Search Results (1854 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-0356 2 Mozilla, Redhat 3 Firefox, Seamonkey, Enterprise Linux 2026-04-23 N/A
Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the (1) about:plugins and (2) about:config URIs from .desktop files, which allows user-assisted remote attackers to bypass the Same Origin Policy and execute arbitrary code with chrome privileges via vectors involving the URL field in a Desktop Entry section of a .desktop file, related to representation of about: URIs as jar:file:// URIs. NOTE: this issue exists because of an incomplete fix for CVE-2008-4582.
CVE-2009-0321 2 Apple, Microsoft 2 Safari, Windows 2026-04-23 N/A
Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote attackers to cause a denial of service (infinite loop or access violation) via a link to an http URI in which the authority (aka hostname) portion is either a (1) . (dot) or (2) .. (dot dot) sequence.
CVE-2009-0313 1 Kegel 1 Winetricks 2026-04-23 N/A
winetricks before 20081223 allows local users to overwrite arbitrary files via a symlink attack on the x_showmenu.txt temporary file.
CVE-2009-0032 2 Apple, Mandriva 4 Cups, Corporate Server, Linux and 1 more 2026-04-23 N/A
CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0 and 4.0, and Multi Network Firewall (MNF) 2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file.
CVE-2008-7247 2 Mysql, Oracle 2 Mysql, Mysql 2026-04-23 N/A
sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink.
CVE-2008-6760 1 Viart 1 Viart Shop 2026-04-23 N/A
ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain sensitive information via an unauthenticated add and save action for a shopping cart in cart_save.php, which reveals the SQL table names in an error message, related to code that mishandles the lack of a user_id parameter.
CVE-2008-6759 1 Viart 1 Viart Shop 2026-04-23 N/A
ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain sensitive information via a URL in the POST_DATA parameter to manuals_search.php, which reveals the installation path in an error message.
CVE-2008-6552 2 Fedoraproject, Redhat 7 Fedora, Cluster Project, Cman and 4 more 2026-04-23 N/A
Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs2-utils before 2.03.09-1, and CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9.
CVE-2007-3919 3 Debian, Redhat, Xensource Inc 3 Debian Linux, Enterprise Linux, Xen 2026-04-23 N/A
(1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm.
CVE-2007-3916 1 Skk Openlab 1 Skk Tools 2026-04-23 N/A
The main function in skkdic-expr.c in SKK Tools 1.2 allows local users to overwrite or delete arbitrary files via a symlink attack on a skkdic$PID temporary file.
CVE-2007-3742 1 Apple 2 Iphone, Safari 2026-04-23 N/A
WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name (IDN) support and Unicode fonts, which allows remote attackers to create a URL containing "look-alike characters" (homographs) and possibly perform phishing attacks.
CVE-2007-3103 2 Fedoraproject, Redhat 4 Fedora Core, Enterprise Linux, Enterprise Linux Desktop and 1 more 2026-04-23 N/A
The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file.
CVE-2007-2978 1 Eggblog 1 Eggblog 2026-04-23 N/A
Session fixation vulnerability in eggblog 3.1.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
CVE-2008-4975 1 Debian 1 Newsgate 2026-04-23 N/A
mkmailpost in newsgate 1.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mmp##### temporary file.
CVE-2008-4954 1 Fumitoshi Ukai 1 Fml 2026-04-23 N/A
mead.pl in fml 4.0.3 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/debugbuf temporary file.
CVE-2007-1027 1 Ibm 1 Db2 2026-04-23 N/A
Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file.
CVE-2008-1901 1 Debian 1 Aptlinex 2026-04-23 N/A
aptlinex before 0.91 allows local users to overwrite arbitrary files via a symlink attack on the gambas-apt.lock temporary file.
CVE-2008-1832 1 Cecilia 1 Cecilia 2026-04-23 N/A
lib/prefs.tcl in Cecilia 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the csvers temporary file.
CVE-2006-5851 1 Openbase International Ltd 1 Openbase 2026-04-23 N/A
openexec in OpenBase SQL before 10.0.1 allows local users to create arbitrary files via a symlink attack on the /tmp/output file, a different vulnerability than CVE-2006-5328.
CVE-2007-4129 2 Fedoraproject, Redhat 2 Coolkey, Enterprise Linux 2026-04-23 N/A
CoolKey 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files in the /tmp/.pk11ipc1/ directory.