ReportizFlow
Filtered by vendor
Subscriptions
Total
1452 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2001-1043 | 1 Argosoft | 1 Ftp Server | 2025-04-03 | 7.5 High |
| ArGoSoft FTP Server 1.2.2.2 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file. | ||||
| CVE-2005-0587 | 1 Mozilla | 2 Firefox, Mozilla | 2025-04-03 | 6.5 Medium |
| Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file. | ||||
| CVE-2005-0004 | 3 Debian, Mariadb, Oracle | 3 Debian Linux, Mariadb, Mysql | 2025-04-03 | N/A |
| The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files. | ||||
| CVE-1999-0794 | 1 Microsoft | 2 Excel, Office | 2025-04-03 | N/A |
| Microsoft Excel does not warn a user when a macro is present in a Symbolic Link (SYLK) format file. | ||||
| CVE-2004-2473 | 1 Wmfrog | 1 Wmfrog | 2025-04-03 | N/A |
| wmFrog weather monitor 0.1.6 and other versions before 0.2.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | ||||
| CVE-1999-1386 | 1 Perl | 1 Perl | 2025-04-03 | 5.5 Medium |
| Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file. | ||||
| CVE-2005-1879 | 1 Lutel | 1 Lutelwall | 2025-04-03 | 5.5 Medium |
| LutelWall 0.97 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget. | ||||
| CVE-2000-0342 | 1 Qualcomm | 1 Eudora | 2025-04-03 | 7.5 High |
| Eudora 4.x allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka "Stealth Attachment." | ||||
| CVE-2001-0131 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2025-04-03 | 2.9 Low |
| htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack. | ||||
| CVE-2001-1378 | 2 Fetchmail, Redhat | 2 Fetchmail, Linux | 2025-04-03 | N/A |
| fetchmailconf in fetchmail before 5.7.4 allows local users to overwrite files of other users via a symlink attack on temporary files. | ||||
| CVE-1999-0783 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 5.5 Medium |
| FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system. | ||||
| CVE-2002-2382 | 1 Cvsup | 1 Cvsup | 2025-04-03 | N/A |
| cvsupd.sh in CVSup 1.2 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on /var/tmp/cvsupd.out. | ||||
| CVE-2004-0967 | 2 Aladdin Enterprises, Redhat | 2 Ghostscript, Enterprise Linux | 2025-04-03 | N/A |
| The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files. | ||||
| CVE-2005-1916 | 2 Debian, Ekg Project | 2 Debian Linux, Ekg | 2025-04-03 | 5.5 Medium |
| linki.py in ekg 2005-06-05 and earlier allows local users to overwrite or create arbitrary files via a symlink attack on temporary files. | ||||
| CVE-2004-1603 | 1 Cpanel | 1 Cpanel | 2025-04-03 | 5.5 Medium |
| cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled. | ||||
| CVE-2020-36657 | 1 Uptimed Project | 1 Uptimed | 2025-04-02 | 7.8 High |
| uptimed before 0.4.6-r1 on Gentoo allows local users (with access to the uptimed user account) to gain root privileges by creating a hard link within the /var/spool/uptimed directory, because there is an unsafe chown -R call. | ||||
| CVE-2024-36306 | 1 Trendmicro | 1 Apex One | 2025-03-28 | 6.1 Medium |
| A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to create a denial-of-service condition on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2022-42291 | 2 Microsoft, Nvidia | 2 Windows, Geforce Experience | 2025-03-25 | 8.2 High |
| NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently delete data from a linked location, which may lead to data tampering. An attacker does not have explicit control over the exploitation of this vulnerability, which requires the user to explicitly launch the installer from the compromised directory. | ||||
| CVE-2022-42292 | 2 Microsoft, Nvidia | 2 Windows, Geforce Experience | 2025-03-25 | 5 Medium |
| NVIDIA GeForce Experience contains a vulnerability in the NVContainer component, where a user without administrator privileges can create a symbolic link to a file that requires elevated privileges to write to or modify, which may lead to denial of service, escalation of privilege or limited data tampering. | ||||
| CVE-2023-24572 | 1 Dell | 1 Command \| Integration Suite For System Center | 2025-03-21 | 4.7 Medium |
| Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion. | ||||