Total
1092 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-1962 | 2 Debian, Xfig | 2 Debian Linux, Xfig | 2024-02-04 | 4.4 MEDIUM | N/A |
Xfig, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8) xfig-export[PID].err, (9) xfig-batch[PID], (10) xfig-exp[PID], or (11) xfig-spell.[PID] temporary files, where [PID] is a process ID. | |||||
CVE-2008-3521 | 1 Jasper Project | 1 Jasper | 2024-02-04 | 7.2 HIGH | N/A |
Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit. NOTE: this was originally reported as a symlink issue, but this was incorrect. NOTE: some vendors dispute the severity of this issue, but it satisfies CVE's requirements for inclusion. | |||||
CVE-2008-5374 | 1 Matthias Klose | 1 Bash-doc | 2024-02-04 | 6.9 MEDIUM | N/A |
bash-doc 3.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/cb#####.? temporary file, related to the (1) aliasconv.sh, (2) aliasconv.bash, and (3) cshtobash scripts. | |||||
CVE-2008-2389 | 1 Opensuse | 1 Opensuse | 2024-02-04 | 4.9 MEDIUM | N/A |
opensuse-updater in openSUSE 10.2 allows local users to access arbitrary files via a symlink attack. | |||||
CVE-2008-5145 | 1 Debian | 1 Ltp | 2024-02-04 | 6.9 MEDIUM | N/A |
ltpmenu in ltp 20060918 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/runltp.mainmenu.##### temporary file. | |||||
CVE-2008-4975 | 1 Debian | 1 Newsgate | 2024-02-04 | 6.9 MEDIUM | N/A |
mkmailpost in newsgate 1.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mmp##### temporary file. | |||||
CVE-2009-1253 | 1 James Stone | 1 Tunapie | 2024-02-04 | 4.4 MEDIUM | N/A |
James Stone Tunapie 2.1 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file. | |||||
CVE-2008-5138 | 1 Bkleineidam | 1 Libpam Mount | 2024-02-04 | 6.9 MEDIUM | N/A |
passwdehd in libpam-mount 0.43 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/passwdehd.##### temporary file. | |||||
CVE-2008-3216 | 1 Debian | 1 Projectl | 2024-02-04 | 4.6 MEDIUM | N/A |
The save function in br/prefmanager.d in projectl 1.001 creates a projectL.prf file in the current working directory, which allows local users to overwrite arbitrary files via a symlink attack. | |||||
CVE-2008-6762 | 1 Wordpress | 1 Wordpress | 2024-02-04 | 4.3 MEDIUM | N/A |
Open redirect vulnerability in wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backto parameter. | |||||
CVE-2008-4284 | 1 Ibm | 1 Websphere Application Server | 2024-02-04 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in the ibm_security_logout servlet in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.x versions, 6.0.x before 6.0.2.33, and 6.1.x before 6.1.0.23 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage feature. | |||||
CVE-2008-5377 | 1 Apple | 1 Cups | 2024-02-04 | 6.9 MEDIUM | N/A |
pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333. | |||||
CVE-2008-1832 | 1 Cecilia | 1 Cecilia | 2024-02-04 | 3.3 LOW | N/A |
lib/prefs.tcl in Cecilia 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the csvers temporary file. | |||||
CVE-2008-3329 | 1 Twibright | 1 Links | 2024-02-04 | 9.3 HIGH | N/A |
Unspecified vulnerability in Links before 2.1, when "only proxies" is enabled, has unknown impact and attack vectors related to providing "URLs to external programs." | |||||
CVE-2008-4973 | 1 Debian | 1 Myspell | 2024-02-04 | 6.9 MEDIUM | N/A |
i2myspell in myspell 3.1 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/i2my#####.1 and (2) /tmp/i2my#####.2 temporary files. | |||||
CVE-2008-5151 | 1 Abottoms | 1 Mayavi | 2024-02-04 | 6.9 MEDIUM | N/A |
test_parser.py in mayavi 1.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/err.log temporary file. | |||||
CVE-2008-5378 | 1 Lehrstuhl Fur Mikrobiologie | 1 Arb | 2024-02-04 | 6.9 MEDIUM | N/A |
arb-kill in arb 0.0.20071207.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/arb_pids_*_* temporary file. | |||||
CVE-2008-3456 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-04 | 6.4 MEDIUM | N/A |
phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack. | |||||
CVE-2009-1526 | 1 Jbmc-software | 1 Directadmin | 2024-02-04 | 6.9 MEDIUM | N/A |
JBMC Software DirectAdmin before 1.334 allows local users to create or overwrite any file via a symlink attack on an arbitrary file in a certain temporary directory, related to a request for this temporary file in the PATH_INFO to the CMD_DB script during a backup action. | |||||
CVE-2008-5368 | 1 Lukas Ruf | 1 Muttprint | 2024-02-04 | 6.9 MEDIUM | N/A |
muttprint in muttprint 0.72d allows local users to overwrite arbitrary files via a symlink attack on the /tmp/muttprint.log temporary file. |