Total
1181 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6762 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 4.3 MEDIUM | N/A |
| Open redirect vulnerability in wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backto parameter. | |||||
| CVE-2008-6760 | 1 Viart | 1 Viart Shop | 2024-11-21 | 4.3 MEDIUM | N/A |
| ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain sensitive information via an unauthenticated add and save action for a shopping cart in cart_save.php, which reveals the SQL table names in an error message, related to code that mishandles the lack of a user_id parameter. | |||||
| CVE-2008-6759 | 1 Viart | 1 Viart Shop | 2024-11-21 | 4.3 MEDIUM | N/A |
| ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain sensitive information via a URL in the POST_DATA parameter to manuals_search.php, which reveals the installation path in an error message. | |||||
| CVE-2008-6552 | 2 Fedoraproject, Redhat | 5 Fedora, Cluster Project, Cman and 2 more | 2024-11-21 | 6.9 MEDIUM | N/A |
| Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs2-utils before 2.03.09-1, and CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9. | |||||
| CVE-2008-6398 | 1 Eric Raymond | 1 Sng | 2024-11-21 | 6.9 MEDIUM | N/A |
| sng_regress in SNG 1.0.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/recompiled$$.png, (2) /tmp/decompiled$$.sng, and (3) /tmp/canonicalized$$.sng temporary files. | |||||
| CVE-2008-6397 | 1 Alcovebook | 1 Sgml2x | 2024-11-21 | 4.4 MEDIUM | N/A |
| rlatex in AlcoveBook sgml2x 1.0.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2008-5825 | 1 Nokia | 1 6131 Nfc | 2024-11-21 | 2.6 LOW | N/A |
| The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination of space, CR (aka \r), and . (dot) characters, which allows remote attackers to trick a user into loading an arbitrary URI via a crafted NDEF tag, as demonstrated by (1) an http: URI for a malicious web site, (2) a tel: URI for a premium-rate telephone number, and (3) an sms: URI that triggers purchase of a ringtone. | |||||
| CVE-2008-5746 | 1 Sun | 2 Snmp Management Agent, Solaris | 2024-11-21 | 6.9 MEDIUM | N/A |
| Sun SNMP Management Agent (SUNWmasf) 1.4u2 through 1.5.4 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on temporary files. | |||||
| CVE-2008-5743 | 1 Pdfjam | 1 Pdfjam | 2024-11-21 | 6.9 MEDIUM | N/A |
| pdfjam creates the (1) pdf90, (2) pdfjoin, and (3) pdfnup files with a predictable name, which allows local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2008-5742 | 1 Netcat | 1 Netcat | 2024-11-21 | 4.0 MEDIUM | N/A |
| Multiple open redirect vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the redirect parameter in a logoff action to modules/auth/index.php or (2) the url parameter to modules/linkmanager/redirect.php. NOTE: this was reported within an "HTTP Response Splitting" section in the original disclosure. | |||||
| CVE-2008-5706 | 1 Verlihub-project | 1 Verlihub | 2024-11-21 | 6.9 MEDIUM | N/A |
| The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechanism in the daemon in Verlihub 0.9.8d-RC2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/trigger.tmp temporary file. | |||||
| CVE-2008-5704 | 1 Gpsdrive | 1 Gpsdrive | 2024-11-21 | 7.6 HIGH | N/A |
| src/unit_test.c in gpsdrive (aka gpsdrive-scripts) 2.10~pre4 might allow local users to overwrite arbitrary files via a symlink attack on the /tmp/gpsdrive-unit-test/proc temporary file, a different vector than CVE-2008-4959 and CVE-2008-5380. | |||||
| CVE-2008-5703 | 1 Gpsdrive | 1 Gpsdrive | 2024-11-21 | 6.2 MEDIUM | N/A |
| gpsdrive (aka gpsdrive-scripts) 2.10~pre4 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/.smswatch or (b) /tmp/gpsdrivepos temporary file, related to (1) examples/gpssmswatch and (2) src/splash.c, different vectors than CVE-2008-4959 and CVE-2008-5380. | |||||
| CVE-2008-5394 | 1 Debian | 1 Shadow | 2024-11-21 | 7.2 HIGH | N/A |
| /bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry. | |||||
| CVE-2008-5380 | 1 Gpsdrive | 1 Gpsdrive | 2024-11-21 | 6.9 MEDIUM | N/A |
| gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite arbitrary files via a symlink attack on an (a) /tmp/geo#####, a (b) /tmp/geocaching.loc, a (c) /tmp/geo#####.*, or a (d) /tmp/geo.* temporary file, related to the (1) geo-code and (2) geo-nearest scripts, different vectors than CVE-2008-4959. | |||||
| CVE-2008-5379 | 1 Oliver Gorwits | 1 Netdisco Mibs Installer | 2024-11-21 | 6.9 MEDIUM | N/A |
| netdisco-mibs-installer 1.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/netdisco-mibs-0.6.tar.gz temporary file, related to the (1) netdisco-mibs-install and (2) netdisco-mibs-download scripts. | |||||
| CVE-2008-5378 | 1 Lehrstuhl Fur Mikrobiologie | 1 Arb | 2024-11-21 | 6.9 MEDIUM | N/A |
| arb-kill in arb 0.0.20071207.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/arb_pids_*_* temporary file. | |||||
| CVE-2008-5377 | 1 Apple | 1 Cups | 2024-11-21 | 6.9 MEDIUM | N/A |
| pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333. | |||||
| CVE-2008-5376 | 1 Crip | 1 Crip | 2024-11-21 | 6.9 MEDIUM | N/A |
| editcomment in crip 3.7 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.tag.tmp temporary file. | |||||
| CVE-2008-5375 | 1 Cmus | 1 Cmus | 2024-11-21 | 6.9 MEDIUM | N/A |
| cmus-status-display in cmus 2.2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/cmus-status temporary file. | |||||