Total
1174 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-4108 | 1 Python Software Foundation | 1 Python | 2024-08-07 | N/A |
| Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory. | ||||
| CVE-2008-4098 | 5 Canonical, Debian, Mysql and 2 more | 5 Ubuntu Linux, Debian Linux, Mysql and 2 more | 2024-08-07 | N/A |
| MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097. | ||||
| CVE-2008-4085 | 1 Stephenjungels | 1 Plait | 2024-08-07 | N/A |
| plaiter in Plait before 1.6 allows local users to overwrite arbitrary files via a symlink attack on (1) cut.$$, (2) head.$$, (3) awk.$$, and (4) ps.$$ temporary files in /tmp/. | ||||
| CVE-2008-3930 | 1 Debian | 1 Citadel Server | 2024-08-07 | N/A |
| migrate_aliases.sh in Citadel Server 7.37 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | ||||
| CVE-2008-3946 | 1 Hp | 1 Openvms | 2024-08-07 | N/A |
| The finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to read arbitrary files via a link corresponding to a (1) .plan or (2) .project file. | ||||
| CVE-2008-3931 | 1 R Foundation | 1 R | 2024-08-07 | N/A |
| javareconf in R 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | ||||
| CVE-2008-3929 | 1 Ampache | 1 Ampache | 2024-08-07 | N/A |
| gather-messages.sh in Ampache 3.4.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filelist temporary file. | ||||
| CVE-2008-3927 | 1 Tiger | 1 Tiger | 2024-08-07 | N/A |
| genmsgidx in Tiger 3.2.2 allows local users to overwrite or delete arbitrary files via a symlink attack on temporary files. | ||||
| CVE-2008-3928 | 1 Debian | 1 Honeyd Common | 2024-08-07 | N/A |
| test.sh in Honeyd 1.5c might allow local users to overwrite arbitrary files via a symlink attack on a temporary file. | ||||
| CVE-2008-3883 | 1 Caudium | 1 Caudium | 2024-08-07 | N/A |
| configvar in Caudium 1.4.12 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/roken#####.pike temporary file. | ||||
| CVE-2008-3791 | 1 Lxde | 1 Lightweight X11 Desktop Environment | 2024-08-07 | N/A |
| src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop Environment (LXDE) allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rot.jpg temporary file. | ||||
| CVE-2008-3699 | 1 Amarok | 1 Amarok | 2024-08-07 | N/A |
| The MagnatuneBrowser::listDownloadComplete function in magnatunebrowser/magnatunebrowser.cpp in Amarok before 1.4.10 allows local users to overwrite arbitrary files via a symlink attack on the album_info.xml temporary file. | ||||
| CVE-2008-3521 | 1 Jasper Project | 1 Jasper | 2024-08-07 | N/A |
| Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit. NOTE: this was originally reported as a symlink issue, but this was incorrect. NOTE: some vendors dispute the severity of this issue, but it satisfies CVE's requirements for inclusion. | ||||
| CVE-2008-3524 | 1 Redhat | 2 Fedora, Initscripts | 2024-08-07 | N/A |
| rc.sysinit in initscripts before 8.76.3-1 on Fedora 9 and other Linux platforms allows local users to delete arbitrary files via a symlink attack on a file or directory under (1) /var/lock or (2) /var/run. | ||||
| CVE-2008-3456 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-08-07 | N/A |
| phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack. | ||||
| CVE-2008-3329 | 1 Twibright | 1 Links | 2024-08-07 | N/A |
| Unspecified vulnerability in Links before 2.1, when "only proxies" is enabled, has unknown impact and attack vectors related to providing "URLs to external programs." | ||||
| CVE-2008-3261 | 1 Claroline | 1 Claroline | 2024-08-07 | N/A |
| Open redirect vulnerability in claroline/redirector.php in Claroline before 1.8.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. | ||||
| CVE-2008-3227 | 1 Joomla | 1 Joomla | 2024-08-07 | N/A |
| Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a "User Redirect Spam fix," possibly an open redirect vulnerability. | ||||
| CVE-2008-3216 | 1 Debian | 1 Projectl | 2024-08-07 | N/A |
| The save function in br/prefmanager.d in projectl 1.001 creates a projectL.prf file in the current working directory, which allows local users to overwrite arbitrary files via a symlink attack. | ||||
| CVE-2008-2266 | 2 Nzbget, Uudeview | 2 Nzbget, Uudeview | 2024-08-07 | N/A |
| uulib/uunconc.c in UUDeview 0.5.20, as used in nzbget before 0.3.0 and possibly other products, allows local users to overwrite arbitrary files via a symlink attack on a temporary filename generated by the tempnam function. NOTE: this may be a CVE-2004-2265 regression. | ||||