Total
1417 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4960 | 1 Dov Grobgeld | 1 Impose\+ | 2025-04-09 | 6.9 MEDIUM | N/A |
|
impose in impose+ 0.2 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/*-tmp.ps and (2) /tmp/bboxx-* temporary files.
|
|||||
| CVE-2008-4936 | 1 Gert Doering | 1 Mgetty | 2025-04-09 | 6.9 MEDIUM | N/A |
|
faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/faxsp.##### temporary file.
|
|||||
| CVE-2008-4406 | 1 Debian | 1 Xsabre | 2025-04-09 | 7.2 HIGH | N/A |
|
A certain Debian patch to the run scripts for sabre (aka xsabre) 0.2.4b allows local users to delete or overwrite arbitrary files via a symlink attack on unspecified .tmp files.
|
|||||
| CVE-2008-4940 | 1 Aptoncd | 1 Aptoncd | 2025-04-09 | 6.9 MEDIUM | N/A |
|
xmlfile.py in aptoncd 0.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/aptoncd temporary file.
|
|||||
| CVE-2008-6760 | 1 Viart | 1 Viart Shop | 2025-04-09 | 4.3 MEDIUM | N/A |
|
ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain sensitive information via an unauthenticated add and save action for a shopping cart in cart_save.php, which reveals the SQL table names in an error message, related to code that mishandles the lack of a user_id parameter.
|
|||||
| CVE-2009-4454 | 1 Saini | 1 Videocache | 2025-04-09 | 3.3 LOW | N/A |
|
vccleaner in VideoCache 1.9.2 allows local users with Squid proxy user privileges to overwrite arbitrary files via a symlink attack on /var/log/videocache/vccleaner.log.
|
|||||
| CVE-2008-4959 | 1 Gpsdrive | 1 Gpsdrive-scripts | 2025-04-09 | 6.9 MEDIUM | N/A |
|
geo-code in gpsdrive-scripts 2.10~pre4 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/geo.google, (2) /tmp/geo.yahoo, (3) /tmp/geo.coords, and (4) /tmp/geo#####.coords temporary files.
|
|||||
| CVE-2008-4908 | 2 Crossfire, Debian | 2 Crossfire, Debian Linux | 2025-04-09 | 3.3 LOW | N/A |
|
maps/Info/combine.pl in CrossFire crossfire-maps 1.11.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
|
|||||
| CVE-2008-6397 | 1 Alcovebook | 1 Sgml2x | 2025-04-09 | 4.4 MEDIUM | N/A |
|
rlatex in AlcoveBook sgml2x 1.0.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
|
|||||
| CVE-2008-4832 | 1 Rpath | 3 Appliance Platform Linux Service, Initscripts, Linux | 2025-04-09 | 6.9 MEDIUM | N/A |
|
rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows local users to delete arbitrary files via a symlink attack on a directory under (1) /var/lock or (2) /var/run. NOTE: this issue exists because of a race condition in an incorrect fix for CVE-2008-3524. NOTE: exploitation may require an unusual scenario in which rc.sysinit is executed other than at boot time.
|
|||||
| CVE-2008-4939 | 1 Apertium | 1 Apertium | 2025-04-09 | 6.9 MEDIUM | N/A |
|
apertium 3.0.7 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/#####.lex.cc, (b) /tmp/#####.deformat.l, (c) /tmp/#####.reformat.l, (d) /tmp/#####docxorig, (e) /tmp/#####docxsalida.zip, (f) /tmp/#####xlsxembed, (g) /tmp/#####xlsxorig, and (h) /tmp/#####xslxsalida.zip temporary files, related to the (1) apertium-gen-deformat, (2) apertium-gen-reformat, and (3) apertium scripts.
|
|||||
| CVE-2008-3927 | 1 Tiger | 1 Tiger | 2025-04-09 | 7.2 HIGH | N/A |
|
genmsgidx in Tiger 3.2.2 allows local users to overwrite or delete arbitrary files via a symlink attack on temporary files.
