| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-1423 |
59 |
|
+Info |
2013-03-13 |
2013-03-19 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
(1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, (3) deb-specific/fileforge.pl, (4) deb-specific/group_dump_update.pl, (5) deb-specific/ssh_dump_update.pl, (6) deb-specific/user_dump_update.pl, (7) plugins/scmbzr/common/BzrPlugin.class.php, (8) plugins/scmcvs/common/CVSPlugin.class.php, (9) plugins/scmcvs/cronjobs/cvs.php, (10) plugins/scmcvs/cronjobs/ssh_create.php, (11) plugins/scmgit/common/GitPlugin.class.php, (12) plugins/scmsvn/common/SVNPlugin.class.php, (13) plugins/wiki/cronjobs/create_groups.php, (14) utils/cvs1/cvscreate.sh, and (15) utils/include.pl in FusionForge 5.0, 5.1, and 5.2 allows local users to change arbitrary file permissions, obtain sensitive information, and have other unspecified impacts via a (1) symlink or (2) hard link attack on certain files. |
|
2 |
CVE-2013-0927 |
59 |
|
Bypass |
2013-04-10 |
2013-04-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Google Chrome OS before 26.0.1410.57 relies on a Pango pango-utils.c read_config implementation that loads the contents of the .pangorc file in the user's home directory, and the file referenced by the PANGO_RC_FILE environment variable, which allows attackers to bypass intended access restrictions via crafted configuration data. |
|
3 |
CVE-2013-0200 |
59 |
|
|
2013-03-06 |
2013-03-07 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5) /tmp/hpps_job#.out temporary file, a different vulnerability than CVE-2011-2722. |
|
4 |
CVE-2012-6348 |
59 |
|
+Priv |
2013-01-04 |
2013-01-08 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file, or (2) overwrite arbitrary files and consequently gain privileges via a symlink attack on the centrify.cmd.0 temporary file. |
|
5 |
CVE-2012-5564 |
59 |
|
|
2013-02-14 |
2013-02-19 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users to overwrite arbitrary files via a symlink attack on /tmp/adb.log. |
|
6 |
CVE-2012-5355 |
59 |
|
|
2012-10-10 |
2013-02-13 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
welcome.py in xdiagnose before 2.5.2ubuntu0.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp. |
|
7 |
CVE-2012-5303 |
59 |
|
|
2012-10-05 |
2013-01-25 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Monkey HTTP Daemon 0.9.3 might allow local users to overwrite arbitrary files via a symlink attack on a PID file, as demonstrated by a pathname different from the default /var/run/monkey.pid pathname. |
|
8 |
CVE-2012-4676 |
59 |
|
|
2012-08-26 |
2012-08-27 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and earlier allows local users to delete arbitrary files by constructing a (1) symlink or (2) hard link, a different vulnerability than CVE-2012-3485. |
|
9 |
CVE-2012-4455 |
59 |
|
|
2012-10-10 |
2013-04-10 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) LCK..opencryptoki or (2) LCK..opencryptoki_stdll file in /var/lock/. |
|
10 |
CVE-2012-3440 |
59 |
|
|
2012-08-08 |
2012-08-08 |
5.6 |
None |
Local |
High |
Not required |
None |
Complete |
Complete |
|
A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file. |
|
11 |
CVE-2012-3345 |
59 |
|
|
2012-06-15 |
2012-06-15 |
5.6 |
None |
Local |
High |
Not required |
None |
Complete |
Complete |
|
ioquake3 before r2253 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ioq3.pid temporary file. |
|
12 |
CVE-2012-3329 |
59 |
|
|
2012-12-19 |
2013-01-29 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
IBM Advanced Settings Utility (ASU) through 3.62 and 3.70 through 9.21 and Bootable Media Creator (BoMC) through 2.30 and 3.00 through 9.21 on Linux allow local users to overwrite arbitrary files via a symlink attack on a (1) temporary file or (2) log file. |
|
13 |
CVE-2012-2103 |
59 |
|
|
2012-08-26 |
2013-04-18 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. |
|
14 |
CVE-2012-2093 |
59 |
|
|
2012-05-18 |
2013-04-18 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary files via a symlink attack on a temporary latex file, related to the get_tmpfile_name function. |
|
15 |
CVE-2012-0808 |
59 |
|
|
2012-03-19 |
