Total
1037 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-5313 | 1 Mailscanner | 1 Mailscanner | 2023-12-10 | 6.9 MEDIUM | N/A |
mailscanner 4.68.8 and other versions before 4.74.16-1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files used by the (1) f-prot-autoupdate, (2) clamav-autoupdate, (3) avast-autoupdate, and (4) f-prot-6-autoupdate scripts in /etc/MailScanner/autoupdate/; the (5) bitdefender-wrapper, (6) kaspersky-wrapper, (7) clamav-wrapper, and (8) rav-wrapper scripts in /etc/MailScanner/wrapper/; the (9) Quarantine.pm, (10) TNEF.pm, (11) MessageBatch.pm, (12) WorkArea.pm, and (13) SA.pm scripts in /usr/share/MailScanner/MailScanner/; (14) /usr/sbin/MailScanner; and (15) scripts that load the /etc/MailScanner/mailscanner.conf.with.mcp configuration file. | |||||
CVE-2008-3216 | 1 Debian | 1 Projectl | 2023-12-10 | 4.6 MEDIUM | N/A |
The save function in br/prefmanager.d in projectl 1.001 creates a projectL.prf file in the current working directory, which allows local users to overwrite arbitrary files via a symlink attack. | |||||
CVE-2008-4945 | 1 Tivano | 1 Cdrw-taper | 2023-12-10 | 6.9 MEDIUM | N/A |
amlabel-cdrw in cdrw-taper 0.4 might allow local users to overwrite arbitrary files via a symlink attack involving a /tmp/amlabel-cdrw.##### temporary directory. | |||||
CVE-2008-4955 | 1 Duncan Webb | 1 Freevo | 2023-12-10 | 6.2 MEDIUM | N/A |
freevo.real in freevo 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/*-#####.pid, (2) /tmp/freevo-gdb, (3) /tmp/freevo-gdb.sh, and (4) /tmp/*.stats temporary files. NOTE: this issue is only a vulnerability when a verbose debug mode is activated by modifying source code. | |||||
CVE-2009-1893 | 2 Isc, Redhat | 2 Dhcp, Enterprise Linux | 2023-12-10 | 6.9 MEDIUM | N/A |
The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise Linux (RHEL) 3 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file, related to the "dhcpd -t" command. | |||||
CVE-2008-4957 | 1 Gccxml | 1 Gccxml | 2023-12-10 | 6.9 MEDIUM | N/A |
find_flags in Kitware GCC-XML (gccxml) 0.9.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.cxx temporary file. | |||||
CVE-2009-4135 | 3 Canonical, Fedoraproject, Gnu | 3 Ubuntu Linux, Fedora, Coreutils | 2023-12-10 | 4.4 MEDIUM | N/A |
The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp. | |||||
CVE-2008-1901 | 1 Debian | 1 Aptlinex | 2023-12-10 | 7.2 HIGH | N/A |
aptlinex before 0.91 allows local users to overwrite arbitrary files via a symlink attack on the gambas-apt.lock temporary file. | |||||
CVE-2008-4976 | 1 Alan Woodland | 2 Ogle, Ogle-mmx | 2023-12-10 | 6.9 MEDIUM | N/A |
ogle 0.9.2 and ogle-mmx 0.9.2 allow local users to overwrite arbitrary files via a symlink attack on (a) /tmp/ogle_audio.#####, (b) /tmp/ogle_cli.#####, (c) /tmp/ogle_ctrl.#####, (d) /tmp/ogle_gui.#####, (e) /tmp/ogle_mpeg_ps.#####, (f) /tmp/ogle_mpeg_vs.#####, (g) /tmp/ogle_nav.#####, and (h) /tmp/ogle_vout.#####, temporary files, related to the (1) ogle_audio_debug, (2) ogle_cli_debug, (3) ogle_ctrl_debug, (4) ogle_gui_debug, (5) ogle_mpeg_ps_debug, (6) ogle_mpeg_vs_debug, (7) ogle_nav_debug, and (8) ogle_vout_debug scripts. | |||||
CVE-2008-4104 | 1 Joomla | 1 Joomla | 2023-12-10 | 5.8 MEDIUM | N/A |
Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL. | |||||
CVE-2008-5394 | 1 Debian | 1 Shadow | 2023-12-10 | 7.2 HIGH | N/A |
/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry. | |||||
CVE-2008-6759 | 1 Viart | 1 Viart Shop | 2023-12-10 | 4.3 MEDIUM | N/A |
ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain sensitive information via a URL in the POST_DATA parameter to manuals_search.php, which reveals the installation path in an error message. | |||||
CVE-2008-5379 | 1 Oliver Gorwits | 1 Netdisco Mibs Installer | 2023-12-10 | 6.9 MEDIUM | N/A |
netdisco-mibs-installer 1.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/netdisco-mibs-0.6.tar.gz temporary file, related to the (1) netdisco-mibs-install and (2) netdisco-mibs-download scripts. | |||||
CVE-2008-5371 | 1 Marc Gloor | 1 Screenie | 2023-12-10 | 6.9 MEDIUM | N/A |
screenie in screenie 1.30.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.screenie.##### temporary file. | |||||
CVE-2008-4987 | 1 Xastir | 1 Xastir | 2023-12-10 | 6.9 MEDIUM | N/A |
xastir 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/ldconfig.tmp, (b) /tmp/ldconf.tmp, and (c) /tmp/ld.so.conf temporary files, related to the (1) get-maptools.sh and (2) get_shapelib.sh scripts. | |||||
CVE-2008-3524 | 1 Redhat | 2 Fedora, Initscripts | 2023-12-10 | 4.7 MEDIUM | N/A |
rc.sysinit in initscripts before 8.76.3-1 on Fedora 9 and other Linux platforms allows local users to delete arbitrary files via a symlink attack on a file or directory under (1) /var/lock or (2) /var/run. | |||||
CVE-2008-4949 | 1 Manoj Srivastava | 1 Dist | 2023-12-10 | 6.9 MEDIUM | N/A |
dist 3.5 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/cil#####, (b) /tmp/pdo#####, and (c) /tmp/pdn##### temporary files, related to the (1) patcil and (2) patdiff scripts. | |||||
CVE-2008-4951 | 1 Gplhost | 1 Dtc-common | 2023-12-10 | 6.9 MEDIUM | N/A |
dtc 0.29.6 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/awstats.log, (b) /tmp/spam.log.#####, and (c) /tmp/spam_err.log temporary files, related to the (1) accesslog.php and (2) sa-wrapper scripts. | |||||
CVE-2008-4985 | 1 Cadsoft | 1 Vdr | 2023-12-10 | 6.9 MEDIUM | N/A |
vdrleaktest in Video Disk Recorder (aka vdr-dbg or vdr) 1.6.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/memleaktest.log temporary file. | |||||
CVE-2009-0321 | 2 Apple, Microsoft | 2 Safari, Windows | 2023-12-10 | 4.3 MEDIUM | N/A |
Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote attackers to cause a denial of service (infinite loop or access violation) via a link to an http URI in which the authority (aka hostname) portion is either a (1) . (dot) or (2) .. (dot dot) sequence. |