Total
1417 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4974 | 1 Netmrg | 1 Netmrg | 2025-04-09 | 6.9 MEDIUM | N/A |
|
rrdedit in netmrg 0.20 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/*.xml and (2) /tmp/*.backup temporary files.
|
|||||
| CVE-2008-6552 | 2 Fedoraproject, Redhat | 5 Fedora, Cluster Project, Cman and 2 more | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs2-utils before 2.03.09-1, and CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9.
|
|||||
| CVE-2008-4955 | 1 Duncan Webb | 1 Freevo | 2025-04-09 | 6.2 MEDIUM | N/A |
|
freevo.real in freevo 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/*-#####.pid, (2) /tmp/freevo-gdb, (3) /tmp/freevo-gdb.sh, and (4) /tmp/*.stats temporary files. NOTE: this issue is only a vulnerability when a verbose debug mode is activated by modifying source code.
|
|||||
| CVE-2009-2939 | 3 Debian, Postfix, Ubuntu | 3 Debian Linux, Postfix, Ubuntu Linux | 2025-04-09 | 6.9 MEDIUM | N/A |
|
The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files.
|
|||||
| CVE-2008-4192 | 1 Redhat | 1 Cman | 2025-04-09 | 6.9 MEDIUM | N/A |
|
The pserver_shutdown function in fence_egenera in cman 2.20080629 and 2.20080801 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/eglog temporary file.
|
|||||
| CVE-2008-1684 | 1 Sun | 1 Solaris | 2025-04-09 | 4.7 MEDIUM | N/A |
|
inetd on Sun Solaris 10, when debug logging is enabled, allows local users to write to arbitrary files via a symlink attack on the /var/tmp/inetd.log temporary file.
|
|||||
| CVE-2008-5145 | 1 Debian | 1 Ltp | 2025-04-09 | 6.9 MEDIUM | N/A |
|
ltpmenu in ltp 20060918 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/runltp.mainmenu.##### temporary file.
|
|||||
| CVE-2007-6692 | 1 Menalto | 1 Gallery | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Open redirect vulnerability in Menalto Gallery before 2.2.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) Core and (2) print modules.
|
|||||
| CVE-2008-6762 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Open redirect vulnerability in wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backto parameter.
|
|||||
| CVE-2008-4440 | 1 Debian | 1 Feta | 2025-04-09 | 7.2 HIGH | N/A |
|
The to-upgrade plugin in feta 1.4.16 allows local users to overwrite arbitrary files via a symlink on the (1) /tmp/feta.install.$USER and (2) /tmp/feta.avail.$USER temporary files.
|
|||||
| CVE-2008-5141 | 1 Dann Frazier | 1 Flamethrower | 2025-04-09 | 6.9 MEDIUM | N/A |
|
flamethrower in flamethrower 0.1.8 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/multicast.tar.##### temporary file.
|
|||||
| CVE-2008-0525 | 3 Lumension Security, Novell, Unix | 3 Patchlink Update, Zenworks Patch Management Update Agent, Unix | 2025-04-09 | 4.6 MEDIUM | N/A |
|
PatchLink Update client for Unix, as used by Novell ZENworks Patch Management Update Agent for Linux/Unix/Mac (LUM) 6.2094 through 6.4102 and other products, allows local users to (1) truncate arbitrary files via a symlink attack on the /tmp/patchlink.tmp file used by the logtrimmer script, and (2) execute arbitrary code via a symlink attack on the /tmp/plshutdown file used by the rebootTask script.
|
|||||
| CVE-2007-5207 | 1 Debian | 1 Guilt | 2025-04-09 | 3.3 LOW | N/A |
|
guilt 0.27 allows local users to overwrite arbitrary files via a symlink attack on a guilt.log.[PID] temporary file.
|
|||||
| CVE-2007-3916 | 1 Skk Openlab | 1 Skk Tools | 2025-04-09 | 4.4 MEDIUM | N/A |
|
The main function in skkdic-expr.c in SKK Tools 1.2 allows local users to overwrite or delete arbitrary files via a symlink attack on a skkdic$PID temporary file.
|
|||||
| CVE-2009-0876 | 2 Linux, Sun | 2 Linux Kernel, Xvm Virtualbox | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and 2.1.4r42893 on Linux allows local users to gain privileges via a hardlink attack, which preserves setuid/setgid bits on Linux, related to DT_RPATH:$ORIGIN.
|
|||||
| CVE-2008-5371 | 1 Marc Gloor | 1 Screenie | 2025-04-09 | 6.9 MEDIUM | N/A |
|
screenie in screenie 1.30.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.screenie.##### temporary file.
|
|||||
| CVE-2007-5377 | 1 Gnu | 1 Tramp | 2025-04-09 | 6.9 MEDIUM | N/A |
|
The (1) tramp-make-temp-file and (2) tramp-make-tramp-temp-file functions in Tramp 2.1.10 extension for Emacs, and possibly earlier 2.1.x versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
|
|||||
| CVE-2008-4980 | 1 Zak B Elep | 1 Rccp | 2025-04-09 | 6.9 MEDIUM | N/A |
|
delqueueask in rccp 0.9 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/cccp_tmp.txt temporary file.
|
|||||
| CVE-2008-4947 | 1 Guus Sliepen | 1 Dhis-server | 2025-04-09 | 6.9 MEDIUM | N/A |
|
dhis-dummy-log-engine in dhis-server 5.3 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/dhis-dummy-log-engine.log temporary file.
