LutelWall 0.97 and previous versions allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.
lutel lutelwall