CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
13101 CVE-2008-5153 59 2008-11-18 2017-08-07
6.9
None Local Medium Not required Complete Complete Complete
spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/spell-check-debug.log, (2) /tmp/spell-check-before, or (3) /tmp/spell-check-after temporary file.
13102 CVE-2008-5152 59 2008-11-18 2017-08-07
6.9
None Local Medium Not required Complete Complete Complete
inmail-show in mh-book 200605 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/inmail#####.log or (2) /tmp/inmail#####.stdin temporary file.
13103 CVE-2008-5151 59 2008-11-18 2008-11-18
6.9
None Local Medium Not required Complete Complete Complete
test_parser.py in mayavi 1.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/err.log temporary file.
13104 CVE-2008-5150 59 2008-11-18 2017-08-07
6.9
None Local Medium Not required Complete Complete Complete
sample.sh in maildirsync 1.1 allows local users to append data to arbitrary files via a symlink attack on a /tmp/maildirsync-*.#####.log temporary file.
13105 CVE-2008-5149 59 2008-11-18 2009-02-17
6.9
None Local Medium Not required Complete Complete Complete
fwd_check.sh in libncbi6 6.1.20080302 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/##### temporary file.
13106 CVE-2008-5148 59 2008-11-18 2008-12-03
6.9
None Local Medium Not required Complete Complete Complete
sch2eaglepos.sh in geda-gnetlist 1.4.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/##### temporary file.
13107 CVE-2008-5147 59 2008-11-18 2017-08-07
6.9
None Local Medium Not required Complete Complete Complete
test-pipe-to-pyodconverter.org.sh in docvert 2.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/outer.odt temporary file.
13108 CVE-2008-5146 59 2008-11-18 2008-11-18
6.9
None Local Medium Not required Complete Complete Complete
add-accession-numbers in ctn 3.0.6 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/accession temporary file.
13109 CVE-2008-5145 59 2008-11-18 2017-08-07
6.9
None Local Medium Not required Complete Complete Complete
ltpmenu in ltp 20060918 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/runltp.mainmenu.##### temporary file.
13110 CVE-2008-5144 59 2008-11-18 2009-02-17
6.9
None Local Medium Not required Complete Complete Complete
nvidia-cg-toolkit-installer in nvidia-cg-toolkit 2.0.0015 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvidia-cg-toolkit-manifest temporary file.
13111 CVE-2008-5143 59 2008-11-18 2008-12-03
6.9
None Local Medium Not required Complete Complete Complete
mgt-helper in multi-gnome-terminal 1.6.2 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/*.debug or (2) /tmp/*.env temporary file.
13112 CVE-2008-5142 59 2008-11-18 2012-10-30
6.9
None Local Medium Not required Complete Complete Complete
sendbug in freebsd-sendpr 3.113+5.3 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on a /tmp/pr.##### temporary file.
13113 CVE-2008-5141 59 2008-11-18 2017-08-07
6.9
None Local Medium Not required Complete Complete Complete
flamethrower in flamethrower 0.1.8 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/multicast.tar.##### temporary file.
13114 CVE-2008-5140 59 2008-11-18 2017-08-07
6.9
None Local Medium Not required Complete Complete Complete
trend-autoupdate.new in mailscanner 4.55.10 and other versions before 4.74.16-1 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/opr.ini.##### or (2) /tmp/lpt*.zip temporary file.
13115 CVE-2008-5139 59 2008-11-18 2009-02-17
6.9
None Local Medium Not required Complete Complete Complete
updatejail in jailer 0.4 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/#####.updatejail temporary file.
13116 CVE-2008-5138 59 2008-11-18 2017-08-07
6.9
None Local Medium Not required Complete Complete Complete
passwdehd in libpam-mount 0.43 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/passwdehd.##### temporary file.
13117 CVE-2008-5137 59 2008-11-18 2009-02-17
6.9
None Local Medium Not required Complete Complete Complete
tkman in tkman 2.2 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/tkman##### or (2) /tmp/ll temporary file.
13118 CVE-2008-5136 59 2008-11-18 2009-02-17
6.9
Admin Local Medium Not required Complete Complete Complete
tkusr in tkusr 0.82 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/tkusr.pgm temporary file.
13119 CVE-2008-5135 59 2008-11-18 2008-11-18
6.2
None Local High Not required Complete Complete Complete
** DISPUTED ** os-prober in os-prober 1.17 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/mounted-map or (2) /tmp/raided-map temporary file. NOTE: the vendor disputes this issue, stating "the insecure code path should only ever run inside a d-i environment, which has no non-root users."
