Total
1026 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-5378 | 1 Lehrstuhl Fur Mikrobiologie | 1 Arb | 2023-12-10 | 6.9 MEDIUM | N/A |
arb-kill in arb 0.0.20071207.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/arb_pids_*_* temporary file. | |||||
CVE-2008-4979 | 1 Shrubbery | 1 Rancid | 2023-12-10 | 6.9 MEDIUM | N/A |
getipacctg in rancid 2.3.2~a8 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/ipacct.#####.prefixes, (2) /tmp/ipacct.#####.sorted, (3) /tmp/ipacct.#####.pl, and (4) /tmp/ipacct.##### temporary files. | |||||
CVE-2008-6397 | 1 Alcovebook | 1 Sgml2x | 2023-12-10 | 4.4 MEDIUM | N/A |
rlatex in AlcoveBook sgml2x 1.0.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
CVE-2008-6762 | 1 Wordpress | 1 Wordpress | 2023-12-10 | 4.3 MEDIUM | N/A |
Open redirect vulnerability in wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backto parameter. | |||||
CVE-2008-4983 | 1 Scilab | 1 Scilab-bin | 2023-12-10 | 6.9 MEDIUM | N/A |
scilab-bin 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/SciLink#####1, (b) /tmp/SciLink#####2, (c) /tmp/SciLink#####3, (d) /tmp/*.#####, (e) /tmp/*.#####.res, (f) /tmp/*.#####.err, and (g) /tmp/*.#####.diff temporary files, related to the (1) scilink, (2) scidoc, and (3) scidem scripts. | |||||
CVE-2008-4190 | 2 Openswan, Xelerance | 2 Openswan, Openswan | 2023-12-10 | 4.4 MEDIUM | N/A |
The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files. NOTE: in many distributions and the upstream version, this tool has been disabled. | |||||
CVE-2008-4284 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in the ibm_security_logout servlet in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.x versions, 6.0.x before 6.0.2.33, and 6.1.x before 6.1.0.23 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage feature. | |||||
CVE-2008-1103 | 1 Blender | 1 Blender | 2023-12-10 | 6.9 MEDIUM | N/A |
Multiple unspecified vulnerabilities in Blender have unknown impact and attack vectors, related to "temporary file issues." | |||||
CVE-2009-4030 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2023-12-10 | 4.4 MEDIUM | N/A |
MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079. | |||||
CVE-2008-4946 | 1 Convirture | 1 Convirt | 2023-12-10 | 6.9 MEDIUM | N/A |
convirt 0.8.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/set_output temporary file, related to the (1) _template_/provision.sh, (2) Linux_CD_Install/provision.sh, (3) Fedora_PV_Install/provision.sh, (4) CentOS_PV_Install/provision.sh, (5) common/provision.sh, (6) example/provision.sh, and (7) Windows_CD_Install/provision.sh scripts in image_store/. | |||||
CVE-2008-4984 | 1 Freedesktop | 1 Scratchbox2 | 2023-12-10 | 6.9 MEDIUM | N/A |
scratchbox2 1.99.0.24 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/dpkg.#####.tmp, (b) /tmp/missing_deps.#####, and (c) /tmp/sb2-pkg-chk.$tstamp.##### temporary files, related to the (1) dpkg-checkbuilddeps and (2) sb2-check-pkg-mappings scripts. | |||||
CVE-2008-4440 | 1 Debian | 1 Feta | 2023-12-10 | 7.2 HIGH | N/A |
The to-upgrade plugin in feta 1.4.16 allows local users to overwrite arbitrary files via a symlink on the (1) /tmp/feta.install.$USER and (2) /tmp/feta.avail.$USER temporary files. | |||||
CVE-2007-5664 | 1 Ibm | 1 Db2 Universal Database | 2023-12-10 | 6.9 MEDIUM | N/A |
db2dasrrm in the DB2 Administration Server (DAS) in IBM DB2 Universal Database 9.5 before Fix Pack 1, 9.1 before Fix Pack 4a, and 8 before FixPak 16 allows local users to overwrite arbitrary files via a symlink attack on files used for initialization. | |||||
CVE-2008-5154 | 1 Koeniglich | 1 P3nfs | 2023-12-10 | 6.9 MEDIUM | N/A |
bluetooth.rc in p3nfs 5.19 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/blue.log temporary file. | |||||
CVE-2008-4960 | 1 Dov Grobgeld | 1 Impose\+ | 2023-12-10 | 6.9 MEDIUM | N/A |
impose in impose+ 0.2 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/*-tmp.ps and (2) /tmp/bboxx-* temporary files. | |||||
CVE-2008-4974 | 1 Netmrg | 1 Netmrg | 2023-12-10 | 6.9 MEDIUM | N/A |
rrdedit in netmrg 0.20 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/*.xml and (2) /tmp/*.backup temporary files. | |||||
CVE-2008-7247 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2023-12-10 | 6.0 MEDIUM | N/A |
sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink. | |||||
CVE-2008-4968 | 1 Bitmover | 1 Lmbench | 2023-12-10 | 6.9 MEDIUM | N/A |
The (1) rccs and (2) STUFF scripts in lmbench 3.0-a7 allow local users to overwrite arbitrary files via a symlink attack on a /tmp/sdiff.##### temporary file. | |||||
CVE-2008-5146 | 1 Erl Wustl | 1 Ctn | 2023-12-10 | 6.9 MEDIUM | N/A |
add-accession-numbers in ctn 3.0.6 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/accession temporary file. | |||||
CVE-2007-5495 | 2 Redhat, Selinux | 3 Enterprise Linux, Enterprise Linux Desktop, Setroubleshoot | 2023-12-10 | 4.4 MEDIUM | N/A |
sealert in setroubleshoot 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the sealert.log temporary file. |