosed: 2008-08-13

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Meet#Web 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) modules.php, (2) ManagerResource.class.php, (3) ManagerRightsResource.class.php, (4) RegForm.class.php, (5) RegResource.class.php, and (6) RegRightsResource.class.php in classes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 51777 - Disclosed: 2008-08-13

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Meet#Web 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) modules.php, (2) ManagerResource.class.php, (3) ManagerRightsResource.class.php, (4) RegForm.class.php, (5) RegResource.class.php, and (6) RegRightsResource.class.php in classes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 47593 - Disclosed: 2008-08-12

Description:

(Description Provided by CVE) : The kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, does not properly verify IOCTL requests, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted request.

[CLOSE] OSVDB ID : 47594 - Disclosed: 2008-08-12

Description:

(Description Provided by CVE) : Unspecified vulnerability in the kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, allows remote attackers to cause a denial of service via unknown vectors, related to "insufficient validation."

[CLOSE] OSVDB ID : 47588 - Disclosed: 2008-08-12

Description:

(Description Provided by CVE) : The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."

[CLOSE] OSVDB ID : 47586 - Disclosed: 2008-08-12

Description:

(Description Provided by CVE) : Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie.

[CLOSE] OSVDB ID : 47395 - Disclosed: 2008-08-12

Description:

(Description Provided by CVE) : Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file.

[CLOSE] OSVDB ID : 47396 - Disclosed: 2008-08-12

Description:

(Description Provided by CVE) : Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions.

[CLOSE] OSVDB ID : 47402 - Disclosed: 2008-08-12

Description:

(Description Provided by CVE) : Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file, aka the "Malformed PICT Filter Vulnerability," a different vulnerability than CVE-2008-3021.

[CLOSE] OSVDB ID : 47401 - Disclosed: 2008-08-12

Description:

(Description Provided by CVE) : Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of an Encapsulated PostScript (EPS) file, which allows remote attackers to execute arbitrary code via a crafted EPS file, aka the "Malformed EPS Filter Vulnerability."

[CLOSE] OSVDB ID : 47400 - Disclosed: 2008-08-12

Description:

A remote overflow exists in the BMPIMP32.FLT Filter Module that comes with Microsoft Office XP. The Filter Module fails to handle malformed BMP image headers resulting in a heap overflow. With a specially crafted file, a context-dependent attacker can cause execute arbitrary code resulting in a loss of integrity.

[CLOSE] OSVDB ID : 47398 - Disclosed: 2008-08-12

Description:

(Description Provided by CVE) : Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file with an invalid bits_per_pixel field, aka the "PICT Filter Parsing Vulnerability," a different vulnerability than CVE-2008-3018.

[CLOSE] OSVDB ID : 47397 - Disclosed: 2008-08-12

Description:

(Description Provided by CVE) : WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 does not properly parse the length of a WordPerfect Graphics (WPG) file, which allows remote attackers to execute arbitrary code via a crafted WPG file, aka the "WPG Image File Heap Corruption Vulnerability."

[CLOSE] OSVDB ID : 47425 - Disclosed: 2008-08-12

Description:

(Description Provided by CVE) : Unspecified vulnerability in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.5 before SP6 allows remote attackers to cause a denial of service (failure to accept connections) via unknown vectors, probably related to exhaustion of file descriptors.

[CLOSE] OSVDB ID : 47403 - Disclosed: 2008-08-12

Description:

(Description Provided by CVE) : An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and "change state," obtain contact information, and establish audio or video connections without notification via unknown vectors.

[CLOSE] OSVDB ID : 47406 - Disclosed: 2008-08-12

Description:

(Description Provided by CVE) : Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocation Vulnerability."