13120 CVE-2008-5125 287 Bypass 2008-11-17 2017-09-28
6.8
None Remote Medium Not required Partial Partial Partial
admin.php in CCleague Pro 1.2 allows remote attackers to bypass authentication by setting the type cookie value to admin.
13121 CVE-2008-5123 89 Exec Code Sql 2008-11-17 2017-09-28
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in admin.php in CCleague Pro 1.2 allows remote attackers to execute arbitrary SQL commands via the u parameter.
13122 CVE-2008-5117 20 2008-11-17 2017-08-07
6.4
None Remote Low Not required None Partial Partial
Open redirect vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
13123 CVE-2008-5115 352 CSRF 2008-11-17 2018-10-11
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to hijack the authentication of administrators for requests that update the password via idm/admin/changeself.jsp.
13124 CVE-2008-5108 94 2008-11-17 2012-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in Adobe AIR 1.1 and earlier allows context-dependent attackers to execute untrusted JavaScript in an AIR application via unknown attack vectors.
13125 CVE-2008-5082 287 Bypass 2009-01-30 2017-08-07
6.0
User Remote Medium Single system Partial Partial Partial
The verifyProof function in the Token Processing System (TPS) component in Red Hat Certificate System (RHCS) 7.1 through 7.3 and Dogtag Certificate System 1.0 returns successfully even when token enrollment did not use the hardware key, which allows remote authenticated users with enrollment privileges to bypass intended authentication policies by performing enrollment with a software key.
13126 CVE-2008-5078 119 Exec Code Overflow 2008-12-19 2017-09-28
6.8
User Remote Medium Not required Partial Partial Partial
Multiple buffer overflows in the (1) recognize_eps_file function (src/psgen.c) and (2) tilde_subst function (src/util.c) in GNU enscript 1.6.1, and possibly earlier, might allow remote attackers to execute arbitrary code via an epsf escape sequence with a long filename.
13127 CVE-2008-5075 89 Exec Code Sql 2008-11-14 2017-09-28
6.8
None Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in E-Uploader Pro 1.0 (aka Uploader PRO), when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) img.php, (b) file.php, (c) mail.php, (d) thumb.php, (e) zip.php, and (f) zipit.php, and (2) the view parameter to (g) browser.php.
13128 CVE-2008-5034 59 2008-11-10 2008-11-11
6.9
None Local Medium Not required Complete Complete Complete
** DISPUTED ** master-filter in printfilters-ppd 2.13 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filter.debug temporary file. NOTE: the vendor disputes this vulnerability, stating 'this package does not have " possibility of attack with the help of symlinks"'.
13129 CVE-2008-5028 352 Exec Code CSRF 2008-11-10 2017-08-07
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests.
13130 CVE-2008-5027 264 Bypass 2008-11-10 2016-12-07
6.5
User Remote Low Single system Partial Partial Partial
The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon.
13131 CVE-2008-5007 59 2008-11-10 2017-08-07
6.9
None Local Medium Not required Complete Complete Complete
create_lazarus_export_tgz.sh in lazarus 0.9.24 allows local users to overwrite or delete arbitrary files via a symlink attack on a (1) /tmp/lazarus.tgz temporary file or a (2) /tmp/lazarus temporary directory.
13132 CVE-2008-5000 89 Exec Code Sql 2008-11-10 2017-09-28
6.8
User Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in admin/includes/news.inc.php in PHPX 3.5.16, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via uppercase characters in the news_id parameter.
13133 CVE-2008-4998 59 2008-11-07 2008-11-10
6.9
None Local Medium Not required Complete Complete Complete
** DISPUTED ** postinst in twiki 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/twiki temporary file. NOTE: the vendor disputes this vulnerability, stating "this bug is invalid."
13134 CVE-2008-4997 59 2008-11-07 2008-11-10
6.9
None Local Medium Not required Complete Complete Complete
** DISPUTED ** dfxml-invoice in datafreedom-perl 0.1.7 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/zenity temporary file. NOTE: the vendor disputes this vulnerability, stating that the vector is solely "an EXAMPLE used in the manpage."
13135 CVE-2008-4996 59 2008-11-07 2008-11-10
6.9
None Local Medium Not required Complete Complete Complete
** DISPUTED ** init in initramfs-tools 0.92f allows local users to overwrite arbitrary files via a symlink attack on the /tmp/initramfs.debug temporary file. NOTE: the vendor disputes this vulnerability, stating that "init is [used in] a single-user context; there's no possibility that this is exploitable."
