Total
1269 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-0461 | 1 Opensuse | 1 Opensuse | 2025-04-11 | 6.3 MEDIUM | N/A |
/etc/init.d/boot.localfs in the aaa_base package before 11.2-43.48.1 in SUSE openSUSE 11.2, and before 11.3-8.7.1 in openSUSE 11.3, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/mtab. | |||||
CVE-2011-0441 | 1 Php | 1 Php | 2025-04-11 | 6.3 MEDIUM | N/A |
The Debian GNU/Linux /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/. | |||||
CVE-2013-1423 | 1 Fusionforge | 1 Fusionforge | 2025-04-11 | 6.9 MEDIUM | N/A |
(1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, (3) deb-specific/fileforge.pl, (4) deb-specific/group_dump_update.pl, (5) deb-specific/ssh_dump_update.pl, (6) deb-specific/user_dump_update.pl, (7) plugins/scmbzr/common/BzrPlugin.class.php, (8) plugins/scmcvs/common/CVSPlugin.class.php, (9) plugins/scmcvs/cronjobs/cvs.php, (10) plugins/scmcvs/cronjobs/ssh_create.php, (11) plugins/scmgit/common/GitPlugin.class.php, (12) plugins/scmsvn/common/SVNPlugin.class.php, (13) plugins/wiki/cronjobs/create_groups.php, (14) utils/cvs1/cvscreate.sh, and (15) utils/include.pl in FusionForge 5.0, 5.1, and 5.2 allows local users to change arbitrary file permissions, obtain sensitive information, and have other unspecified impacts via a (1) symlink or (2) hard link attack on certain files. | |||||
CVE-2010-2794 | 2 Mozilla, Redhat | 2 Firefox, Spice-xpi | 2025-04-11 | 3.3 LOW | N/A |
The SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to overwrite arbitrary files via a symlink attack on an unspecified log file. | |||||
CVE-2009-5007 | 1 Cisco | 1 Anyconnect Ssl Vpn | 2025-04-11 | 3.3 LOW | N/A |
The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files. | |||||
CVE-2012-0786 | 1 Augeas | 1 Augeas | 2025-04-11 | 3.3 LOW | N/A |
The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augnew file. | |||||
CVE-2010-0789 | 1 Fuse | 1 Fuse | 2025-04-11 | 3.3 LOW | N/A |
fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local users to unmount an arbitrary FUSE filesystem share via a symlink attack on a mountpoint. | |||||
CVE-2010-0832 | 1 Canonical | 1 Ubuntu Linux | 2025-04-11 | 6.9 MEDIUM | N/A |
pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to "user file stamps" and the motd.legal-notice file. | |||||
CVE-2010-3691 | 1 Apereo | 1 Phpcas | 2025-04-11 | 3.3 LOW | N/A |
PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file. | |||||
CVE-2013-1495 | 1 Oracle | 1 Support Tools | 2025-04-11 | 6.9 MEDIUM | N/A |
asr in Oracle Auto Service Request in Oracle Support Tools before 4.3.2 allows local users to modify arbitrary files via a symlink attack on a predictable filename in /tmp. | |||||
CVE-2013-1976 | 1 Redhat | 2 Enterprise Linux, Jboss Enterprise Web Server | 2025-04-11 | 6.9 MEDIUM | N/A |
The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log. | |||||
CVE-2012-2093 | 1 Gajim | 1 Gajim | 2025-04-11 | 3.3 LOW | N/A |
src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary files via a symlink attack on a temporary latex file, related to the get_tmpfile_name function. | |||||
CVE-2013-0200 | 2 Hp, Redhat | 2 Linux Imaging And Printing Project, Enterprise Linux | 2025-04-11 | 1.9 LOW | N/A |
HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5) /tmp/hpps_job#.out temporary file, a different vulnerability than CVE-2011-2722. | |||||
CVE-2011-1073 | 2 Apple, Freebsd | 2 Mac Os X, Freebsd | 2025-04-11 | 1.9 LOW | N/A |
crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users to (1) determine the existence of arbitrary files via a symlink attack on a /tmp/crontab.XXXXXXXXXX temporary file and (2) perform MD5 checksum comparisons on arbitrary pairs of files via two symlink attacks on /tmp/crontab.XXXXXXXXXX temporary files. | |||||
CVE-2012-4455 | 1 Opencryptoki Project | 1 Opencryptoki | 2025-04-11 | 6.2 MEDIUM | N/A |
openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) LCK..opencryptoki or (2) LCK..opencryptoki_stdll file in /var/lock/. | |||||
CVE-2011-2185 | 1 Fabfile | 1 Fabric | 2025-04-11 | 4.4 MEDIUM | N/A |
Fabric before 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on (1) a /tmp/fab.*.tar file or (2) certain other files in the top level of /tmp/. | |||||
CVE-2011-1072 | 1 Php | 1 Pear | 2025-04-11 | 3.3 LOW | N/A |
The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519. | |||||
CVE-2012-6348 | 1 Centrify | 2 Centrify Deployment Manager, Centrify Suite | 2025-04-11 | 3.3 LOW | N/A |
Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file, or (2) overwrite arbitrary files and consequently gain privileges via a symlink attack on the centrify.cmd.0 temporary file. | |||||
CVE-2009-5081 | 1 Gnu | 1 Groff | 2025-04-11 | 3.3 LOW | N/A |
The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2004-0969. | |||||
CVE-2013-4169 | 1 Gnome | 1 Gnome Display Manager | 2025-04-11 | 6.9 MEDIUM | N/A |
GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/. |