Total
1174 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2001-1494 | 3 Avaya, Kernel, Redhat | 8 Cvlan, Integrated Management Suit, Interactive Response and 5 more | 2024-08-08 | 5.5 Medium |
script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command. | ||||
CVE-2001-1378 | 2 Fetchmail, Redhat | 2 Fetchmail, Linux | 2024-08-08 | N/A |
fetchmailconf in fetchmail before 5.7.4 allows local users to overwrite files of other users via a symlink attack on temporary files. | ||||
CVE-2001-1386 | 1 Texasimperialsoftware | 1 Wftpd | 2024-08-08 | 7.5 High |
WFTPD 3.00 allows remote attackers to read arbitrary files by uploading a (link) file that ends in a ".lnk." extension, which bypasses WFTPD's check for a ".lnk" extension. | ||||
CVE-2001-1042 | 1 Transsoft | 1 Broker Ftp Server | 2024-08-08 | 7.5 High |
Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file. | ||||
CVE-2001-1043 | 1 Argosoft | 1 Ftp Server | 2024-08-08 | 7.5 High |
ArGoSoft FTP Server 1.2.2.2 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file. | ||||
CVE-2001-0131 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2024-08-08 | 2.9 Low |
htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack. | ||||
CVE-2002-0824 | 1 Freebsd | 1 Point-to-point Protocol Daemon | 2024-08-08 | N/A |
BSD pppd allows local users to change the permissions of arbitrary files via a symlink attack on a file that is specified as a tty device. | ||||
CVE-2002-0793 | 1 Blackberry | 1 Qnx Neutrino Real-time Operating System | 2024-08-08 | 5.5 Medium |
Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 (aka QNX4) allow local users to overwrite arbitrary files via (1) the -f argument to the monitor utility, (2) the -d argument to dumper, (3) the -c argument to crttrap, or (4) using the Watcom sample utility. | ||||
CVE-2002-0725 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2024-08-08 | 5.5 Medium |
NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file. | ||||
CVE-2003-1528 | 1 Fujitsu | 1 Siemens Networker | 2024-08-08 | N/A |
nsr_shutdown in Fujitsu Siemens NetWorker 6.0 allows local users to overwrite arbitrary files via a symlink attack on the nsrsh[PID] temporary file. | ||||
CVE-2003-1492 | 2 Mozilla, Netscape | 2 Firefox, Navigator | 2024-08-08 | N/A |
Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end. | ||||
CVE-2003-1233 | 1 Pedestalsoftware | 1 Integrity Protection Driver | 2024-08-08 | 9.8 Critical |
Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers, such as rootkits, to bypass file access restrictions to the Windows kernel by using the NtCreateSymbolicLinkObject function to create a symbolic link to (1) \Device\PhysicalMemory or (2) to a drive letter using the subst command. | ||||
CVE-2003-0844 | 1 Schroepl | 1 Mod Gzip | 2024-08-08 | 7.1 High |
mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled. | ||||
CVE-2003-0578 | 1 Ibm | 1 U2 Universe | 2024-08-08 | 7.8 High |
cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files. | ||||
CVE-2003-0517 | 1 Mgetty Project | 1 Mgetty | 2024-08-08 | 5.5 Medium |
faxrunqd.in in mgetty 1.1.28 and earlier allows local users to overwrite files via a symlink attack on JOB files. | ||||
CVE-2004-2473 | 1 Wmfrog | 1 Wmfrog | 2024-08-08 | N/A |
wmFrog weather monitor 0.1.6 and other versions before 0.2.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | ||||
CVE-2004-1901 | 1 Gentoo | 2 Linux, Portage | 2024-08-08 | 5.5 Medium |
Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles. | ||||
CVE-2004-1603 | 1 Cpanel | 1 Cpanel | 2024-08-08 | 5.5 Medium |
cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled. | ||||
CVE-2004-0967 | 2 Aladdin Enterprises, Redhat | 2 Ghostscript, Enterprise Linux | 2024-08-08 | N/A |
The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files. | ||||
CVE-2004-0689 | 3 Debian, Kde, Redhat | 3 Debian Linux, Kde, Enterprise Linux | 2024-08-08 | 7.1 High |
KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files. |