13136 CVE-2008-4995 59 2008-11-07 2017-08-07
6.9
None Local Medium Not required Complete Complete Complete
redirect.pl in bk2site 1.1.9 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/redirect.log temporary file. NOTE: this vulnerability is only limited to debug mode, which is disabled by default.
13137 CVE-2008-4994 59 2008-11-07 2017-08-07
6.9
None Local Medium Not required Complete Complete Complete
The (1) ncsarmt and (2) ncsawrap scripts in xmcd 2.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.*pid temporary file.
13138 CVE-2008-4993 59 2008-11-07 2017-09-28
6.9
None Local Medium Not required Complete Complete Complete
qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/args temporary file.
13139 CVE-2008-4990 59 2009-02-02 2018-10-11
6.9
Admin Local Medium Not required Complete Complete Complete
Enomaly Elastic Computing Platform (ECP), formerly Enomalism, before 2.1.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/enomalism2.pid temporary file.
13140 CVE-2008-4988 59 2008-11-06 2008-11-06
6.9
None Local Medium Not required Complete Complete Complete
pscal in xcal 4.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/pscal##### temporary file.
13141 CVE-2008-4987 59 2008-11-06 2017-08-07
6.9
None Local Medium Not required Complete Complete Complete
xastir 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/ldconfig.tmp, (b) /tmp/ldconf.tmp, and (c) /tmp/ld.so.conf temporary files, related to the (1) get-maptools.sh and (2) get_shapelib.sh scripts.
13142 CVE-2008-4986 59 2008-11-06 2017-08-07
6.9
None Local Medium Not required Complete Complete Complete
wims 3.62 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/env#####, (b) /tmp/sed#####, and (c) /tmp/referer-home.log temporary files, related to the (1) coqweb and (2) account.sh scripts.
13143 CVE-2008-4985 59 2008-11-06 2017-08-07
6.9
None Local Medium Not required Complete Complete Complete
vdrleaktest in Video Disk Recorder (aka vdr-dbg or vdr) 1.6.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/memleaktest.log temporary file.
13144 CVE-2008-4984 59 2008-11-06 2017-08-07
6.9
None Local Medium Not required Complete Complete Complete
scratchbox2 1.99.0.24 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/dpkg.#####.tmp, (b) /tmp/missing_deps.#####, and (c) /tmp/sb2-pkg-chk.$tstamp.##### temporary files, related to the (1) dpkg-checkbuilddeps and (2) sb2-check-pkg-mappings scripts.
13145 CVE-2008-4983 59 2008-11-06 2017-08-07
6.9
None Local Medium Not required Complete Complete Complete
scilab-bin 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/SciLink#####1, (b) /tmp/SciLink#####2, (c) /tmp/SciLink#####3, (d) /tmp/*.#####, (e) /tmp/*.#####.res, (f) /tmp/*.#####.err, and (g) /tmp/*.#####.diff temporary files, related to the (1) scilink, (2) scidoc, and (3) scidem scripts.
13146 CVE-2008-4982 59 2008-11-06 2017-08-07
6.9
None Local Medium Not required Complete Complete Complete
rkhunter in rkhunter 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rkhunter-debug temporary file. NOTE: this is probably a different vulnerability than CVE-2005-1270.
13147 CVE-2008-4981 59 2008-11-06 2017-08-07
6.9
None Local Medium Not required Complete Complete Complete
perl.robot in realtimebattle 1.0.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl.robot.log temporary file.
13148 CVE-2008-4980 59 2008-11-06 2009-09-15
6.9
None Local Medium Not required Complete Complete Complete
delqueueask in rccp 0.9 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/cccp_tmp.txt temporary file.
13149 CVE-2008-4979 59 2008-11-06 2009-09-15
6.9
None Local Medium Not required Complete Complete Complete
getipacctg in rancid 2.3.2~a8 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/ipacct.#####.prefixes, (2) /tmp/ipacct.#####.sorted, (3) /tmp/ipacct.#####.pl, and (4) /tmp/ipacct.##### temporary files.
13150 CVE-2008-4978 59 2008-11-06 2017-08-07
6.9
None Local Medium Not required Complete Complete Complete
radiance 3R9+20080530 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/opt.fmt, (b) /tmp/out#####.fmt, (c) /tmp/tf#####.dat, (d) /tmp/gsf#####, (e) /tmp/sc#####.sh, (f) /tmp/il#####.pic, (g) /tmp/tl#####.pic, (h) /tmp/ds#####.pic, (i) /tmp/tfa#####, and (j) /tmp/sed##### temporary files, related to the (1) optics2rad, (2) pdelta, (3) dayfact, and (4) raddepend scripts.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.