|
|||||
| CVE-2008-5373 | 1 Bacula | 1 Bacula | 2025-04-09 | 6.9 MEDIUM | N/A |
|
mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mtx.##### temporary file, probably a related issue to CVE-2005-2995.
|
|||||
| CVE-2008-4475 | 1 Gnu | 1 Ibackup | 2025-04-09 | 7.2 HIGH | N/A |
|
ibackup 2.27 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
|
|||||
| CVE-2008-4935 | 1 Amiga | 1 Aview | 2025-04-09 | 6.9 MEDIUM | N/A |
|
asciiview in aview 1.3.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/aview#####.pgm temporary file.
|
|||||
| CVE-2008-4977 | 1 Postfix | 1 Postfix | 2025-04-09 | 6.9 MEDIUM | N/A |
|
postfix_groups.pl in Postfix 2.5.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/postfix_groups.stdout, (2) /tmp/postfix_groups.stderr, and (3) /tmp/postfix_groups.message temporary files. NOTE: the vendor disputes this vulnerability, stating "This is not a real issue ... users would have to edit a script under /usr/lib to enable it.
|
|||||
| CVE-2009-1867 | 1 Adobe | 3 Air, Flash Player, Flex | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "clickjacking vulnerability."
|
|||||
| CVE-2008-4990 | 1 Enomaly | 1 Elastic Computing Platform | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Enomaly Elastic Computing Platform (ECP), formerly Enomalism, before 2.1.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/enomalism2.pid temporary file.
|
|||||
| CVE-2008-5156 | 1 Dann Frazier | 1 Systemimager-server | 2025-04-09 | 6.9 MEDIUM | N/A |
|
si_mkbootserver in systemimager-server 3.6.3 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/*.inetd.conf or (2) /tmp/pxe.conf.*.tmp temporary file.
|
|||||
| CVE-2008-5154 | 1 Koeniglich | 1 P3nfs | 2025-04-09 | 6.9 MEDIUM | N/A |
|
bluetooth.rc in p3nfs 5.19 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/blue.log temporary file.
|
|||||
| CVE-2009-0356 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the (1) about:plugins and (2) about:config URIs from .desktop files, which allows user-assisted remote attackers to bypass the Same Origin Policy and execute arbitrary code with chrome privileges via vectors involving the URL field in a Desktop Entry section of a .desktop file, related to representation of about: URIs as jar:file:// URIs. NOTE: this issue exists because of an incomplete fix for CVE-2008-4582.
|
|||||
| CVE-2008-2389 | 1 Opensuse | 1 Opensuse | 2025-04-09 | 4.9 MEDIUM | N/A |
|
opensuse-updater in openSUSE 10.2 allows local users to access arbitrary files via a symlink attack.
|
|||||
| CVE-2008-4983 | 1 Scilab | 1 Scilab-bin | 2025-04-09 | 6.9 MEDIUM | N/A |
|
scilab-bin 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/SciLink#####1, (b) /tmp/SciLink#####2, (c) /tmp/SciLink#####3, (d) /tmp/*.#####, (e) /tmp/*.#####.res, (f) /tmp/*.#####.err, and (g) /tmp/*.#####.diff temporary files, related to the (1) scilink, (2) scidoc, and (3) scidem scripts.
|
|||||
| CVE-2007-4129 | 2 Fedoraproject, Redhat | 2 Coolkey, Enterprise Linux | 2025-04-09 | 3.3 LOW | N/A |
|
CoolKey 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files in the /tmp/.pk11ipc1/ directory.
|
|||||
| CVE-2008-1417 | 1 Axyl | 1 Axyl | 2025-04-09 | 6.9 MEDIUM | N/A |
|
The prerm script in axyl 2.1.7 allows local users to overwrite arbitrary files via a symlink attack on the axyl.conf temporary file.
|
|||||
| CVE-2008-4191 | 1 Emacspeak Inc | 1 Emacspeak | 2025-04-09 | 6.6 MEDIUM | N/A |
|
extract-table.pl in Emacspeak 26 and 28 allows local users to overwrite arbitrary files via a symlink attack on the extract-table.csv temporary file.
