Total
1381 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-4908 | 2 Crossfire, Debian | 2 Crossfire, Debian Linux | 2025-04-09 | N/A |
| maps/Info/combine.pl in CrossFire crossfire-maps 1.11.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | ||||
| CVE-2008-6762 | 1 Wordpress | 1 Wordpress | 2025-04-09 | N/A |
| Open redirect vulnerability in wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backto parameter. | ||||
| CVE-2008-5135 | 1 Debian | 1 Os-prober | 2025-04-09 | N/A |
| os-prober in os-prober 1.17 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/mounted-map or (2) /tmp/raided-map temporary file. NOTE: the vendor disputes this issue, stating "the insecure code path should only ever run inside a d-i environment, which has no non-root users. | ||||
| CVE-2007-5377 | 1 Gnu | 1 Tramp | 2025-04-09 | N/A |
| The (1) tramp-make-temp-file and (2) tramp-make-tramp-temp-file functions in Tramp 2.1.10 extension for Emacs, and possibly earlier 2.1.x versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files. | ||||
| CVE-2007-5200 | 1 Opensuse | 1 Opensuse | 2025-04-09 | N/A |
| hugin, as used on various operating systems including SUSE openSUSE 10.2 and 10.3, allows local users to overwrite arbitrary files via a symlink attack on the hugin_debug_optim_results.txt temporary file. | ||||
| CVE-2008-3329 | 1 Twibright | 1 Links | 2025-04-09 | N/A |
| Unspecified vulnerability in Links before 2.1, when "only proxies" is enabled, has unknown impact and attack vectors related to providing "URLs to external programs." | ||||
| CVE-2007-4998 | 1 Linux | 1 Linux Kernel | 2025-04-09 | N/A |
| cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination. | ||||
| CVE-2008-1241 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2025-04-09 | N/A |
| GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 allows remote attackers to spoof form elements and redirect user inputs via a borderless XUL pop-up window from a background tab. | ||||
| CVE-2008-1199 | 2 Dovecot, Redhat | 2 Dovecot, Enterprise Linux | 2025-04-09 | N/A |
| Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack. | ||||
| CVE-2009-4030 | 3 Mysql, Oracle, Redhat | 3 Mysql, Mysql, Enterprise Linux | 2025-04-09 | N/A |
| MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079. | ||||
| CVE-2008-3524 | 1 Redhat | 2 Fedora, Initscripts | 2025-04-09 | N/A |
| rc.sysinit in initscripts before 8.76.3-1 on Fedora 9 and other Linux platforms allows local users to delete arbitrary files via a symlink attack on a file or directory under (1) /var/lock or (2) /var/run. | ||||
| CVE-2007-3103 | 2 Fedoraproject, Redhat | 4 Fedora Core, Enterprise Linux, Enterprise Linux Desktop and 1 more | 2025-04-09 | N/A |
| The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file. | ||||
| CVE-2007-1027 | 1 Ibm | 1 Db2 | 2025-04-09 | N/A |
| Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file. | ||||
| CVE-2008-0870 | 2 Bea Systems, Oracle | 2 Weblogic Portal, Weblogic Portal | 2025-04-09 | N/A |
| BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session. | ||||
| CVE-2008-3521 | 1 Jasper Project | 1 Jasper | 2025-04-09 | N/A |
| Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit. NOTE: this was originally reported as a symlink issue, but this was incorrect. NOTE: some vendors dispute the severity of this issue, but it satisfies CVE's requirements for inclusion. | ||||
| CVE-2008-4284 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| Open redirect vulnerability in the ibm_security_logout servlet in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.x versions, 6.0.x before 6.0.2.33, and 6.1.x before 6.1.0.23 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage feature. | ||||
| CVE-2009-0473 | 1 Rockwellautomation | 1 Controllogix 1756-enbt\/a Ethernet\/ Ip Bridge | 2025-04-09 | N/A |
| Open redirect vulnerability in the web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||||
| CVE-2008-0525 | 3 Lumension Security, Novell, Unix | 3 Patchlink Update, Zenworks Patch Management Update Agent, Unix | 2025-04-09 | N/A |
| PatchLink Update client for Unix, as used by Novell ZENworks Patch Management Update Agent for Linux/Unix/Mac (LUM) 6.2094 through 6.4102 and other products, allows local users to (1) truncate arbitrary files via a symlink attack on the /tmp/patchlink.tmp file used by the logtrimmer script, and (2) execute arbitrary code via a symlink attack on the /tmp/plshutdown file used by the rebootTask script. | ||||
| CVE-2007-3921 | 1 Gforge | 1 Gforge | 2025-04-09 | N/A |
| gforge 3.1 and 4.5.14 allows local users to truncate arbitrary files via a symlink attack on temporary files. | ||||
| CVE-2008-3261 | 1 Claroline | 1 Claroline | 2025-04-09 | N/A |
| Open redirect vulnerability in claroline/redirector.php in Claroline before 1.8.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. | ||||