htmlheadline before 21.8 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
https://exchange.xforce.ibmcloud.com/vulnerabilities/18737
http://www.securityfocus.com/bid/12147
http://www.debian.org/security/2005/dsa-622