Total
1156 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-1684 | 1 Sun | 1 Solaris | 2024-11-21 | 4.7 MEDIUM | N/A |
inetd on Sun Solaris 10, when debug logging is enabled, allows local users to write to arbitrary files via a symlink attack on the /var/tmp/inetd.log temporary file. | |||||
CVE-2008-1569 | 2 Debian, Policyd-weight | 2 Debian Linux, Policyd-weight | 2024-11-21 | 3.3 LOW | N/A |
policyd-weight 0.1.14 beta-16 and earlier allows local users to modify or delete arbitrary files via a symlink attack on temporary files that are used when creating a socket. | |||||
CVE-2008-1417 | 1 Axyl | 1 Axyl | 2024-11-21 | 6.9 MEDIUM | N/A |
The prerm script in axyl 2.1.7 allows local users to overwrite arbitrary files via a symlink attack on the axyl.conf temporary file. | |||||
CVE-2008-1241 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-11-21 | 4.3 MEDIUM | N/A |
GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 allows remote attackers to spoof form elements and redirect user inputs via a borderless XUL pop-up window from a background tab. | |||||
CVE-2008-1199 | 1 Dovecot | 1 Dovecot | 2024-11-21 | 4.4 MEDIUM | N/A |
Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack. | |||||
CVE-2008-1103 | 1 Blender | 1 Blender | 2024-11-21 | 6.9 MEDIUM | N/A |
Multiple unspecified vulnerabilities in Blender have unknown impact and attack vectors, related to "temporary file issues." | |||||
CVE-2008-1078 | 2 Gentoo, Rpath | 2 Linux, Rpath Linux | 2024-11-21 | 7.2 HIGH | N/A |
expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and other distributions, allows local users to overwrite arbitrary files via a symlink attack on the expn[PID] temporary file. NOTE: this is the same issue as CVE-2003-0308.1. | |||||
CVE-2008-0930 | 2 Debian, Freshmeat | 2 Debian Linux, Xwine | 2024-11-21 | 7.2 HIGH | N/A |
w_editeur.c in XWine 1.0.1 for Debian GNU/Linux allows local users to overwrite or print arbitrary files via a symlink attack on the temporaire temporary file. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-0883 | 2 Adobe, Suse | 4 Acrobat Reader, Open Suse, Suse Linux and 1 more | 2024-11-21 | 3.7 LOW | N/A |
acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling. | |||||
CVE-2008-0870 | 2 Bea Systems, Oracle | 2 Weblogic Portal, Weblogic Portal | 2024-11-21 | 7.5 HIGH | N/A |
BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session. | |||||
CVE-2008-0806 | 1 Paul Pelzl | 1 Wyrd | 2024-11-21 | 3.6 LOW | N/A |
wyrd 1.4.3b allows local users to overwrite arbitrary files via a symlink attack on the wyrd-tmp.[USERID] temporary file. | |||||
CVE-2008-0732 | 2 Apache, Suse | 2 Geronimo, Suse Linux | 2024-11-21 | 2.1 LOW | N/A |
The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories. | |||||
CVE-2008-0666 | 1 Website Meta Language | 1 Website Meta Language | 2024-11-21 | 3.6 LOW | N/A |
Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on (1) the /tmp/pe.tmp.$$ temporary file used by wml_contrib/wmg.cgi and (2) temporary files used by wml_backend/p3_eperl/eperl_sys.c. | |||||
CVE-2008-0665 | 1 Website Meta Language | 1 Website Meta Language | 2024-11-21 | 3.6 LOW | N/A |
wml_backend/p1_ipp/ipp.src in Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on the ipp.$$.tmp temporary file. | |||||
CVE-2008-0613 | 1 Xoops | 1 Xoops | 2024-11-21 | 5.0 MEDIUM | N/A |
Open redirect vulnerability in htdocs/user.php in XOOPS 2.0.18 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the xoops_redirect parameter. | |||||
CVE-2008-0525 | 3 Lumension Security, Novell, Unix | 3 Patchlink Update, Zenworks Patch Management Update Agent, Unix | 2024-11-21 | 4.6 MEDIUM | N/A |
PatchLink Update client for Unix, as used by Novell ZENworks Patch Management Update Agent for Linux/Unix/Mac (LUM) 6.2094 through 6.4102 and other products, allows local users to (1) truncate arbitrary files via a symlink attack on the /tmp/patchlink.tmp file used by the logtrimmer script, and (2) execute arbitrary code via a symlink attack on the /tmp/plshutdown file used by the rebootTask script. | |||||
CVE-2008-0167 | 2 Debian, Gforge | 2 Debian Linux, Gforge | 2024-11-21 | 4.6 MEDIUM | N/A |
The write_array_file function in utils/include.pl in GForge 4.5.14 updates configuration files by truncating them to zero length and then writing new data, which might allow attackers to bypass intended access restrictions or have unspecified other impact in opportunistic circumstances. | |||||
CVE-2008-0163 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 4.4 MEDIUM | N/A |
Linux kernel 2.6, when using vservers, allows local users to access resources of other vservers via a symlink attack in /proc. | |||||
CVE-2007-6692 | 1 Menalto | 1 Gallery | 2024-11-21 | 6.4 MEDIUM | N/A |
Open redirect vulnerability in Menalto Gallery before 2.2.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) Core and (2) print modules. | |||||
CVE-2007-6595 | 1 Clam Anti-virus | 1 Clamav | 2024-11-21 | 2.1 LOW | N/A |
ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on (1) temporary files used by the cli_gentempfd function in libclamav/others.c or on (2) .ascii files used by sigtool, when utf16-decode is enabled. |