| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| asciiview in aview 1.3.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/aview#####.pgm temporary file. |
| gather-messages.sh in Ampache 3.4.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filelist temporary file. |
| bulmages-servers 0.11.1 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/error.txt, (b) /tmp/errores.txt, and possibly other temporary files, related to the (1) creabulmafact, (2) creabulmacont, and possibly (3) actualizabulmacont, (4) installbulmages-db, and (5) actualizabulmafact scripts. |
| The (1) ncsarmt and (2) ncsawrap scripts in xmcd 2.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.*pid temporary file. |
| src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop Environment (LXDE) allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rot.jpg temporary file. |
| firehol in firehol 1.256 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/.firehol-tmp-#####-*-* and (2) /tmp/firehol.conf temporary files. NOTE: the vendor disputes this vulnerability, stating that an attack "would require an attacker to create 1073741824*PID-RANGE symlinks. |
| postfix_groups.pl in Postfix 2.5.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/postfix_groups.stdout, (2) /tmp/postfix_groups.stderr, and (3) /tmp/postfix_groups.message temporary files. NOTE: the vendor disputes this vulnerability, stating "This is not a real issue ... users would have to edit a script under /usr/lib to enable it. |
| dfxml-invoice in datafreedom-perl 0.1.7 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/zenity temporary file. NOTE: the vendor disputes this vulnerability, stating that the vector is solely "an EXAMPLE used in the manpage. |
| The save function in br/prefmanager.d in projectl 1.001 creates a projectL.prf file in the current working directory, which allows local users to overwrite arbitrary files via a symlink attack. |
| MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079. |
| acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling. |
| sendbug in freebsd-sendpr 3.113+5.3 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on a /tmp/pr.##### temporary file. |
| Open redirect vulnerability in Menalto Gallery before 2.2.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) Core and (2) print modules. |
| Open redirect vulnerability in command.php in SiteBar 3.3.8 allows remote attackers to redirect users to arbitrary web sites via a URL in the forward parameter in a Log In action. |
| Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a "User Redirect Spam fix," possibly an open redirect vulnerability. |
| mgt-helper in multi-gnome-terminal 1.6.2 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/*.debug or (2) /tmp/*.env temporary file. |
| The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file. |
| ltpmenu in ltp 20060918 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/runltp.mainmenu.##### temporary file. |
| fence_manual, as used in fence 2.02.00-r1 and possibly cman, allows local users to modify arbitrary files via a symlink attack on the fence_manual.fifo temporary file. |
| The AcquireDaemonLock function in ipcdUnix.cpp in Sun Innotek VirtualBox before 2.0.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.vbox-$USER-ipc/lock temporary file. |
