Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2008-5746

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-29 Dec, 2008 | 15:00
Updated At-07 Aug, 2024 | 11:04
Rejected At-
Credits

Sun SNMP Management Agent (SUNWmasf) 1.4u2 through 1.5.4 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on temporary files.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:29 Dec, 2008 | 15:00
Updated At:07 Aug, 2024 | 11:04
Rejected At:
▼CVE Numbering Authority (CNA)

Sun SNMP Management Agent (SUNWmasf) 1.4u2 through 1.5.4 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on temporary files.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/33014
vdb-entry
x_refsource_BID
http://www.securitytracker.com/id?1021496
vdb-entry
x_refsource_SECTRACK
http://secunia.com/advisories/33328
third-party-advisory
x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/47619
vdb-entry
x_refsource_XF
http://osvdb.org/50987
vdb-entry
x_refsource_OSVDB
http://sunsolve.sun.com/search/document.do?assetkey=1-26-248646-1
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://www.securityfocus.com/bid/33014
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.securitytracker.com/id?1021496
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://secunia.com/advisories/33328
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/47619
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://osvdb.org/50987
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-248646-1
Resource:
vendor-advisory
x_refsource_SUNALERT
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/33014
vdb-entry
x_refsource_BID
x_transferred
http://www.securitytracker.com/id?1021496
vdb-entry
x_refsource_SECTRACK
x_transferred
http://secunia.com/advisories/33328
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/47619
vdb-entry
x_refsource_XF
x_transferred
http://osvdb.org/50987
vdb-entry
x_refsource_OSVDB
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-26-248646-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://www.securityfocus.com/bid/33014
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.securitytracker.com/id?1021496
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://secunia.com/advisories/33328
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/47619
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://osvdb.org/50987
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-248646-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:29 Dec, 2008 | 15:24
Updated At:08 Aug, 2017 | 01:33

Sun SNMP Management Agent (SUNWmasf) 1.4u2 through 1.5.4 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on temporary files.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.9MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 6.9
Base severity: MEDIUM
Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
Sun Microsystems (Oracle Corporation)
sun
>>snmp_management_agent>>1.4
cpe:2.3:a:sun:snmp_management_agent:1.4:update_2:sparc:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>snmp_management_agent>>1.5.3
cpe:2.3:a:sun:snmp_management_agent:1.5.3:*:sparc:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>snmp_management_agent>>1.5.4
cpe:2.3:a:sun:snmp_management_agent:1.5.4:*:sparc:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>solaris>>8
cpe:2.3:o:sun:solaris:8:*:sparc:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>solaris>>9
cpe:2.3:o:sun:solaris:9:*:sparc:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>solaris>>10
cpe:2.3:o:sun:solaris:10:*:sparc:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-59Primarynvd@nist.gov
CWE ID: CWE-59
Type: Primary
Source: nvd@nist.gov
Evaluator Description
http://sunsolve.sun.com/search/document.do?assetkey=1-26-248646-1 This issue can occur in the following releases: SPARC Platform * Sun SNMP Management Agent "SUNWmasf" 1.4u2 thru 1.5.4 (For Solaris 8, 9 and 10)
Evaluator Impact

Evaluator Solution

http://sunsolve.sun.com/search/document.do?assetkey=1-26-248646-1 This issue is addressed in the following release: SPARC Platform * Sun SNMP Management Agent ("SUNWmasf") 1.5.5 or later (For Solaris 8, 9 and 10) Sun SNMP Management Agent is available for download at http://www.sun.com/download/

Vendor Statements
References
HyperlinkSourceResource
http://osvdb.org/50987cve@mitre.org
N/A
http://secunia.com/advisories/33328cve@mitre.org
Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-248646-1cve@mitre.org
Vendor Advisory
http://www.securityfocus.com/bid/33014cve@mitre.org
N/A
http://www.securitytracker.com/id?1021496cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/47619cve@mitre.org
N/A
Hyperlink: http://osvdb.org/50987
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/33328
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-248646-1
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/33014
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1021496
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/47619
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

175Records found
CVE-2008-5743
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.06% / 17.69%
||
7 Day CHG~0.00%
Published-26 Dec, 2008 | 21:00
Updated-07 Aug, 2024 | 11:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pdfjam creates the (1) pdf90, (2) pdfjoin, and (3) pdfnup files with a predictable name, which allows local users to overwrite arbitrary files via a symlink attack.

