Total
1064 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-2382 | 1 Cvsup | 1 Cvsup | 2024-02-04 | 7.2 HIGH | N/A |
cvsupd.sh in CVSup 1.2 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on /var/tmp/cvsupd.out. | |||||
CVE-2004-1901 | 1 Gentoo | 2 Linux, Portage | 2024-02-04 | 4.6 MEDIUM | 5.5 MEDIUM |
Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles. | |||||
CVE-1999-0783 | 1 Freebsd | 1 Freebsd | 2024-02-04 | 5.0 MEDIUM | 5.5 MEDIUM |
FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system. | |||||
CVE-2004-1603 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 5.0 MEDIUM | 5.5 MEDIUM |
cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled. | |||||
CVE-2003-1528 | 1 Fujitsu | 1 Siemens Networker | 2024-02-04 | 7.2 HIGH | N/A |
nsr_shutdown in Fujitsu Siemens NetWorker 6.0 allows local users to overwrite arbitrary files via a symlink attack on the nsrsh[PID] temporary file. | |||||
CVE-2002-0793 | 1 Blackberry | 1 Qnx Neutrino Real-time Operating System | 2024-02-04 | 4.6 MEDIUM | 5.5 MEDIUM |
Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 (aka QNX4) allow local users to overwrite arbitrary files via (1) the -f argument to the monitor utility, (2) the -d argument to dumper, (3) the -c argument to crttrap, or (4) using the Watcom sample utility. | |||||
CVE-2001-0131 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2024-02-04 | 3.3 LOW | N/A |
htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack. | |||||
CVE-2004-0689 | 2 Debian, Kde | 2 Debian Linux, Kde | 2024-02-04 | 4.6 MEDIUM | 7.1 HIGH |
KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files. | |||||
CVE-2000-0972 | 1 Hp | 1 Hp-ux | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates. | |||||
CVE-2000-0715 | 2 Conectiva, Kirk Bauer | 2 Linux, Diskcheck | 2024-02-04 | 2.1 LOW | N/A |
DiskCheck script diskcheck.pl in Red Hat Linux 6.2 allows local users to create or overwrite arbitrary files via a symlink attack on a temporary file. | |||||
CVE-1999-1386 | 1 Perl | 1 Perl | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file. | |||||
CVE-2003-0578 | 1 Ibm | 1 U2 Universe | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files. | |||||
CVE-2003-0517 | 1 Mgetty Project | 1 Mgetty | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
faxrunqd.in in mgetty 1.1.28 and earlier allows local users to overwrite files via a symlink attack on JOB files. | |||||
CVE-2004-0217 | 2 Redhat, Symantec | 2 Linux, Antivirus Scan Engine | 2024-02-04 | 3.7 LOW | 7.0 HIGH |
The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or append to arbitrary files via a symlink attack on /tmp/LiveUpdate.log. | |||||
CVE-2002-2323 | 1 Sun | 1 Solaris Pc Netlink | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Sun PC NetLink 1.0 through 1.2 does not properly set the access control list (ACL) for files and directories that use symbolic links and have been restored from backup, which could allow local or remote attackers to bypass intended access restrictions. | |||||
CVE-2000-1178 | 1 Joseph Allen | 1 Joe | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes. | |||||
CVE-1999-0794 | 1 Microsoft | 2 Excel, Office | 2024-02-04 | 4.6 MEDIUM | N/A |
Microsoft Excel does not warn a user when a macro is present in a Symbolic Link (SYLK) format file. | |||||
CVE-2001-1494 | 2 Avaya, Kernel | 7 Cvlan, Integrated Management Suit, Interactive Response and 4 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command. | |||||
CVE-1999-0981 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 5.1 MEDIUM | N/A |
Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka "Server-side Page Reference Redirect." | |||||
CVE-2002-0824 | 1 Freebsd | 1 Point-to-point Protocol Daemon | 2024-02-04 | 6.9 MEDIUM | N/A |
BSD pppd allows local users to change the permissions of arbitrary files via a symlink attack on a file that is specified as a tty device. |