Searching overwriting software vulnerabilities

cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier

UniVerse | cci_dir | IBM |

cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files.


The DeviceIoControl function in the Norton Devi

DeviceIoControl | function | Driver | Device | Norton |

The DeviceIoControl function in the Norton Device Driver (NAVAP.sys) in Symantec Norton AntiVirus 2002 allows local users to gain privileges by overwriting memory locations via certain control codes (aka "Device Driver Attack").


The memory_limit functionality in PHP 4.x up to

functionality | memory_limit | PHP |

The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.


DiamondCS Process Guard Free 2.000 allows local

DiamondCS | Process | Guard | Free |

DiamondCS Process Guard Free 2.000 allows local users to disable the process guard protection system by overwriting the current Service Descriptor Table (SDT) in \device\physicalmemory with the original SDT found in ntoskrnl.exe.


FreezeX 1.00.100.0666 allows local users with a

FreezeX |

FreezeX 1.00.100.0666 allows local users with administrator privileges to cause a denial of service (FreezeX application) by overwriting the db.fzx file.


RC.BOOT in IBM AIX 5.1, 5.2, and 5.3 does not "

overwriting | temporary | location | probably | unknown | impact | allows | files" | RCBOOT | secure | users | files | local | which | does | "use | have | IBM | not | AIX |

RC.BOOT in IBM AIX 5.1, 5.2, and 5.3 does not "use a secure location for temporary files," which allows local users to have an unknown impact, probably by overwriting files.


ircp_io.c in libopenobex for ircp 1.2, when irc

user-assisted | destination | overwriting | libopenobex | overwrite | attackers | dangerous | arbitrary | ircp_ioc | Transfer | session | remote | allows | prompt | option | files | which | file | name | ircp | OBEX | user | does | run | via | not |

ircp_io.c in libopenobex for ircp 1.2, when ircp is run with the -r option, does not prompt the user when overwriting files, which allows user-assisted remote attackers to overwrite dangerous files via an arbitrary destination file name in an OBEX File Transfer session.


Adobe Reader and Acrobat 6.0.4 and earlier, on

Acrobat | Reader | Adobe |

Adobe Reader and Acrobat 6.0.4 and earlier, on Mac OSX, has insecure file and directory permissions, which allows local users to gain privileges by overwriting program files.


Agnitum Outpost Firewall Pro 3.51.759.6511 (462

Firewall | Outpost | Agnitum | Pro |

Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) Lavasoft Personal Firewall 1.0.543.5722 (433) and (2) Novell BorderManager Novell Client Firewall 2.0, does not properly restrict user activities in application windows that run in a LocalSystem context, which allows local users to gain privileges and execute commands (a) via the "open folder" option when no instance of explorer.exe is running, possibly related to the ShellExecute API function; or (b) by overwriting a batch file through the "Save Configuration As" option. NOTE: this might be a vulnerability in Microsoft Windows and explorer.exe instead of the firewall.


The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NA


The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device drivers 20061.3.0.12 and later, as used in Symantec AntiVirus and security products, allow local users to gain privileges by overwriting critical system addresses using a crafted Irp to the IOCTL functions (1) 0x222AD3, (2) 0x222AD7, and (3) 0x222ADB.


The extract_files function in installer.rb in R

extract_files | installerrb | RubyGems | function | before |

The extract_files function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages.


Double free vulnerability in the unserializer i

vulnerability | unserializer | Double | free | PHP |

Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to (1) the GLOBALS array or (2) the session data in _SESSION. NOTE: this issue was introduced when attempting to patch CVE-2007-1701 (MOPB-31-2007).


Cross-zone scripting vulnerability in the DOM t

vulnerability | Cross-zone | templates | scripting | DOM |

Cross-zone scripting vulnerability in the DOM templates (domplates) used by the console.log function in the Firebug extension before 1.04 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome by overwriting the toString function via a certain function declaration, related to incorrect identification of anonymous JavaScript functions, a different issue than CVE-2007-1878.


Directory traversal vulnerability in the Persis

PersistenceService | vulnerability | unauthorized | application | privileges | attackers | overwrite | traversal | Directory | perform | Windows | earlier | actions | remote | itself | grants | Update | 142_13 | allows | Start | file | Java | Sun | Web | JRE | SDK | JDK | via |

Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself. NOTE: this can be leveraged to execute arbitrary code by overwriting a .java.policy file.


Directory traversal vulnerability in the BlueCa

vulnerability | appliance | Directory | traversal | Networks | Proteus | BlueCat | IPAM |

Directory traversal vulnerability in the BlueCat Networks Proteus IPAM appliance 2.0.2.0 (Adonis DNS/DHCP appliance 5.0.2.8) allows remote authenticated administrators, with certain TFTP privileges, to create and overwrite arbitrary files via a .. (dot dot) in a pathname. NOTE: this can be leveraged for administrative access by overwriting /etc/shadow.


Buffer overflow in the fcgi_env_add function in

mod_proxy_backend_fastcgic | fcgi_env_add | mod_fastcgi | extension | lighttpd | overflow | function | before | Buffer |

Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi.c in the mod_fastcgi extension in lighttpd before 1.4.18 allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length, as demonstrated by overwriting the SCRIPT_FILENAME variable, aka a "header overflow."


Visual truncation vulnerability in WinImage 8.1

vulnerability | truncation | WinImage | Visual |

Visual truncation vulnerability in WinImage 8.10 and earlier allows remote attackers to spoof a destination filename via a long sequence of space characters in a filename within a (1) .IMG or (2) .ISO file. NOTE: this can be leveraged with a separate directory traversal vulnerability to trick a careful user into overwriting arbitrary files.


Directory traversal vulnerability in the JetAud

JetAudioInterface1 | vulnerability | JetFlExtdll | Directory | traversal | jetAudio | ActiveX | control |

Directory traversal vulnerability in the JetAudio.Interface.1 ActiveX control in JetFlExt.dll in jetAudio 7.0.3 Basic and 7.0.3.3016 allows remote attackers to create or overwrite arbitrary local files via a ..\ (dot dot backslash) in the second argument to the DownloadFromMusicStore method. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for code execution by overwriting JetAudio.exe, which is launched by the control after completion of the method call.


Software vulnerabilities results 1 to 19 of 19     
Page: 1