Total
1248 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5805 | 1 Ibm | 1 Aix | 2025-04-09 | 6.9 MEDIUM | N/A |
| cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create an arbitrary file, and enable world writability of this file, via a symlink attack involving use of the file's name as the argument. NOTE: this issue is due to an incomplete fix for CVE-2007-5804. | |||||
| CVE-2008-4988 | 1 Lars Bahner | 1 Xcal | 2025-04-09 | 6.9 MEDIUM | N/A |
| pscal in xcal 4.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/pscal##### temporary file. | |||||
| CVE-2008-4998 | 1 Twiki | 1 Twiki | 2025-04-09 | 6.9 MEDIUM | N/A |
| ** DISPUTED ** postinst in twiki 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/twiki temporary file. NOTE: the vendor disputes this vulnerability, stating "this bug is invalid." | |||||
| CVE-2008-2311 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.6 HIGH | N/A |
| Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is enabled, allows remote attackers to execute arbitrary code via a symlink attack, probably related to a race condition and automatic execution of a downloaded file. | |||||
| CVE-2008-5007 | 1 Lazarus | 1 Lazarus | 2025-04-09 | 6.9 MEDIUM | N/A |
| create_lazarus_export_tgz.sh in lazarus 0.9.24 allows local users to overwrite or delete arbitrary files via a symlink attack on a (1) /tmp/lazarus.tgz temporary file or a (2) /tmp/lazarus temporary directory. | |||||
| CVE-2008-4108 | 1 Python Software Foundation | 1 Python | 2025-04-09 | 7.2 HIGH | N/A |
| Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory. | |||||
| CVE-2008-1199 | 1 Dovecot | 1 Dovecot | 2025-04-09 | 4.4 MEDIUM | N/A |
| Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack. | |||||
| CVE-2008-5706 | 1 Verlihub-project | 1 Verlihub | 2025-04-09 | 6.9 MEDIUM | N/A |
| The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechanism in the daemon in Verlihub 0.9.8d-RC2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/trigger.tmp temporary file. | |||||
| CVE-2007-5839 | 1 Bitchx | 1 Bitchx | 2025-04-09 | 4.6 MEDIUM | N/A |
| The e_hostname function in commands.c in BitchX 1.1a allows local users to overwrite arbitrary files via a symlink attack on temporary files when using the (1) HOSTNAME or (2) IRCHOST command. | |||||
| CVE-2007-3742 | 1 Apple | 2 Iphone, Safari | 2025-04-09 | 4.3 MEDIUM | N/A |
| WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name (IDN) support and Unicode fonts, which allows remote attackers to create a URL containing "look-alike characters" (homographs) and possibly perform phishing attacks. | |||||
| CVE-2008-5154 | 1 Koeniglich | 1 P3nfs | 2025-04-09 | 6.9 MEDIUM | N/A |
| bluetooth.rc in p3nfs 5.19 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/blue.log temporary file. | |||||
| CVE-2009-2939 | 3 Debian, Postfix, Ubuntu | 3 Debian Linux, Postfix, Ubuntu Linux | 2025-04-09 | 6.9 MEDIUM | N/A |
| The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files. | |||||
| CVE-2009-0356 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-09 | 5.1 MEDIUM | N/A |
| Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the (1) about:plugins and (2) about:config URIs from .desktop files, which allows user-assisted remote attackers to bypass the Same Origin Policy and execute arbitrary code with chrome privileges via vectors involving the URL field in a Desktop Entry section of a .desktop file, related to representation of about: URIs as jar:file:// URIs. NOTE: this issue exists because of an incomplete fix for CVE-2008-4582. | |||||
| CVE-2009-3304 | 1 Gforge | 1 Gforge | 2025-04-09 | 3.3 LOW | N/A |
| GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to overwrite arbitrary files via a symlink attack on authorized_keys files in users' home directories, related to deb-specific/ssh_dump_update.pl and cronjobs/cvs-cron/ssh_create.php. | |||||
| CVE-2008-4993 | 1 Xen | 1 Xen | 2025-04-09 | 6.9 MEDIUM | N/A |
| qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/args temporary file. | |||||
| CVE-2008-5371 | 1 Marc Gloor | 1 Screenie | 2025-04-09 | 6.9 MEDIUM | N/A |
| screenie in screenie 1.30.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.screenie.##### temporary file. | |||||
| CVE-2008-4976 | 1 Alan Woodland | 2 Ogle, Ogle-mmx | 2025-04-09 | 6.9 MEDIUM | N/A |
| ogle 0.9.2 and ogle-mmx 0.9.2 allow local users to overwrite arbitrary files via a symlink attack on (a) /tmp/ogle_audio.#####, (b) /tmp/ogle_cli.#####, (c) /tmp/ogle_ctrl.#####, (d) /tmp/ogle_gui.#####, (e) /tmp/ogle_mpeg_ps.#####, (f) /tmp/ogle_mpeg_vs.#####, (g) /tmp/ogle_nav.#####, and (h) /tmp/ogle_vout.#####, temporary files, related to the (1) ogle_audio_debug, (2) ogle_cli_debug, (3) ogle_ctrl_debug, (4) ogle_gui_debug, (5) ogle_mpeg_ps_debug, (6) ogle_mpeg_vs_debug, (7) ogle_nav_debug, and (8) ogle_vout_debug scripts. | |||||
| CVE-2008-5366 | 1 Marco D\'itri | 1 Ppp | 2025-04-09 | 6.9 MEDIUM | N/A |
| The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/probe-finished or (2) /tmp/ppp-errors temporary file. | |||||
| CVE-2008-5825 | 1 Nokia | 1 6131 Nfc | 2025-04-09 | 2.6 LOW | N/A |
| The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination of space, CR (aka \r), and . (dot) characters, which allows remote attackers to trick a user into loading an arbitrary URI via a crafted NDEF tag, as demonstrated by (1) an http: URI for a malicious web site, (2) a tel: URI for a premium-rate telephone number, and (3) an sms: URI that triggers purchase of a ringtone. | |||||
| CVE-2008-4960 | 1 Dov Grobgeld | 1 Impose\+ | 2025-04-09 | 6.9 MEDIUM | N/A |
| impose in impose+ 0.2 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/*-tmp.ps and (2) /tmp/bboxx-* temporary files. | |||||