Action-Not Available
Vendor-pdfjamn/a
Product-pdfjamn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4935
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 7.29%
||
7 Day CHG~0.00%
Published-05 Nov, 2008 | 14:51
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

asciiview in aview 1.3.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/aview#####.pgm temporary file.

Action-Not Available
Vendor-amigan/a
Product-aviewn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5373
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 10.04%
||
7 Day CHG~0.00%
Published-08 Dec, 2008 | 23:00
Updated-16 Sep, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mtx.##### temporary file, probably a related issue to CVE-2005-2995.

Action-Not Available
Vendor-baculan/a
Product-baculan/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4979
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 7.77%
||
7 Day CHG~0.00%
Published-06 Nov, 2008 | 11:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

getipacctg in rancid 2.3.2~a8 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/ipacct.#####.prefixes, (2) /tmp/ipacct.#####.sorted, (3) /tmp/ipacct.#####.pl, and (4) /tmp/ipacct.##### temporary files.

Action-Not Available
Vendor-shrubberyn/a
Product-rancidn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5137
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 8.35%
||
7 Day CHG~0.00%
Published-18 Nov, 2008 | 15:00
Updated-07 Aug, 2024 | 10:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

tkman in tkman 2.2 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/tkman##### or (2) /tmp/ll temporary file.

Action-Not Available
Vendor-tkmann/a
Product-tkmann/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5706
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.24% / 47.53%
||
7 Day CHG~0.00%
Published-22 Dec, 2008 | 15:00
Updated-07 Aug, 2024 | 11:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechanism in the daemon in Verlihub 0.9.8d-RC2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/trigger.tmp temporary file.

Action-Not Available
Vendor-verlihub-projectn/a
Product-verlihubn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5370
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 6.33%
||
7 Day CHG~0.00%
Published-08 Dec, 2008 | 23:00
Updated-17 Sep, 2024 | 01:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pvpgn-support-installer in pvpgn 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pvpgn-support-1.0.tar.gz temporary file.

Action-Not Available
Vendor-pvpgnn/a
Product-pvpgnn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4938
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 7.49%
||
7 Day CHG~0.00%
Published-05 Nov, 2008 | 14:51
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

aegis 4.24 and aegis-web 4.24 allow local users to overwrite arbitrary files via a symlink attack on (a) /tmp/#####, (b) /tmp/#####.intro, (c) /tmp/aegis.#####.ae, (d) /tmp/aegis.#####, (e) /tmp/aegis.#####.1, (f) /tmp/aegis.#####.2, (g) /tmp/aegis.#####.log, and (h) /tmp/aegis.#####.out temporary files, related to the (1) bng_dvlpd.sh, (2) bng_rvwd.sh, (3) awt_dvlp.sh, (4) awt_intgrtn.sh, and (5) aegis.cgi scripts.

Action-Not Available
Vendor-aegisn/a
Product-aegis-webaegisn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4965
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 7.77%
||
7 Day CHG~0.00%
Published-06 Nov, 2008 | 11:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

liguidsoap.py in liguidsoap 0.3.8.1+2 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/liguidsoap.liq, (2) /tmp/lig.#####.log, and (3) /tmp/emission.ogg temporary files.

Action-Not Available
Vendor-savonetn/a
Product-liguidsoapn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4949
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 7.77%
||
7 Day CHG~0.00%
Published-05 Nov, 2008 | 14:51
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dist 3.5 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/cil#####, (b) /tmp/pdo#####, and (c) /tmp/pdn##### temporary files, related to the (1) patcil and (2) patdiff scripts.

Action-Not Available
Vendor-manoj_srivastavan/a
Product-distn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4943
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 6.57%
||
7 Day CHG~0.00%
Published-05 Nov, 2008 | 14:51
Updated-16 Sep, 2024 | 23:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

bulmages-servers 0.11.1 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/error.txt, (b) /tmp/errores.txt, and possibly other temporary files, related to the (1) creabulmafact, (2) creabulmacont, and possibly (3) actualizabulmacont, (4) installbulmages-db, and (5) actualizabulmafact scripts.

Action-Not Available
Vendor-igluesn/a
Product-bulmages-serversn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5375
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 6.57%
||
7 Day CHG~0.00%
Published-08 Dec, 2008 | 23:00
Updated-07 Aug, 2024 | 10:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cmus-status-display in cmus 2.2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/cmus-status temporary file.

