Total
1417 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0163 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.4 MEDIUM | N/A |
|
Linux kernel 2.6, when using vservers, allows local users to access resources of other vservers via a symlink attack in /proc.
|
|||||
| CVE-2008-5140 | 1 Debian | 1 Mailscanner | 2025-04-09 | 6.9 MEDIUM | N/A |
|
trend-autoupdate.new in mailscanner 4.55.10 and other versions before 4.74.16-1 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/opr.ini.##### or (2) /tmp/lpt*.zip temporary file.
|
|||||
| CVE-2008-5146 | 1 Erl Wustl | 1 Ctn | 2025-04-09 | 6.9 MEDIUM | N/A |
|
add-accession-numbers in ctn 3.0.6 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/accession temporary file.
|
|||||
| CVE-2008-0613 | 1 Xoops | 1 Xoops | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Open redirect vulnerability in htdocs/user.php in XOOPS 2.0.18 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the xoops_redirect parameter.
|
|||||
| CVE-2008-4967 | 1 Linuxtrade | 1 Linuxtrade | 2025-04-09 | 6.9 MEDIUM | N/A |
|
linuxtrade 3.65 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/bwk, (b) /tmp/zzz, and (c) /tmp/ggg temporary files, related to the (1) linuxtrade.bwkvol, (2) linuxtrade.wn, and (3) moneyam.helper scripts.
|
|||||
| CVE-2008-6398 | 1 Eric Raymond | 1 Sng | 2025-04-09 | 6.9 MEDIUM | N/A |
|
sng_regress in SNG 1.0.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/recompiled$$.png, (2) /tmp/decompiled$$.sng, and (3) /tmp/canonicalized$$.sng temporary files.
|
|||||
| CVE-2008-3883 | 1 Caudium | 1 Caudium | 2025-04-09 | 7.2 HIGH | N/A |
|
configvar in Caudium 1.4.12 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/roken#####.pike temporary file.
|
|||||
| CVE-2022-3592 | 2 Fedoraproject, Samba | 2 Fedora, Samba | 2025-04-08 | N/A | 6.5 MEDIUM |
|
A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the 'smbd' configured share path and gain access to another restricted server's filesystem.
|
|||||
| CVE-2023-29351 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-04-08 | N/A | 8.1 HIGH |
|
Windows Group Policy Elevation of Privilege Vulnerability
|
|||||
| CVE-2005-0004 | 3 Debian, Mariadb, Oracle | 3 Debian Linux, Mariadb, Mysql | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.
|
|||||
| CVE-2004-1901 | 1 Gentoo | 2 Linux, Portage | 2025-04-03 | 4.6 MEDIUM | 5.5 MEDIUM |
|
Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles.
|
|||||
| CVE-2004-1603 | 1 Cpanel | 1 Cpanel | 2025-04-03 | 5.0 MEDIUM | 5.5 MEDIUM |
|
cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled.
|
|||||
| CVE-2005-3011 | 1 Gnu | 1 Texinfo | 2025-04-03 | 1.2 LOW | N/A |
|
The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.
|
|||||
| CVE-2002-2323 | 1 Sun | 1 Solaris Pc Netlink | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
|
Sun PC NetLink 1.0 through 1.2 does not properly set the access control list (ACL) for files and directories that use symbolic links and have been restored from backup, which could allow local or remote attackers to bypass intended access restrictions.
|
|||||
| CVE-2005-1916 | 2 Debian, Ekg Project | 2 Debian Linux, Ekg | 2025-04-03 | 2.1 LOW | 5.5 MEDIUM |
|
linki.py in ekg 2005-06-05 and earlier allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
|
|||||
| CVE-2005-1880 | 1 Everybuddy | 1 Everybuddy | 2025-04-03 | 2.1 LOW | 5.5 MEDIUM |
|
everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.
|
|||||
| CVE-2005-1879 | 1 Lutel | 1 Lutelwall | 2025-04-03 | 2.1 LOW | 5.5 MEDIUM |
|
LutelWall 0.97 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.
|
|||||
| CVE-2005-2527 | 1 Sun | 1 Java | 2025-04-03 | 1.2 LOW | N/A |
|
Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to corrupt files or create arbitrary files via unspecified attack vectors related to a temporary directory, possibly due to a symlink attack.
|
|||||
| CVE-2003-0844 | 1 Schroepl | 1 Mod Gzip | 2025-04-03 | 2.1 LOW | 7.1 HIGH |
|
mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
|
|||||
| CVE-2004-2473 | 1 Wmfrog | 1 Wmfrog | 2025-04-03 | 1.2 LOW | N/A |
|
wmFrog weather monitor 0.1.6 and other versions before 0.2.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
|
|||||
| CVE-2000-0972 | 1 Hp | 1 Hp-ux | 2025-04-03 | 2.1 LOW | 5.5 MEDIUM |
|
HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates.
