Vulnerabilities (CVE)

Filtered by CWE-59
Total 1156 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-6208 1 Claws Mail 1 Claws Mail Tools 2024-11-21 3.6 LOW N/A
sylprint.pl in claws mail tools (claws-mail-tools) allows local users to overwrite arbitrary files via a symlink attack on the sylprint.[USER].[PID] temporary file.
CVE-2007-6061 1 Audacityteam 1 Audacity 2024-11-21 5.0 MEDIUM N/A
Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock) by creating the directory before Audacity is run. NOTE: this issue can be leveraged to delete arbitrary files or directories via a symlink attack.
CVE-2007-5940 1 Tug 1 Texlive 2007 2024-11-21 4.6 MEDIUM N/A
feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the feynmf$$.pl temporary file.
CVE-2007-5839 1 Bitchx 1 Bitchx 2024-11-21 4.6 MEDIUM N/A
The e_hostname function in commands.c in BitchX 1.1a allows local users to overwrite arbitrary files via a symlink attack on temporary files when using the (1) HOSTNAME or (2) IRCHOST command.
CVE-2007-5805 1 Ibm 1 Aix 2024-11-21 6.9 MEDIUM N/A
cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create an arbitrary file, and enable world writability of this file, via a symlink attack involving use of the file's name as the argument. NOTE: this issue is due to an incomplete fix for CVE-2007-5804.
CVE-2007-5718 2 Debian, Vobcopy 2 Debian Linux, Vobcopy 2024-11-21 4.9 MEDIUM N/A
vobcopy 0.5.14 allows local users to append data to an arbitrary file, or create an arbitrary new file, via a symlink attack on the (1) /tmp/vobcopy.bla or (2) /tmp/vobcopy_0.5.14.log temporary file.
CVE-2007-5695 1 Sitebar 1 Sitebar 2024-11-21 6.4 MEDIUM N/A
Open redirect vulnerability in command.php in SiteBar 3.3.8 allows remote attackers to redirect users to arbitrary web sites via a URL in the forward parameter in a Log In action.
CVE-2007-5664 1 Ibm 1 Db2 Universal Database 2024-11-21 6.9 MEDIUM N/A
db2dasrrm in the DB2 Administration Server (DAS) in IBM DB2 Universal Database 9.5 before Fix Pack 1, 9.1 before Fix Pack 4a, and 8 before FixPak 16 allows local users to overwrite arbitrary files via a symlink attack on files used for initialization.
CVE-2007-5495 2 Redhat, Selinux 3 Enterprise Linux, Enterprise Linux Desktop, Setroubleshoot 2024-11-21 4.4 MEDIUM N/A
sealert in setroubleshoot 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the sealert.log temporary file.
CVE-2007-5437 1 Broadcom 1 Etrust Integrated Threat Management 2024-11-21 5.8 MEDIUM N/A
The web console in CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 allows remote attackers to redirect users to arbitrary web sites via a crafted HTTP URL on port 6689.
CVE-2007-5377 1 Gnu 1 Tramp 2024-11-21 6.9 MEDIUM N/A
The (1) tramp-make-temp-file and (2) tramp-make-tramp-temp-file functions in Tramp 2.1.10 extension for Emacs, and possibly earlier 2.1.x versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2007-5207 1 Debian 1 Guilt 2024-11-21 3.3 LOW N/A
guilt 0.27 allows local users to overwrite arbitrary files via a symlink attack on a guilt.log.[PID] temporary file.
CVE-2007-5200 1 Opensuse 1 Opensuse 2024-11-21 3.3 LOW N/A
hugin, as used on various operating systems including SUSE openSUSE 10.2 and 10.3, allows local users to overwrite arbitrary files via a symlink attack on the hugin_debug_optim_results.txt temporary file.
CVE-2007-4998 1 Linux 1 Linux Kernel 2024-11-21 6.9 MEDIUM N/A
cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination.
CVE-2007-4652 1 Php 1 Php 2024-11-21 4.4 MEDIUM N/A
The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink.
CVE-2007-4631 1 Qgit 1 Qgit 2024-11-21 6.9 MEDIUM N/A
The DataLoader::doStart function in dataloader.cpp in QGit 1.5.6 and other versions up to 2pre1 allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on temporary files with predictable filenames.
CVE-2007-4224 1 Kde 1 Konqueror 2024-11-21 4.3 MEDIUM N/A
KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property.
CVE-2007-4129 2 Fedoraproject, Redhat 2 Coolkey, Enterprise Linux 2024-11-21 3.3 LOW N/A
CoolKey 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files in the /tmp/.pk11ipc1/ directory.
CVE-2007-3921 1 Gforge 1 Gforge 2024-11-21 3.3 LOW N/A
gforge 3.1 and 4.5.14 allows local users to truncate arbitrary files via a symlink attack on temporary files.
CVE-2007-3919 2 Debian, Xensource Inc 2 Debian Linux, Xen 2024-11-21 6.0 MEDIUM N/A
(1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm.