Vulnerabilities (CVE)

Filtered by CWE-59
Total 1264 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-3742 1 Apple 2 Iphone, Safari 2025-04-09 4.3 MEDIUM N/A
WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name (IDN) support and Unicode fonts, which allows remote attackers to create a URL containing "look-alike characters" (homographs) and possibly perform phishing attacks.
CVE-2009-0473 1 Rockwellautomation 1 Controllogix 1756-enbt\/a Ethernet\/ Ip Bridge 2025-04-09 6.8 MEDIUM N/A
Open redirect vulnerability in the web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2008-1103 1 Blender 1 Blender 2025-04-09 6.9 MEDIUM N/A
Multiple unspecified vulnerabilities in Blender have unknown impact and attack vectors, related to "temporary file issues."
CVE-2008-5256 1 Virtualox 1 Virtualox 2025-04-09 4.4 MEDIUM N/A
The AcquireDaemonLock function in ipcdUnix.cpp in Sun Innotek VirtualBox before 2.0.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.vbox-$USER-ipc/lock temporary file.
CVE-2008-4957 1 Gccxml 1 Gccxml 2025-04-09 6.9 MEDIUM N/A
find_flags in Kitware GCC-XML (gccxml) 0.9.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.cxx temporary file.
CVE-2008-4942 1 Audiolink 1 Audiolink 2025-04-09 6.9 MEDIUM N/A
audiolink in audiolink 0.05 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/audiolink.db.tmp and (2) /tmp/audiolink.tb.tmp temporary files.
CVE-2008-4949 1 Manoj Srivastava 1 Dist 2025-04-09 6.9 MEDIUM N/A
dist 3.5 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/cil#####, (b) /tmp/pdo#####, and (c) /tmp/pdn##### temporary files, related to the (1) patcil and (2) patdiff scripts.
CVE-2007-4998 1 Linux 1 Linux Kernel 2025-04-09 6.9 MEDIUM N/A
cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination.
CVE-2008-4938 1 Aegis 2 Aegis, Aegis-web 2025-04-09 6.9 MEDIUM N/A
aegis 4.24 and aegis-web 4.24 allow local users to overwrite arbitrary files via a symlink attack on (a) /tmp/#####, (b) /tmp/#####.intro, (c) /tmp/aegis.#####.ae, (d) /tmp/aegis.#####, (e) /tmp/aegis.#####.1, (f) /tmp/aegis.#####.2, (g) /tmp/aegis.#####.log, and (h) /tmp/aegis.#####.out temporary files, related to the (1) bng_dvlpd.sh, (2) bng_rvwd.sh, (3) awt_dvlp.sh, (4) awt_intgrtn.sh, and (5) aegis.cgi scripts.
CVE-2007-2978 1 Eggblog 1 Eggblog 2025-04-09 6.8 MEDIUM N/A
Session fixation vulnerability in eggblog 3.1.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
CVE-2008-2311 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 7.6 HIGH N/A
Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is enabled, allows remote attackers to execute arbitrary code via a symlink attack, probably related to a race condition and automatic execution of a downloaded file.
CVE-2008-2389 1 Opensuse 1 Opensuse 2025-04-09 4.9 MEDIUM N/A
opensuse-updater in openSUSE 10.2 allows local users to access arbitrary files via a symlink attack.
CVE-2008-4978 1 Radiance 1 Radiance 2025-04-09 6.9 MEDIUM N/A
radiance 3R9+20080530 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/opt.fmt, (b) /tmp/out#####.fmt, (c) /tmp/tf#####.dat, (d) /tmp/gsf#####, (e) /tmp/sc#####.sh, (f) /tmp/il#####.pic, (g) /tmp/tl#####.pic, (h) /tmp/ds#####.pic, (i) /tmp/tfa#####, and (j) /tmp/sed##### temporary files, related to the (1) optics2rad, (2) pdelta, (3) dayfact, and (4) raddepend scripts.
CVE-2008-4085 1 Stephenjungels 1 Plait 2025-04-09 4.4 MEDIUM N/A
plaiter in Plait before 1.6 allows local users to overwrite arbitrary files via a symlink attack on (1) cut.$$, (2) head.$$, (3) awk.$$, and (4) ps.$$ temporary files in /tmp/.
CVE-2007-5805 1 Ibm 1 Aix 2025-04-09 6.9 MEDIUM N/A
cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create an arbitrary file, and enable world writability of this file, via a symlink attack involving use of the file's name as the argument. NOTE: this issue is due to an incomplete fix for CVE-2007-5804.
CVE-2009-0416 1 Standards Based Linux Instrumentation 1 Sblim-sfcb 2025-04-09 6.9 MEDIUM N/A
The SSL certificate setup program (genSslCert.sh) in Standards Based Linux Instrumentation for Manageability (SBLIM) sblim-sfcb 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /var/tmp/key.pem, (2) /var/tmp/cert.pem, and (3) /var/tmp/ssl.cnf temporary files.
CVE-2008-4987 1 Xastir 1 Xastir 2025-04-09 6.9 MEDIUM N/A
xastir 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/ldconfig.tmp, (b) /tmp/ldconf.tmp, and (c) /tmp/ld.so.conf temporary files, related to the (1) get-maptools.sh and (2) get_shapelib.sh scripts.
CVE-2008-4440 1 Debian 1 Feta 2025-04-09 7.2 HIGH N/A
The to-upgrade plugin in feta 1.4.16 allows local users to overwrite arbitrary files via a symlink on the (1) /tmp/feta.install.$USER and (2) /tmp/feta.avail.$USER temporary files.
CVE-2008-5367 1 Marco D\'itri 1 Ppp-udeb 2025-04-09 6.9 MEDIUM N/A
ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the /tmp/resolv.conf.tmp temporary file.
CVE-2008-0870 2 Bea Systems, Oracle 2 Weblogic Portal, Weblogic Portal 2025-04-09 7.5 HIGH N/A
BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session.