|
|||||
| CVE-2006-1247 | 1 Ibm | 1 Aix | 2025-04-03 | 3.3 LOW | N/A |
|
rm_mlcache_file in bos.rte.install in AIX 5.1.0 through 5.3.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
|
|||||
| CVE-2003-0517 | 1 Mgetty Project | 1 Mgetty | 2025-04-03 | 2.1 LOW | 5.5 MEDIUM |
|
faxrunqd.in in mgetty 1.1.28 and earlier allows local users to overwrite files via a symlink attack on JOB files.
|
|||||
| CVE-2003-1233 | 1 Pedestalsoftware | 1 Integrity Protection Driver | 2025-04-03 | 2.1 LOW | 9.8 CRITICAL |
|
Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers, such as rootkits, to bypass file access restrictions to the Windows kernel by using the NtCreateSymbolicLinkObject function to create a symbolic link to (1) \Device\PhysicalMemory or (2) to a drive letter using the subst command.
|
|||||
| CVE-2002-2374 | 1 Sun | 1 Patchpro | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in pprosetup in Sun PatchPro 2.0 has unknown impact and attack vectors related to "unsafe use of temporary files."
|
|||||
| CVE-1999-1386 | 1 Perl | 1 Perl | 2025-04-03 | 2.1 LOW | 5.5 MEDIUM |
|
Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.
|
|||||
| CVE-2002-0725 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 4.6 MEDIUM | 5.5 MEDIUM |
|
NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file.
|
|||||
| CVE-2005-0587 | 1 Mozilla | 2 Firefox, Mozilla | 2025-04-03 | 2.6 LOW | 6.5 MEDIUM |
|
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.
|
|||||
| CVE-2003-1492 | 2 Mozilla, Netscape | 2 Firefox, Navigator | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end.
|
|||||
| CVE-1999-0783 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 5.0 MEDIUM | 5.5 MEDIUM |
|
FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system.
|
|||||
| CVE-2000-0342 | 1 Qualcomm | 1 Eudora | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
|
Eudora 4.x allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka "Stealth Attachment."
|
|||||
| CVE-2000-0715 | 2 Conectiva, Kirk Bauer | 2 Linux, Diskcheck | 2025-04-03 | 2.1 LOW | N/A |
|
DiskCheck script diskcheck.pl in Red Hat Linux 6.2 allows local users to create or overwrite arbitrary files via a symlink attack on a temporary file.
|
|||||
| CVE-2002-0793 | 1 Blackberry | 1 Qnx Neutrino Real-time Operating System | 2025-04-03 | 4.6 MEDIUM | 5.5 MEDIUM |
|
Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 (aka QNX4) allow local users to overwrite arbitrary files via (1) the -f argument to the monitor utility, (2) the -d argument to dumper, (3) the -c argument to crttrap, or (4) using the Watcom sample utility.
|
|||||
| CVE-2005-3349 | 1 Gnu | 1 Gnump3d | 2025-04-03 | 1.9 LOW | N/A |
|
GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file.
|
|||||
| CVE-2005-1111 | 3 Canonical, Debian, Gnu | 3 Ubuntu Linux, Debian Linux, Cpio | 2025-04-03 | 3.7 LOW | 4.7 MEDIUM |
|
Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
|
|||||
| CVE-2002-2382 | 1 Cvsup | 1 Cvsup | 2025-04-03 | 7.2 HIGH | N/A |
|
cvsupd.sh in CVSup 1.2 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on /var/tmp/cvsupd.out.
|
|||||
| CVE-2001-0131 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2025-04-03 | 3.3 LOW | N/A |
|
htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
|
|||||
| CVE-2001-1494 | 2 Avaya, Kernel | 7 Cvlan, Integrated Management Suit, Interactive Response and 4 more | 2025-04-03 | 2.1 LOW | 5.5 MEDIUM |
|
script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.
|
|||||
| CVE-2003-1528 | 1 Fujitsu | 1 Siemens Networker | 2025-04-03 | 7.2 HIGH | N/A |
|
nsr_shutdown in Fujitsu Siemens NetWorker 6.0 allows local users to overwrite arbitrary files via a symlink attack on the nsrsh[PID] temporary file.
|
|||||
| CVE-2004-0967 | 1 Aladdin Enterprises | 1 Ghostscript | 2025-04-03 | 7.2 HIGH | N/A |
|
The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files.
|
|||||