Search Results (7481 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-5147 1 Holloway 1 Docvert 2025-04-09 N/A
test-pipe-to-pyodconverter.org.sh in docvert 2.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/outer.odt temporary file.
CVE-2008-4940 1 Aptoncd 1 Aptoncd 2025-04-09 N/A
xmlfile.py in aptoncd 0.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/aptoncd temporary file.
CVE-2008-4980 1 Zak B Elep 1 Rccp 2025-04-09 N/A
delqueueask in rccp 0.9 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/cccp_tmp.txt temporary file.
CVE-2009-3597 1 Digitaldesign Cms Project 1 Digitaldesign Cms 2025-04-09 N/A
Digitaldesign CMS 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for autoconfig.dd.
CVE-2008-5256 1 Virtualox 1 Virtualox 2025-04-09 N/A
The AcquireDaemonLock function in ipcdUnix.cpp in Sun Innotek VirtualBox before 2.0.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.vbox-$USER-ipc/lock temporary file.
CVE-2008-4966 1 Openswan 1 Linux-patch-openswan 2025-04-09 N/A
linux-patch-openswan 2.4.12 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/snap##### and (b) /tmp/nightly##### temporary files, related to the (1) maysnap and (2) maytest scripts.
CVE-2009-2939 3 Debian, Postfix, Ubuntu 3 Debian Linux, Postfix, Ubuntu Linux 2025-04-09 N/A
The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files.
CVE-2007-2978 1 Eggblog 1 Eggblog 2025-04-09 N/A
Session fixation vulnerability in eggblog 3.1.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
CVE-2008-4988 1 Lars Bahner 1 Xcal 2025-04-09 N/A
pscal in xcal 4.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/pscal##### temporary file.
CVE-2008-3227 1 Joomla 1 Joomla 2025-04-09 N/A
Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a "User Redirect Spam fix," possibly an open redirect vulnerability.
CVE-2008-4972 1 Steve Robbins 1 Mgt 2025-04-09 N/A
mailgo in mgt 2.31 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mailgo##### temporary file.
CVE-2008-3521 1 Jasper Project 1 Jasper 2025-04-09 N/A
Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit. NOTE: this was originally reported as a symlink issue, but this was incorrect. NOTE: some vendors dispute the severity of this issue, but it satisfies CVE's requirements for inclusion.
CVE-2008-5375 1 Cmus 1 Cmus 2025-04-09 N/A
cmus-status-display in cmus 2.2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/cmus-status temporary file.
CVE-2008-1901 1 Debian 1 Aptlinex 2025-04-09 N/A
aptlinex before 0.91 allows local users to overwrite arbitrary files via a symlink attack on the gambas-apt.lock temporary file.
CVE-2009-4193 1 Merkaartor 1 Merkaartor 2025-04-09 N/A
Merkaartor 0.14 allows local users to append data to arbitrary files via a symlink attack on the /tmp/merkaartor.log temporary file.
CVE-2009-1297 2 Novell, Opensuse 2 Suse Linux, Opensuse 2025-04-09 N/A
iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name.
CVE-2008-4950 1 Debian 1 Dpkg-cross 2025-04-09 N/A
gccross in dpkg-cross 2.3.0 allows local users to overwrite arbitrary files via a symlink attack on the tmp/gccross2.log temporary file. NOTE: the vendor disputes this vulnerability, stating that "There is no sense in this bug - the script ... is called under specific cross-building environments within a chroot.
CVE-2007-4224 2 Kde, Redhat 2 Konqueror, Enterprise Linux 2025-04-09 N/A
KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property.
CVE-2009-1867 2 Adobe, Redhat 4 Air, Flash Player, Flex and 1 more 2025-04-09 N/A
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "clickjacking vulnerability."
CVE-2008-4974 1 Netmrg 1 Netmrg 2025-04-09 N/A
rrdedit in netmrg 0.20 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/*.xml and (2) /tmp/*.backup temporary files.