| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is enabled, allows remote attackers to execute arbitrary code via a symlink attack, probably related to a race condition and automatic execution of a downloaded file. |
| feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the feynmf$$.pl temporary file. |
| The pserver_shutdown function in fence_egenera in cman 2.20080629 and 2.20080801 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/eglog temporary file. |
| Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock) by creating the directory before Audacity is run. NOTE: this issue can be leveraged to delete arbitrary files or directories via a symlink attack. |
| extract-table.pl in Emacspeak 26 and 28 allows local users to overwrite arbitrary files via a symlink attack on the extract-table.csv temporary file. |
| Open redirect vulnerability in admin/auth.php in NooMS 1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the g_site_url parameter. |
| Open redirect vulnerability in htdocs/user.php in XOOPS 2.0.18 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the xoops_redirect parameter. |
| plaiter in Plait before 1.6 allows local users to overwrite arbitrary files via a symlink attack on (1) cut.$$, (2) head.$$, (3) awk.$$, and (4) ps.$$ temporary files in /tmp/. |
| MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097. |
| Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory. |
| uulib/uunconc.c in UUDeview 0.5.20, as used in nzbget before 0.3.0 and possibly other products, allows local users to overwrite arbitrary files via a symlink attack on a temporary filename generated by the tempnam function. NOTE: this may be a CVE-2004-2265 regression. |
| BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session. |
| ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the /tmp/resolv.conf.tmp temporary file. |
| screenie in screenie 1.30.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.screenie.##### temporary file. |
| netdisco-mibs-installer 1.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/netdisco-mibs-0.6.tar.gz temporary file, related to the (1) netdisco-mibs-install and (2) netdisco-mibs-download scripts. |
| /bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry. |
| senddoc in OpenOffice.org (OOo) 2.4.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/log.obr.##### temporary file. |
| xmlfile.py in aptoncd 0.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/aptoncd temporary file. |
| dhis-dummy-log-engine in dhis-server 5.3 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/dhis-dummy-log-engine.log temporary file. |
| firehol in firehol 1.256 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/.firehol-tmp-#####-*-* and (2) /tmp/firehol.conf temporary files. NOTE: the vendor disputes this vulnerability, stating that an attack "would require an attacker to create 1073741824*PID-RANGE symlinks. |