Total
1403 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-4652 | 1 Php | 1 Php | 2025-04-09 | N/A |
| The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink. | ||||
| CVE-2008-1684 | 1 Sun | 1 Solaris | 2025-04-09 | N/A |
| inetd on Sun Solaris 10, when debug logging is enabled, allows local users to write to arbitrary files via a symlink attack on the /var/tmp/inetd.log temporary file. | ||||
| CVE-2008-4908 | 2 Crossfire, Debian | 2 Crossfire, Debian Linux | 2025-04-09 | N/A |
| maps/Info/combine.pl in CrossFire crossfire-maps 1.11.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | ||||
| CVE-2008-6762 | 1 Wordpress | 1 Wordpress | 2025-04-09 | N/A |
| Open redirect vulnerability in wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backto parameter. | ||||
| CVE-2022-3592 | 2 Fedoraproject, Samba | 2 Fedora, Samba | 2025-04-08 | 6.5 Medium |
| A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the 'smbd' configured share path and gain access to another restricted server's filesystem. | ||||
| CVE-2023-29351 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-04-08 | 8.1 High |
| Windows Group Policy Elevation of Privilege Vulnerability | ||||
| CVE-2005-1879 | 1 Lutel | 1 Lutelwall | 2025-04-03 | 5.5 Medium |
| LutelWall 0.97 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget. | ||||
| CVE-2004-0217 | 2 Redhat, Symantec | 2 Linux, Antivirus Scan Engine | 2025-04-03 | 7.0 High |
| The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or append to arbitrary files via a symlink attack on /tmp/LiveUpdate.log. | ||||
| CVE-2001-1494 | 3 Avaya, Kernel, Redhat | 8 Cvlan, Integrated Management Suit, Interactive Response and 5 more | 2025-04-03 | 5.5 Medium |
| script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command. | ||||
| CVE-2002-0824 | 1 Freebsd | 1 Point-to-point Protocol Daemon | 2025-04-03 | N/A |
| BSD pppd allows local users to change the permissions of arbitrary files via a symlink attack on a file that is specified as a tty device. | ||||
| CVE-2005-3126 | 1 Antiword | 1 Antiword | 2025-04-03 | N/A |
| The (1) kantiword (kantiword.sh) and (2) gantiword (gantiword.sh) scripts in antiword 0.35 and earlier allow local users to overwrite arbitrary files via a symlink attack on temporary (a) output and (b) error files. | ||||
| CVE-2005-2714 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | N/A |
| passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to overwrite arbitrary files via a symlink attack on the .pwtmp.[PID] temporary file. | ||||
| CVE-2000-0342 | 1 Qualcomm | 1 Eudora | 2025-04-03 | 7.5 High |
| Eudora 4.x allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka "Stealth Attachment." | ||||
| CVE-2005-1916 | 2 Debian, Ekg Project | 2 Debian Linux, Ekg | 2025-04-03 | 5.5 Medium |
| linki.py in ekg 2005-06-05 and earlier allows local users to overwrite or create arbitrary files via a symlink attack on temporary files. | ||||
| CVE-2005-3011 | 2 Gnu, Redhat | 2 Texinfo, Enterprise Linux | 2025-04-03 | N/A |
| The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files. | ||||
| CVE-2004-0689 | 3 Debian, Kde, Redhat | 3 Debian Linux, Kde, Enterprise Linux | 2025-04-03 | 7.1 High |
| KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files. | ||||
| CVE-2005-1111 | 4 Canonical, Debian, Gnu and 1 more | 4 Ubuntu Linux, Debian Linux, Cpio and 1 more | 2025-04-03 | 4.7 Medium |
| Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete. | ||||
| CVE-2000-1178 | 1 Joseph Allen | 1 Joe | 2025-04-03 | 5.5 Medium |
| Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes. | ||||
| CVE-2005-1880 | 1 Everybuddy | 1 Everybuddy | 2025-04-03 | 5.5 Medium |
| everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget. | ||||
| CVE-2000-0972 | 1 Hp | 1 Hp-ux | 2025-04-03 | 5.5 Medium |
| HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates. | ||||