2012-09-04 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
as31 2.3.1-4 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack. |
|
16 |
CVE-2012-0054 |
59 |
|
|
2012-03-19 |
2012-08-03 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
libs/updater.py in GoLismero 0.6.3, and other versions before Git revision 2b3bb43d6867, as used in backtrack and possibly other products, allows local users to overwrite arbitrary files via a symlink attack on GoLismero-controlled files, as demonstrated using Admin/changes.dat. |
|
17 |
CVE-2011-5146 |
59 |
|
|
2012-08-31 |
2012-09-05 |
2.6 |
None |
Local |
High |
Not required |
None |
Partial |
Partial |
|
Bokken before 1.6 and 1.5-x before 1.5-3 for Debian allows local users to overwrite arbitrary files via a symlink attack on /tmp/graph.dot. |
|
18 |
CVE-2011-4617 |
59 |
|
|
2011-12-30 |
2012-01-31 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/. |
|
19 |
CVE-2011-4363 |
59 |
|
|
2012-10-07 |
2012-10-08 |
2.6 |
None |
Local |
High |
Not required |
None |
Partial |
Partial |
|
ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS. |
|
20 |
CVE-2011-4105 |
59 |
|
|
2012-02-17 |
2012-02-29 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
LightDM before 1.0.6 allows local users to change ownership of arbitrary files via a symlink attack on ~/.Xauthority. |
|
21 |
CVE-2011-4060 |
59 |
|
|
2011-10-17 |
2012-02-13 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
The runtime linker in QNX Neutrino RTOS 6.5.0 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environment variables when a program is spawned from a setuid program, which allows local users to overwrite files via a symlink attack. |
|
22 |
CVE-2011-4028 |
59 |
|
|
2012-07-03 |
2012-07-17 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists. |
|
23 |
CVE-2011-3870 |
59 |
|
|
2011-10-27 |
2012-05-13 |
6.3 |
None |
Local |
Medium |
Not required |
None |
Complete |
Complete |
|
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file. |
|
24 |
CVE-2011-3869 |
59 |
|
|
2011-10-27 |
2012-05-13 |
6.3 |
None |
Local |
Medium |
Not required |
None |
Complete |
Complete |
|
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file. |
|
25 |
CVE-2011-3616 |
59 |
|
|
2011-11-04 |
2012-03-12 |
6.3 |
None |
Local |
Medium |
Not required |
None |
Complete |
Complete |
|
The getSkillname function in the eve module in Conky 1.8.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on /tmp/.cesf. |
|
26 |
CVE-2011-3204 |
59 |
|
|
2011-09-06 |
2011-09-22 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
hammerhead.cc in Hammerhead 2.1.4 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/hammer.log (aka the HH_LOG file) or (2) the REPORT_LOG file. |
|
27 |
CVE-2011-2722 |
59 |
|
|
2012-05-25 |
2013-02-06 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
The send_data_to_stdout function in prnt/hpijs/hpcupsfax.cpp in HP Linux Imaging and Printing (HPLIP) 3.x before 3.11.10 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hpcupsfax.out temporary file. |
|
28 |
CVE-2011-2533 |
59 |
|
|
2011-06-22 |
2011-11-21 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/. |
|
29 |
CVE-2011-2473 |
59 |
|
|
2011-06-09 |
2011-09-06 |
6.3 |
None |
Local |
Medium |
Not required |
None |
Complete |
Complete |
|
The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to create or overwrite arbitrary files via a crafted --session-dir argument in conjunction with a symlink attack on the opd_pipe file, a different vulnerability than CVE-2011-1760. |
|
30 |
CVE-2011-2185 |
59 |
|
|
2011-07-26 |
2011-08-02 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Fabric before 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on (1) a /tmp/fab.*.tar file or (2) certain other files in the top level of /tmp/. |
|
31 |
CVE-2011-1920 |
59 |
|
|
2011-05-23 |
2011-05-24 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk. |
|
32 |
CVE-2011-1384 |
59 |
|
|
2012-01-03 |
2012-01-04 |
4.0 |
None |
Local |
High |
Not required |
None |
Complete |
None |
|
The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigger inventory scout operations on arbitrary files, via a symlink attack on an unspecified file. |