|
|||||
| CVE-2008-1199 | 1 Dovecot | 1 Dovecot | 2025-04-09 | 4.4 MEDIUM | N/A |
|
Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
|
|||||
| CVE-2007-5695 | 1 Sitebar | 1 Sitebar | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Open redirect vulnerability in command.php in SiteBar 3.3.8 allows remote attackers to redirect users to arbitrary web sites via a URL in the forward parameter in a Log In action.
|
|||||
| CVE-2009-0347 | 1 Autonomy | 1 Ultraseek | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.
|
|||||
| CVE-2008-4951 | 1 Gplhost | 1 Dtc-common | 2025-04-09 | 6.9 MEDIUM | N/A |
|
dtc 0.29.6 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/awstats.log, (b) /tmp/spam.log.#####, and (c) /tmp/spam_err.log temporary files, related to the (1) accesslog.php and (2) sa-wrapper scripts.
|
|||||
| CVE-2008-1901 | 1 Debian | 1 Aptlinex | 2025-04-09 | 7.2 HIGH | N/A |
|
aptlinex before 0.91 allows local users to overwrite arbitrary files via a symlink attack on the gambas-apt.lock temporary file.
|
|||||
| CVE-2007-5495 | 2 Redhat, Selinux | 3 Enterprise Linux, Enterprise Linux Desktop, Setroubleshoot | 2025-04-09 | 4.4 MEDIUM | N/A |
|
sealert in setroubleshoot 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the sealert.log temporary file.
|
|||||
| CVE-2008-5394 | 1 Debian | 1 Shadow | 2025-04-09 | 7.2 HIGH | N/A |
|
/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry.
|
|||||
| CVE-2009-0313 | 1 Kegel | 1 Winetricks | 2025-04-09 | 6.9 MEDIUM | N/A |
|
winetricks before 20081223 allows local users to overwrite arbitrary files via a symlink attack on the x_showmenu.txt temporary file.
|
|||||
| CVE-2007-3919 | 2 Debian, Xensource Inc | 2 Debian Linux, Xen | 2025-04-09 | 6.0 MEDIUM | N/A |
|
(1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm.
|
|||||
| CVE-2008-4943 | 1 Iglues | 1 Bulmages-servers | 2025-04-09 | 6.9 MEDIUM | N/A |
|
bulmages-servers 0.11.1 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/error.txt, (b) /tmp/errores.txt, and possibly other temporary files, related to the (1) creabulmafact, (2) creabulmacont, and possibly (3) actualizabulmacont, (4) installbulmages-db, and (5) actualizabulmafact scripts.
|
|||||
| CVE-2008-5742 | 1 Netcat | 1 Netcat | 2025-04-09 | 4.0 MEDIUM | N/A |
|
Multiple open redirect vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the redirect parameter in a logoff action to modules/auth/index.php or (2) the url parameter to modules/linkmanager/redirect.php. NOTE: this was reported within an "HTTP Response Splitting" section in the original disclosure.
|
|||||
| CVE-2008-5138 | 1 Bkleineidam | 1 Libpam Mount | 2025-04-09 | 6.9 MEDIUM | N/A |
|
passwdehd in libpam-mount 0.43 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/passwdehd.##### temporary file.
|
|||||
| CVE-2008-5380 | 1 Gpsdrive | 1 Gpsdrive | 2025-04-09 | 6.9 MEDIUM | N/A |
|
gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite arbitrary files via a symlink attack on an (a) /tmp/geo#####, a (b) /tmp/geocaching.loc, a (c) /tmp/geo#####.*, or a (d) /tmp/geo.* temporary file, related to the (1) geo-code and (2) geo-nearest scripts, different vectors than CVE-2008-4959.
|
|||||
| CVE-2008-3791 | 1 Lxde | 1 Lightweight X11 Desktop Environment | 2025-04-09 | 4.6 MEDIUM | N/A |
|
src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop Environment (LXDE) allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rot.jpg temporary file.
|
|||||