Search Results (7481 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1111 4 Canonical, Debian, Gnu and 1 more 4 Ubuntu Linux, Debian Linux, Cpio and 1 more 2025-04-03 4.7 Medium
Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
CVE-2005-0824 1 Mathopd 1 Mathopd 2025-04-03 5.5 Medium
The internal_dump function in Mathopd before 1.5p5, and 1.6x before 1.6b6 BETA, when Mathopd is running with the -n option, allows local users to overwrite arbitrary files via a symlink attack on dump files that are triggered by a SIGWINCH signal.
CVE-2003-1233 1 Pedestalsoftware 1 Integrity Protection Driver 2025-04-03 9.8 Critical
Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers, such as rootkits, to bypass file access restrictions to the Windows kernel by using the NtCreateSymbolicLinkObject function to create a symbolic link to (1) \Device\PhysicalMemory or (2) to a drive letter using the subst command.
CVE-2005-2991 1 Ncompress 1 Ncompress 2025-04-03 5.0 Medium
ncompress 4.2.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files using (1) zdiff or (2) zcmp, a different vulnerability than CVE-2004-0970.
CVE-2002-0725 1 Microsoft 2 Windows 2000, Windows Nt 2025-04-03 5.5 Medium
NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file.
CVE-1999-0013 1 Ssh 1 Ssh 2025-04-03 8.4 High
Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user.
CVE-1999-0783 1 Freebsd 1 Freebsd 2025-04-03 5.5 Medium
FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system.
CVE-2004-0689 3 Debian, Kde, Redhat 3 Debian Linux, Kde, Enterprise Linux 2025-04-03 7.1 High
KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files.
CVE-2003-1528 1 Fujitsu 1 Siemens Networker 2025-04-03 N/A
nsr_shutdown in Fujitsu Siemens NetWorker 6.0 allows local users to overwrite arbitrary files via a symlink attack on the nsrsh[PID] temporary file.
CVE-1999-0794 1 Microsoft 2 Excel, Office 2025-04-03 N/A
Microsoft Excel does not warn a user when a macro is present in a Symbolic Link (SYLK) format file.
CVE-2003-1492 2 Mozilla, Netscape 2 Firefox, Navigator 2025-04-03 N/A
Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end.
CVE-2005-1880 1 Everybuddy 1 Everybuddy 2025-04-03 5.5 Medium
everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.
CVE-2001-1556 1 Apache 1 Http Server 2025-04-03 3.3 Low
The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
CVE-2002-0824 1 Freebsd 1 Point-to-point Protocol Daemon 2025-04-03 N/A
BSD pppd allows local users to change the permissions of arbitrary files via a symlink attack on a file that is specified as a tty device.
CVE-2005-1879 1 Lutel 1 Lutelwall 2025-04-03 5.5 Medium
LutelWall 0.97 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.
CVE-2005-2527 1 Sun 1 Java 2025-04-03 N/A
Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to corrupt files or create arbitrary files via unspecified attack vectors related to a temporary directory, possibly due to a symlink attack.
CVE-2005-3435 1 Archilles 1 Newsworld 2025-04-03 9.8 Critical
admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to bypass authentication by obtaining the password hash for another user, for example through another Newsworld vulnerability, and specifying the hash in the pwd argument.
CVE-2005-0004 3 Debian, Mariadb, Oracle 3 Debian Linux, Mariadb, Mysql 2025-04-03 N/A
The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.
CVE-2000-1178 1 Joseph Allen 1 Joe 2025-04-03 5.5 Medium
Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes.
CVE-2004-1603 1 Cpanel 1 Cpanel 2025-04-03 5.5 Medium
cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled.