Search Results (1815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1901 1 Gentoo 2 Linux, Portage 2026-04-16 5.5 Medium
Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles.
CVE-2004-0689 3 Debian, Kde, Redhat 3 Debian Linux, Kde, Enterprise Linux 2026-04-16 7.1 High
KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files.
CVE-2005-1879 1 Lutel 1 Lutelwall 2026-04-16 5.5 Medium
LutelWall 0.97 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.
CVE-2004-0967 2 Aladdin Enterprises, Redhat 2 Ghostscript, Enterprise Linux 2026-04-16 N/A
The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files.
CVE-2002-2382 1 Cvsup 1 Cvsup 2026-04-16 N/A
cvsupd.sh in CVSup 1.2 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on /var/tmp/cvsupd.out.
CVE-2004-0217 2 Redhat, Symantec 2 Linux, Antivirus Scan Engine 2026-04-16 7.0 High
The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or append to arbitrary files via a symlink attack on /tmp/LiveUpdate.log.
CVE-2005-1111 4 Canonical, Debian, Gnu and 1 more 4 Ubuntu Linux, Debian Linux, Cpio and 1 more 2026-04-16 4.7 Medium
Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
CVE-2000-0972 1 Hp 1 Hp-ux 2026-04-16 5.5 Medium
HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates.
CVE-2003-0517 1 Mgetty Project 1 Mgetty 2026-04-16 5.5 Medium
faxrunqd.in in mgetty 1.1.28 and earlier allows local users to overwrite files via a symlink attack on JOB files.
CVE-2005-3011 2 Gnu, Redhat 2 Texinfo, Enterprise Linux 2026-04-16 N/A
The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2005-0004 3 Debian, Mariadb, Oracle 3 Debian Linux, Mariadb, Mysql 2026-04-16 N/A
The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.
CVE-2002-2323 1 Sun 1 Solaris Pc Netlink 2026-04-16 7.5 High
Sun PC NetLink 1.0 through 1.2 does not properly set the access control list (ACL) for files and directories that use symbolic links and have been restored from backup, which could allow local or remote attackers to bypass intended access restrictions.
CVE-2002-2374 1 Sun 1 Patchpro 2026-04-16 N/A
Unspecified vulnerability in pprosetup in Sun PatchPro 2.0 has unknown impact and attack vectors related to "unsafe use of temporary files."
CVE-2003-1233 1 Pedestalsoftware 1 Integrity Protection Driver 2026-04-16 9.8 Critical
Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers, such as rootkits, to bypass file access restrictions to the Windows kernel by using the NtCreateSymbolicLinkObject function to create a symbolic link to (1) \Device\PhysicalMemory or (2) to a drive letter using the subst command.
CVE-2005-0587 1 Mozilla 2 Firefox, Mozilla 2026-04-16 6.5 Medium
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.
CVE-2003-1528 1 Fujitsu 1 Siemens Networker 2026-04-16 N/A
nsr_shutdown in Fujitsu Siemens NetWorker 6.0 allows local users to overwrite arbitrary files via a symlink attack on the nsrsh[PID] temporary file.
CVE-2001-1386 1 Texasimperialsoftware 1 Wftpd 2026-04-16 7.5 High
WFTPD 3.00 allows remote attackers to read arbitrary files by uploading a (link) file that ends in a ".lnk." extension, which bypasses WFTPD's check for a ".lnk" extension.
CVE-1999-0794 1 Microsoft 2 Excel, Office 2026-04-16 N/A
Microsoft Excel does not warn a user when a macro is present in a Symbolic Link (SYLK) format file.
CVE-1999-1386 1 Perl 1 Perl 2026-04-16 5.5 Medium
Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.
CVE-2004-2473 1 Wmfrog 1 Wmfrog 2026-04-16 N/A
wmFrog weather monitor 0.1.6 and other versions before 0.2.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.