Total
1064 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-5718 | 2 Debian, Vobcopy | 2 Debian Linux, Vobcopy | 2024-02-04 | 4.9 MEDIUM | N/A |
vobcopy 0.5.14 allows local users to append data to an arbitrary file, or create an arbitrary new file, via a symlink attack on the (1) /tmp/vobcopy.bla or (2) /tmp/vobcopy_0.5.14.log temporary file. | |||||
CVE-2007-6692 | 1 Menalto | 1 Gallery | 2024-02-04 | 6.4 MEDIUM | N/A |
Open redirect vulnerability in Menalto Gallery before 2.2.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) Core and (2) print modules. | |||||
CVE-2008-1078 | 2 Gentoo, Rpath | 2 Linux, Rpath Linux | 2024-02-04 | 7.2 HIGH | N/A |
expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and other distributions, allows local users to overwrite arbitrary files via a symlink attack on the expn[PID] temporary file. NOTE: this is the same issue as CVE-2003-0308.1. | |||||
CVE-2007-5940 | 1 Tug | 1 Texlive 2007 | 2024-02-04 | 4.6 MEDIUM | N/A |
feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the feynmf$$.pl temporary file. | |||||
CVE-2007-5377 | 1 Gnu | 1 Tramp | 2024-02-04 | 6.9 MEDIUM | N/A |
The (1) tramp-make-temp-file and (2) tramp-make-tramp-temp-file functions in Tramp 2.1.10 extension for Emacs, and possibly earlier 2.1.x versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
CVE-2008-0732 | 2 Apache, Suse | 2 Geronimo, Suse Linux | 2024-02-04 | 2.1 LOW | N/A |
The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories. | |||||
CVE-2008-0870 | 2 Bea Systems, Oracle | 2 Weblogic Portal, Weblogic Portal | 2024-02-04 | 7.5 HIGH | N/A |
BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session. | |||||
CVE-2008-0806 | 1 Paul Pelzl | 1 Wyrd | 2024-02-04 | 3.6 LOW | N/A |
wyrd 1.4.3b allows local users to overwrite arbitrary files via a symlink attack on the wyrd-tmp.[USERID] temporary file. | |||||
CVE-2007-4631 | 1 Qgit | 1 Qgit | 2024-02-04 | 6.9 MEDIUM | N/A |
The DataLoader::doStart function in dataloader.cpp in QGit 1.5.6 and other versions up to 2pre1 allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on temporary files with predictable filenames. | |||||
CVE-2007-3919 | 2 Debian, Xensource Inc | 2 Debian Linux, Xen | 2024-02-04 | 6.0 MEDIUM | N/A |
(1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm. | |||||
CVE-2007-4129 | 2 Fedoraproject, Redhat | 2 Coolkey, Enterprise Linux | 2024-02-04 | 3.3 LOW | N/A |
CoolKey 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files in the /tmp/.pk11ipc1/ directory. | |||||
CVE-2007-2978 | 1 Eggblog | 1 Eggblog | 2024-02-04 | 6.8 MEDIUM | N/A |
Session fixation vulnerability in eggblog 3.1.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | |||||
CVE-2008-0525 | 3 Lumension Security, Novell, Unix | 3 Patchlink Update, Zenworks Patch Management Update Agent, Unix | 2024-02-04 | 4.6 MEDIUM | N/A |
PatchLink Update client for Unix, as used by Novell ZENworks Patch Management Update Agent for Linux/Unix/Mac (LUM) 6.2094 through 6.4102 and other products, allows local users to (1) truncate arbitrary files via a symlink attack on the /tmp/patchlink.tmp file used by the logtrimmer script, and (2) execute arbitrary code via a symlink attack on the /tmp/plshutdown file used by the rebootTask script. | |||||
CVE-2008-0666 | 1 Website Meta Language | 1 Website Meta Language | 2024-02-04 | 3.6 LOW | N/A |
Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on (1) the /tmp/pe.tmp.$$ temporary file used by wml_contrib/wmg.cgi and (2) temporary files used by wml_backend/p3_eperl/eperl_sys.c. | |||||
CVE-2007-5805 | 1 Ibm | 1 Aix | 2024-02-04 | 6.9 MEDIUM | N/A |
cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create an arbitrary file, and enable world writability of this file, via a symlink attack involving use of the file's name as the argument. NOTE: this issue is due to an incomplete fix for CVE-2007-5804. | |||||
CVE-2008-1199 | 1 Dovecot | 1 Dovecot | 2024-02-04 | 4.4 MEDIUM | N/A |
Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack. | |||||
CVE-2007-5839 | 1 Bitchx | 1 Bitchx | 2024-02-04 | 4.6 MEDIUM | N/A |
The e_hostname function in commands.c in BitchX 1.1a allows local users to overwrite arbitrary files via a symlink attack on temporary files when using the (1) HOSTNAME or (2) IRCHOST command. | |||||
CVE-2007-3742 | 1 Apple | 2 Iphone, Safari | 2024-02-04 | 4.3 MEDIUM | N/A |
WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name (IDN) support and Unicode fonts, which allows remote attackers to create a URL containing "look-alike characters" (homographs) and possibly perform phishing attacks. | |||||
CVE-2007-5695 | 1 Sitebar | 1 Sitebar | 2024-02-04 | 6.4 MEDIUM | N/A |
Open redirect vulnerability in command.php in SiteBar 3.3.8 allows remote attackers to redirect users to arbitrary web sites via a URL in the forward parameter in a Log In action. | |||||
CVE-2007-3916 | 1 Skk Openlab | 1 Skk Tools | 2024-02-04 | 4.4 MEDIUM | N/A |
The main function in skkdic-expr.c in SKK Tools 1.2 allows local users to overwrite or delete arbitrary files via a symlink attack on a skkdic$PID temporary file. |