• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

HTML Headline Temporary File Symbolic Link Vulnerabilities

It has been reported that there are numerous instances in HtmlHeadline where insecure temporary files are used. According to the report, it is possible for at least some of these instances to be exploited to corrupt files on the filesystem. It is likely that HtmlHeadline creates and writes to temporary files in the world writeable "/tmp" with predictable filenames.