Filtered by CWE-59
Filtered by vendor Subscriptions
Total 1234 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2007-3919 3 Debian, Redhat, Xensource Inc 3 Debian Linux, Enterprise Linux, Xen 2024-11-21 N/A
(1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm.
CVE-2007-3916 1 Skk Openlab 1 Skk Tools 2024-11-21 N/A
The main function in skkdic-expr.c in SKK Tools 1.2 allows local users to overwrite or delete arbitrary files via a symlink attack on a skkdic$PID temporary file.
CVE-2007-3742 1 Apple 2 Iphone, Safari 2024-11-21 N/A
WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name (IDN) support and Unicode fonts, which allows remote attackers to create a URL containing "look-alike characters" (homographs) and possibly perform phishing attacks.
CVE-2007-3103 2 Fedoraproject, Redhat 4 Fedora Core, Enterprise Linux, Enterprise Linux Desktop and 1 more 2024-11-21 N/A
The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file.
CVE-2007-2978 1 Eggblog 1 Eggblog 2024-11-21 N/A
Session fixation vulnerability in eggblog 3.1.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
CVE-2007-1027 1 Ibm 1 Db2 2024-11-21 N/A
Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file.
CVE-2006-5851 1 Openbase International Ltd 1 Openbase 2024-11-21 N/A
openexec in OpenBase SQL before 10.0.1 allows local users to create arbitrary files via a symlink attack on the /tmp/output file, a different vulnerability than CVE-2006-5328.
CVE-2006-1247 1 Ibm 1 Aix 2024-11-21 N/A
rm_mlcache_file in bos.rte.install in AIX 5.1.0 through 5.3.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2005-3349 1 Gnu 1 Gnump3d 2024-11-21 N/A
GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file.
CVE-2005-3126 1 Antiword 1 Antiword 2024-11-21 N/A
The (1) kantiword (kantiword.sh) and (2) gantiword (gantiword.sh) scripts in antiword 0.35 and earlier allow local users to overwrite arbitrary files via a symlink attack on temporary (a) output and (b) error files.
CVE-2005-3011 2 Gnu, Redhat 2 Texinfo, Enterprise Linux 2024-11-21 N/A
The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2005-2991 1 Ncompress 1 Ncompress 2024-11-21 5.0 Medium
ncompress 4.2.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files using (1) zdiff or (2) zcmp, a different vulnerability than CVE-2004-0970.
CVE-2005-2714 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 N/A
passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to overwrite arbitrary files via a symlink attack on the .pwtmp.[PID] temporary file.
CVE-2005-2527 1 Sun 1 Java 2024-11-21 N/A
Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to corrupt files or create arbitrary files via unspecified attack vectors related to a temporary directory, possibly due to a symlink attack.
CVE-2005-1916 2 Debian, Ekg Project 2 Debian Linux, Ekg 2024-11-21 5.5 Medium
linki.py in ekg 2005-06-05 and earlier allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
CVE-2005-1880 1 Everybuddy 1 Everybuddy 2024-11-21 5.5 Medium
everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.
CVE-2005-1879 1 Lutel 1 Lutelwall 2024-11-21 5.5 Medium
LutelWall 0.97 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.
CVE-2005-1111 4 Canonical, Debian, Gnu and 1 more 4 Ubuntu Linux, Debian Linux, Cpio and 1 more 2024-11-21 4.7 Medium
Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
CVE-2005-0824 1 Mathopd 1 Mathopd 2024-11-21 5.5 Medium
The internal_dump function in Mathopd before 1.5p5, and 1.6x before 1.6b6 BETA, when Mathopd is running with the -n option, allows local users to overwrite arbitrary files via a symlink attack on dump files that are triggered by a SIGWINCH signal.
CVE-2005-0587 1 Mozilla 2 Firefox, Mozilla 2024-11-21 6.5 Medium
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.