Total
1156 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-6208 | 1 Claws Mail | 1 Claws Mail Tools | 2024-11-21 | 3.6 LOW | N/A |
sylprint.pl in claws mail tools (claws-mail-tools) allows local users to overwrite arbitrary files via a symlink attack on the sylprint.[USER].[PID] temporary file. | |||||
CVE-2007-6061 | 1 Audacityteam | 1 Audacity | 2024-11-21 | 5.0 MEDIUM | N/A |
Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock) by creating the directory before Audacity is run. NOTE: this issue can be leveraged to delete arbitrary files or directories via a symlink attack. | |||||
CVE-2007-5940 | 1 Tug | 1 Texlive 2007 | 2024-11-21 | 4.6 MEDIUM | N/A |
feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the feynmf$$.pl temporary file. | |||||
CVE-2007-5839 | 1 Bitchx | 1 Bitchx | 2024-11-21 | 4.6 MEDIUM | N/A |
The e_hostname function in commands.c in BitchX 1.1a allows local users to overwrite arbitrary files via a symlink attack on temporary files when using the (1) HOSTNAME or (2) IRCHOST command. | |||||
CVE-2007-5805 | 1 Ibm | 1 Aix | 2024-11-21 | 6.9 MEDIUM | N/A |
cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create an arbitrary file, and enable world writability of this file, via a symlink attack involving use of the file's name as the argument. NOTE: this issue is due to an incomplete fix for CVE-2007-5804. | |||||
CVE-2007-5718 | 2 Debian, Vobcopy | 2 Debian Linux, Vobcopy | 2024-11-21 | 4.9 MEDIUM | N/A |
vobcopy 0.5.14 allows local users to append data to an arbitrary file, or create an arbitrary new file, via a symlink attack on the (1) /tmp/vobcopy.bla or (2) /tmp/vobcopy_0.5.14.log temporary file. | |||||
CVE-2007-5695 | 1 Sitebar | 1 Sitebar | 2024-11-21 | 6.4 MEDIUM | N/A |
Open redirect vulnerability in command.php in SiteBar 3.3.8 allows remote attackers to redirect users to arbitrary web sites via a URL in the forward parameter in a Log In action. | |||||
CVE-2007-5664 | 1 Ibm | 1 Db2 Universal Database | 2024-11-21 | 6.9 MEDIUM | N/A |
db2dasrrm in the DB2 Administration Server (DAS) in IBM DB2 Universal Database 9.5 before Fix Pack 1, 9.1 before Fix Pack 4a, and 8 before FixPak 16 allows local users to overwrite arbitrary files via a symlink attack on files used for initialization. | |||||
CVE-2007-5495 | 2 Redhat, Selinux | 3 Enterprise Linux, Enterprise Linux Desktop, Setroubleshoot | 2024-11-21 | 4.4 MEDIUM | N/A |
sealert in setroubleshoot 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the sealert.log temporary file. | |||||
CVE-2007-5437 | 1 Broadcom | 1 Etrust Integrated Threat Management | 2024-11-21 | 5.8 MEDIUM | N/A |
The web console in CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 allows remote attackers to redirect users to arbitrary web sites via a crafted HTTP URL on port 6689. | |||||
CVE-2007-5377 | 1 Gnu | 1 Tramp | 2024-11-21 | 6.9 MEDIUM | N/A |
The (1) tramp-make-temp-file and (2) tramp-make-tramp-temp-file functions in Tramp 2.1.10 extension for Emacs, and possibly earlier 2.1.x versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
CVE-2007-5207 | 1 Debian | 1 Guilt | 2024-11-21 | 3.3 LOW | N/A |
guilt 0.27 allows local users to overwrite arbitrary files via a symlink attack on a guilt.log.[PID] temporary file. | |||||
CVE-2007-5200 | 1 Opensuse | 1 Opensuse | 2024-11-21 | 3.3 LOW | N/A |
hugin, as used on various operating systems including SUSE openSUSE 10.2 and 10.3, allows local users to overwrite arbitrary files via a symlink attack on the hugin_debug_optim_results.txt temporary file. | |||||
CVE-2007-4998 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 6.9 MEDIUM | N/A |
cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination. | |||||
CVE-2007-4652 | 1 Php | 1 Php | 2024-11-21 | 4.4 MEDIUM | N/A |
The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink. | |||||
CVE-2007-4631 | 1 Qgit | 1 Qgit | 2024-11-21 | 6.9 MEDIUM | N/A |
The DataLoader::doStart function in dataloader.cpp in QGit 1.5.6 and other versions up to 2pre1 allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on temporary files with predictable filenames. | |||||
CVE-2007-4224 | 1 Kde | 1 Konqueror | 2024-11-21 | 4.3 MEDIUM | N/A |
KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property. | |||||
CVE-2007-4129 | 2 Fedoraproject, Redhat | 2 Coolkey, Enterprise Linux | 2024-11-21 | 3.3 LOW | N/A |
CoolKey 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files in the /tmp/.pk11ipc1/ directory. | |||||
CVE-2007-3921 | 1 Gforge | 1 Gforge | 2024-11-21 | 3.3 LOW | N/A |
gforge 3.1 and 4.5.14 allows local users to truncate arbitrary files via a symlink attack on temporary files. | |||||
CVE-2007-3919 | 2 Debian, Xensource Inc | 2 Debian Linux, Xen | 2024-11-21 | 6.0 MEDIUM | N/A |
(1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm. |