|
33 |
CVE-2011-1144 |
59 |
|
|
2011-03-02 |
2011-03-10 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1072. |
|
34 |
CVE-2011-1073 |
59 |
|
|
2011-03-04 |
2011-09-21 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users to (1) determine the existence of arbitrary files via a symlink attack on a /tmp/crontab.XXXXXXXXXX temporary file and (2) perform MD5 checksum comparisons on arbitrary pairs of files via two symlink attacks on /tmp/crontab.XXXXXXXXXX temporary files. |
|
35 |
CVE-2011-1072 |
59 |
|
|
2011-03-02 |
2012-01-18 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519. |
|
36 |
CVE-2011-1031 |
59 |
|
|
2011-02-14 |
2011-05-27 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
The feh_unique_filename function in utils.c in feh 1.11.2 and earlier might allow local users to create arbitrary files via a symlink attack on a /tmp/feh_ temporary file, a different vulnerability than CVE-2011-0702. |
|
37 |
CVE-2011-1004 |
59 |
|
|
2011-03-02 |
2012-05-11 |
6.3 |
None |
Local |
Medium |
Not required |
None |
Complete |
Complete |
|
The FileUtils.remove_entry_secure method in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, 1.8.8dev, 1.9.1 through 1.9.1-430, 1.9.2 through 1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via a symlink attack. |
|
38 |
CVE-2011-0754 |
59 |
|
|
2011-02-02 |
2011-07-18 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check. |
|
39 |
CVE-2011-0727 |
59 |
|
|
2011-03-31 |
2011-04-29 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/. |
|
40 |
CVE-2011-0702 |
59 |
|
|
2011-02-14 |
2011-02-15 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
The feh_unique_filename function in utils.c in feh before 1.11.2 might allow local users to overwrite arbitrary files via a symlink attack on a /tmp/feh_ temporary file. |
|
41 |
CVE-2011-0541 |
59 |
|
|
2011-09-02 |
2012-03-13 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack. |
|
42 |
CVE-2011-0461 |
59 |
|
|
2011-04-04 |
2011-04-05 |
6.3 |
None |
Local |
Medium |
Not required |
None |
Complete |
Complete |
|
/etc/init.d/boot.localfs in the aaa_base package before 11.2-43.48.1 in SUSE openSUSE 11.2, and before 11.3-8.7.1 in openSUSE 11.3, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/mtab. |
|
43 |
CVE-2011-0441 |
59 |
|
|
2011-03-29 |
2011-04-20 |
6.3 |
None |
Local |
Medium |
Not required |
None |
Complete |
Complete |
|
The Debian GNU/Linux /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/. |
|
44 |
CVE-2011-0402 |
59 |
|
|
2011-01-10 |
2011-02-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory. |
|
45 |
CVE-2011-0017 |
59 |
|
|
2011-02-01 |
2011-03-01 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack. |
|
46 |
CVE-2011-0012 |
59 |
|
|
2011-04-18 |
2011-04-18 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows local users to overwrite arbitrary files via a symlink attack on the usbrdrctl log file, which has a predictable name. |
|
47 |
CVE-2011-0007 |
59 |
|
|
2011-01-10 |
2011-01-20 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
pimd 2.1.5 and possibly earlier versions allows user-assisted local users to overwrite arbitrary files via a symlink attack on (1) pimd.dump when a USR1 signal is sent, or (2) pimd.cache when USR2 is sent. |
|
48 |
CVE-2010-4338 |
59 |
|
|
2011-01-20 |
2011-03-31 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
ocrodjvu 0.4.6-1 on Debian GNU/Linux allows local users to modify arbitrary files via a symlink attack on temporary files that are generated when Cuneiform is invoked as the OCR engine. |
|
49 |
CVE-2010-4337 |
59 |
|
|
2011-01-14 |
2012-06-18 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/gnash-configure-errors.$$, (2) /tmp/gnash-configure-warnings.$$, or (3) /tmp/gnash-configure-recommended.$$ files. |
|
50 |
CVE-2010-4173 |
59 |
|
|
2010-11-22 |
2010-11-30 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
The default configuration of libsdp.conf in libsdp 1.1.104 and earlier creates log files in /tmp, which allows local users to overwrite arbitrary files via a (1) symlink or (2) hard link attack on the libsdp.log.##### temporary file. |
