Total
1401 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-2991 | 1 Ncompress | 1 Ncompress | 2025-04-03 | 5.0 Medium |
| ncompress 4.2.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files using (1) zdiff or (2) zcmp, a different vulnerability than CVE-2004-0970. | ||||
| CVE-2002-0824 | 1 Freebsd | 1 Point-to-point Protocol Daemon | 2025-04-03 | N/A |
| BSD pppd allows local users to change the permissions of arbitrary files via a symlink attack on a file that is specified as a tty device. | ||||
| CVE-2003-0517 | 1 Mgetty Project | 1 Mgetty | 2025-04-03 | 5.5 Medium |
| faxrunqd.in in mgetty 1.1.28 and earlier allows local users to overwrite files via a symlink attack on JOB files. | ||||
| CVE-2000-1178 | 1 Joseph Allen | 1 Joe | 2025-04-03 | 5.5 Medium |
| Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes. | ||||
| CVE-2005-3349 | 1 Gnu | 1 Gnump3d | 2025-04-03 | N/A |
| GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file. | ||||
| CVE-2005-1880 | 1 Everybuddy | 1 Everybuddy | 2025-04-03 | 5.5 Medium |
| everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget. | ||||
| CVE-2005-0587 | 1 Mozilla | 2 Firefox, Mozilla | 2025-04-03 | 6.5 Medium |
| Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file. | ||||
| CVE-2000-0342 | 1 Qualcomm | 1 Eudora | 2025-04-03 | 7.5 High |
| Eudora 4.x allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka "Stealth Attachment." | ||||
| CVE-2002-2374 | 1 Sun | 1 Patchpro | 2025-04-03 | N/A |
| Unspecified vulnerability in pprosetup in Sun PatchPro 2.0 has unknown impact and attack vectors related to "unsafe use of temporary files." | ||||
| CVE-2006-1247 | 1 Ibm | 1 Aix | 2025-04-03 | N/A |
| rm_mlcache_file in bos.rte.install in AIX 5.1.0 through 5.3.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | ||||
| CVE-2003-1528 | 1 Fujitsu | 1 Siemens Networker | 2025-04-03 | N/A |
| nsr_shutdown in Fujitsu Siemens NetWorker 6.0 allows local users to overwrite arbitrary files via a symlink attack on the nsrsh[PID] temporary file. | ||||
| CVE-1999-0783 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 5.5 Medium |
| FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system. | ||||
| CVE-2005-0004 | 3 Debian, Mariadb, Oracle | 3 Debian Linux, Mariadb, Mysql | 2025-04-03 | N/A |
| The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files. | ||||
| CVE-2005-3011 | 2 Gnu, Redhat | 2 Texinfo, Enterprise Linux | 2025-04-03 | N/A |
| The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files. | ||||
| CVE-2004-0967 | 2 Aladdin Enterprises, Redhat | 2 Ghostscript, Enterprise Linux | 2025-04-03 | N/A |
| The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files. | ||||
| CVE-2004-0217 | 2 Redhat, Symantec | 2 Linux, Antivirus Scan Engine | 2025-04-03 | 7.0 High |
| The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or append to arbitrary files via a symlink attack on /tmp/LiveUpdate.log. | ||||
| CVE-2004-0689 | 3 Debian, Kde, Redhat | 3 Debian Linux, Kde, Enterprise Linux | 2025-04-03 | 7.1 High |
| KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files. | ||||
| CVE-2002-0725 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 5.5 Medium |
| NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file. | ||||
| CVE-2005-1111 | 4 Canonical, Debian, Gnu and 1 more | 4 Ubuntu Linux, Debian Linux, Cpio and 1 more | 2025-04-03 | 4.7 Medium |
| Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete. | ||||
| CVE-2004-1603 | 1 Cpanel | 1 Cpanel | 2025-04-03 | 5.5 Medium |
| cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled. | ||||