|
|||||
| CVE-2008-5150 | 1 Jose Carlos Medeiros | 1 Maildirsync | 2025-04-09 | 6.9 MEDIUM | N/A |
|
sample.sh in maildirsync 1.1 allows local users to append data to arbitrary files via a symlink attack on a /tmp/maildirsync-*.#####.log temporary file.
|
|||||
| CVE-2008-1832 | 1 Cecilia | 1 Cecilia | 2025-04-09 | 3.3 LOW | N/A |
|
lib/prefs.tcl in Cecilia 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the csvers temporary file.
|
|||||
| CVE-2008-1103 | 1 Blender | 1 Blender | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in Blender have unknown impact and attack vectors, related to "temporary file issues."
|
|||||
| CVE-2007-3103 | 2 Fedoraproject, Redhat | 4 Fedora Core, Enterprise Linux, Enterprise Linux Desktop and 1 more | 2025-04-09 | 6.2 MEDIUM | N/A |
|
The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file.
|
|||||
| CVE-2008-4993 | 1 Xen | 1 Xen | 2025-04-09 | 6.9 MEDIUM | N/A |
|
qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/args temporary file.
|
|||||
| CVE-2008-4972 | 1 Steve Robbins | 1 Mgt | 2025-04-09 | 6.9 MEDIUM | N/A |
|
mailgo in mgt 2.31 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mailgo##### temporary file.
|
|||||
| CVE-2007-4224 | 1 Kde | 1 Konqueror | 2025-04-09 | 4.3 MEDIUM | N/A |
|
KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property.
|
|||||
| CVE-2007-6061 | 1 Audacityteam | 1 Audacity | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock) by creating the directory before Audacity is run. NOTE: this issue can be leveraged to delete arbitrary files or directories via a symlink attack.
|
|||||
| CVE-2008-4104 | 1 Joomla | 1 Joomla | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL.
|
|||||
| CVE-2007-5805 | 1 Ibm | 1 Aix | 2025-04-09 | 6.9 MEDIUM | N/A |
|
cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create an arbitrary file, and enable world writability of this file, via a symlink attack involving use of the file's name as the argument. NOTE: this issue is due to an incomplete fix for CVE-2007-5804.
|
|||||
| CVE-2008-4108 | 1 Python Software Foundation | 1 Python | 2025-04-09 | 7.2 HIGH | N/A |
|
Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory.
|
|||||
| CVE-2008-4284 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Open redirect vulnerability in the ibm_security_logout servlet in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.x versions, 6.0.x before 6.0.2.33, and 6.1.x before 6.1.0.23 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage feature.
|
|||||
| CVE-2008-3929 | 1 Ampache | 1 Ampache | 2025-04-09 | 7.2 HIGH | N/A |
|
gather-messages.sh in Ampache 3.4.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filelist temporary file.
|
|||||
| CVE-2008-4994 | 1 Ti Kan | 1 Xmcd | 2025-04-09 | 6.9 MEDIUM | N/A |
|
The (1) ncsarmt and (2) ncsawrap scripts in xmcd 2.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.*pid temporary file.
|
|||||
| CVE-2008-4984 | 1 Freedesktop | 1 Scratchbox2 | 2025-04-09 | 6.9 MEDIUM | N/A |
|
scratchbox2 1.99.0.24 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/dpkg.#####.tmp, (b) /tmp/missing_deps.#####, and (c) /tmp/sb2-pkg-chk.$tstamp.##### temporary files, related to the (1) dpkg-checkbuilddeps and (2) sb2-check-pkg-mappings scripts.
|
|||||
| CVE-2008-4946 | 1 Convirture | 1 Convirt | 2025-04-09 | 6.9 MEDIUM | N/A |
|
convirt 0.8.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/set_output temporary file, related to the (1) _template_/provision.sh, (2) Linux_CD_Install/provision.sh, (3) Fedora_PV_Install/provision.sh, (4) CentOS_PV_Install/provision.sh, (5) common/provision.sh, (6) example/provision.sh, and (7) Windows_CD_Install/provision.sh scripts in image_store/.
|
|||||
| CVE-2008-5034 | 1 A Mennucc1 | 1 Printfilters-ppd | 2025-04-09 | 6.9 MEDIUM | N/A |
|
master-filter in printfilters-ppd 2.13 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filter.debug temporary file. NOTE: the vendor disputes this vulnerability, stating 'this package does not have " possibility of attack with the help of symlinks"'
|
|||||
| CVE-2008-4477 | 1 Jim Trocki | 1 Mon | 2025-04-09 | 7.2 HIGH | N/A |
|
alert.d/test.alert in mon 0.99.2 allows local users to overwrite arbitrary files via a symlink attack on the test.alert.log temporary file.
|
|||||
| CVE-2008-5151 | 1 Abottoms | 1 Mayavi | 2025-04-09 | 6.9 MEDIUM | N/A |
|
test_parser.py in mayavi 1.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/err.log temporary file.
|
|||||
| CVE-2008-5147 | 1 Holloway | 1 Docvert | 2025-04-09 | 6.9 MEDIUM | N/A |
|
test-pipe-to-pyodconverter.org.sh in docvert 2.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/outer.odt temporary file.
|
|||||
| CVE-2007-4998 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 6.9 MEDIUM | N/A |
|
cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination.
|
|||||