Total
1065 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-5703 | 1 Gpsdrive | 1 Gpsdrive | 2024-02-04 | 6.2 MEDIUM | N/A |
gpsdrive (aka gpsdrive-scripts) 2.10~pre4 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/.smswatch or (b) /tmp/gpsdrivepos temporary file, related to (1) examples/gpssmswatch and (2) src/splash.c, different vectors than CVE-2008-4959 and CVE-2008-5380. | |||||
CVE-2008-3927 | 1 Tiger | 1 Tiger | 2024-02-04 | 7.2 HIGH | N/A |
genmsgidx in Tiger 3.2.2 allows local users to overwrite or delete arbitrary files via a symlink attack on temporary files. | |||||
CVE-2009-0313 | 1 Kegel | 1 Winetricks | 2024-02-04 | 6.9 MEDIUM | N/A |
winetricks before 20081223 allows local users to overwrite arbitrary files via a symlink attack on the x_showmenu.txt temporary file. | |||||
CVE-2008-5136 | 1 Ldrolez | 1 Tkusr | 2024-02-04 | 6.9 MEDIUM | N/A |
tkusr in tkusr 0.82 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/tkusr.pgm temporary file. | |||||
CVE-2008-4938 | 1 Aegis | 2 Aegis, Aegis-web | 2024-02-04 | 6.9 MEDIUM | N/A |
aegis 4.24 and aegis-web 4.24 allow local users to overwrite arbitrary files via a symlink attack on (a) /tmp/#####, (b) /tmp/#####.intro, (c) /tmp/aegis.#####.ae, (d) /tmp/aegis.#####, (e) /tmp/aegis.#####.1, (f) /tmp/aegis.#####.2, (g) /tmp/aegis.#####.log, and (h) /tmp/aegis.#####.out temporary files, related to the (1) bng_dvlpd.sh, (2) bng_rvwd.sh, (3) awt_dvlp.sh, (4) awt_intgrtn.sh, and (5) aegis.cgi scripts. | |||||
CVE-2008-3261 | 1 Claroline | 1 Claroline | 2024-02-04 | 4.3 MEDIUM | N/A |
Open redirect vulnerability in claroline/redirector.php in Claroline before 1.8.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. | |||||
CVE-2008-5155 | 1 Smsclient | 1 Smsclient | 2024-02-04 | 9.3 HIGH | N/A |
mail2sms.sh in smsclient 2.0.8z allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/header.##### or (2) /tmp/body.##### temporary file, or append data to arbitrary files via a symlink attack on the (3) /tmp/sms.log temporary file. | |||||
CVE-2008-6760 | 1 Viart | 1 Viart Shop | 2024-02-04 | 4.3 MEDIUM | N/A |
ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain sensitive information via an unauthenticated add and save action for a shopping cart in cart_save.php, which reveals the SQL table names in an error message, related to code that mishandles the lack of a user_id parameter. | |||||
CVE-2009-1297 | 2 Novell, Opensuse | 2 Suse Linux, Opensuse | 2024-02-04 | 4.4 MEDIUM | N/A |
iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name. | |||||
CVE-2008-4406 | 1 Debian | 1 Xsabre | 2024-02-04 | 7.2 HIGH | N/A |
A certain Debian patch to the run scripts for sabre (aka xsabre) 0.2.4b allows local users to delete or overwrite arbitrary files via a symlink attack on unspecified .tmp files. | |||||
CVE-2008-4983 | 1 Scilab | 1 Scilab-bin | 2024-02-04 | 6.9 MEDIUM | N/A |
scilab-bin 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/SciLink#####1, (b) /tmp/SciLink#####2, (c) /tmp/SciLink#####3, (d) /tmp/*.#####, (e) /tmp/*.#####.res, (f) /tmp/*.#####.err, and (g) /tmp/*.#####.diff temporary files, related to the (1) scilink, (2) scidoc, and (3) scidem scripts. | |||||
CVE-2008-4966 | 1 Openswan | 1 Linux-patch-openswan | 2024-02-04 | 6.9 MEDIUM | N/A |
linux-patch-openswan 2.4.12 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/snap##### and (b) /tmp/nightly##### temporary files, related to the (1) maysnap and (2) maytest scripts. | |||||
CVE-2008-5299 | 1 Karakas-online | 1 Chm2pdf | 2024-02-04 | 6.9 MEDIUM | N/A |
chm2pdf 0.9 allows user-assisted local users to delete arbitrary files via a symlink attack on .chm files in the (1) /tmp/chm2pdf/work or (2) /tmp/chm2pdf/orig temporary directories. | |||||
CVE-2008-5704 | 1 Gpsdrive | 1 Gpsdrive | 2024-02-04 | 7.6 HIGH | N/A |
src/unit_test.c in gpsdrive (aka gpsdrive-scripts) 2.10~pre4 might allow local users to overwrite arbitrary files via a symlink attack on the /tmp/gpsdrive-unit-test/proc temporary file, a different vector than CVE-2008-4959 and CVE-2008-5380. | |||||
CVE-2008-5140 | 1 Debian | 1 Mailscanner | 2024-02-04 | 6.9 MEDIUM | N/A |
trend-autoupdate.new in mailscanner 4.55.10 and other versions before 4.74.16-1 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/opr.ini.##### or (2) /tmp/lpt*.zip temporary file. | |||||
CVE-2008-4978 | 1 Radiance | 1 Radiance | 2024-02-04 | 6.9 MEDIUM | N/A |
radiance 3R9+20080530 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/opt.fmt, (b) /tmp/out#####.fmt, (c) /tmp/tf#####.dat, (d) /tmp/gsf#####, (e) /tmp/sc#####.sh, (f) /tmp/il#####.pic, (g) /tmp/tl#####.pic, (h) /tmp/ds#####.pic, (i) /tmp/tfa#####, and (j) /tmp/sed##### temporary files, related to the (1) optics2rad, (2) pdelta, (3) dayfact, and (4) raddepend scripts. | |||||
CVE-2008-4191 | 1 Emacspeak Inc | 1 Emacspeak | 2024-02-04 | 6.6 MEDIUM | N/A |
extract-table.pl in Emacspeak 26 and 28 allows local users to overwrite arbitrary files via a symlink attack on the extract-table.csv temporary file. | |||||
CVE-2008-3931 | 1 R Foundation | 1 R | 2024-02-04 | 6.9 MEDIUM | N/A |
javareconf in R 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
CVE-2008-2266 | 2 Nzbget, Uudeview | 2 Nzbget, Uudeview | 2024-02-04 | 4.4 MEDIUM | N/A |
uulib/uunconc.c in UUDeview 0.5.20, as used in nzbget before 0.3.0 and possibly other products, allows local users to overwrite arbitrary files via a symlink attack on a temporary filename generated by the tempnam function. NOTE: this may be a CVE-2004-2265 regression. | |||||
CVE-2008-4959 | 1 Gpsdrive | 1 Gpsdrive-scripts | 2024-02-04 | 6.9 MEDIUM | N/A |
geo-code in gpsdrive-scripts 2.10~pre4 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/geo.google, (2) /tmp/geo.yahoo, (3) /tmp/geo.coords, and (4) /tmp/geo#####.coords temporary files. |