Action-Not Available
Vendor-cmusn/a
Product-cmusn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5380
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.09% / 26.19%
||
7 Day CHG~0.00%
Published-08 Dec, 2008 | 23:00
Updated-07 Aug, 2024 | 10:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite arbitrary files via a symlink attack on an (a) /tmp/geo#####, a (b) /tmp/geocaching.loc, a (c) /tmp/geo#####.*, or a (d) /tmp/geo.* temporary file, related to the (1) geo-code and (2) geo-nearest scripts, different vectors than CVE-2008-4959.

Action-Not Available
Vendor-gpsdriven/a
Product-gpsdriven/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4953
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.05% / 15.20%
||
7 Day CHG~0.00%
Published-05 Nov, 2008 | 14:51
Updated-17 Sep, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

firehol in firehol 1.256 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/.firehol-tmp-#####-*-* and (2) /tmp/firehol.conf temporary files. NOTE: the vendor disputes this vulnerability, stating that an attack "would require an attacker to create 1073741824*PID-RANGE symlinks.

Action-Not Available
Vendor-fireholn/a
Product-fireholn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5007
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 5.96%
||
7 Day CHG~0.00%
Published-10 Nov, 2008 | 11:00
Updated-07 Aug, 2024 | 10:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

create_lazarus_export_tgz.sh in lazarus 0.9.24 allows local users to overwrite or delete arbitrary files via a symlink attack on a (1) /tmp/lazarus.tgz temporary file or a (2) /tmp/lazarus temporary directory.

Action-Not Available
Vendor-lazarusn/a
Product-lazarusn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5034
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.09% / 25.43%
||
7 Day CHG~0.00%
Published-10 Nov, 2008 | 16:00
Updated-17 Sep, 2024 | 03:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

master-filter in printfilters-ppd 2.13 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filter.debug temporary file. NOTE: the vendor disputes this vulnerability, stating 'this package does not have " possibility of attack with the help of symlinks"'

Action-Not Available
Vendor-a_mennucc1n/a
Product-printfilters-ppdn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4941
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 7.77%
||
7 Day CHG~0.00%
Published-05 Nov, 2008 | 14:51
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

arb-common 0.0.20071207.1 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/arb_fdnaml_*, (b) /tmp/arb_pids_*, (c) /tmp/arbdsmz.html, and (d) /tmp/arbdsmz.htm temporary files, related to the (1) arb_fastdnaml and (2) dszmconnect.pl scripts.

Action-Not Available
Vendor-arb_projectn/a
Product-arb-commonn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4952
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 6.57%
||
7 Day CHG~0.00%
Published-05 Nov, 2008 | 14:51
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

emacs-jabber in emacs-jabber 0.7.91 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.log temporary file.

Action-Not Available
Vendor-emacsn/a
Product-emacs-jabbern/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4983
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 7.29%
||
7 Day CHG~0.00%
Published-06 Nov, 2008 | 11:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

scilab-bin 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/SciLink#####1, (b) /tmp/SciLink#####2, (c) /tmp/SciLink#####3, (d) /tmp/*.#####, (e) /tmp/*.#####.res, (f) /tmp/*.#####.err, and (g) /tmp/*.#####.diff temporary files, related to the (1) scilink, (2) scidoc, and (3) scidem scripts.

Action-Not Available
Vendor-scilabn/a
Product-scilab-binn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5140
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 10.64%
||
7 Day CHG~0.00%
Published-18 Nov, 2008 | 15:00
Updated-07 Aug, 2024 | 10:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

trend-autoupdate.new in mailscanner 4.55.10 and other versions before 4.74.16-1 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/opr.ini.##### or (2) /tmp/lpt*.zip temporary file.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-mailscannern/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4996
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 29.17%
||
7 Day CHG~0.00%
Published-07 Nov, 2008 | 19:00
Updated-17 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

init in initramfs-tools 0.92f allows local users to overwrite arbitrary files via a symlink attack on the /tmp/initramfs.debug temporary file. NOTE: the vendor disputes this vulnerability, stating that "init is [used in] a single-user context; there's no possibility that this is exploitable.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-initramfs-toolsn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4976
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 7.17%
||
7 Day CHG~0.00%
Published-06 Nov, 2008 | 11:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ogle 0.9.2 and ogle-mmx 0.9.2 allow local users to overwrite arbitrary files via a symlink attack on (a) /tmp/ogle_audio.#####, (b) /tmp/ogle_cli.#####, (c) /tmp/ogle_ctrl.#####, (d) /tmp/ogle_gui.#####, (e) /tmp/ogle_mpeg_ps.#####, (f) /tmp/ogle_mpeg_vs.#####, (g) /tmp/ogle_nav.#####, and (h) /tmp/ogle_vout.#####, temporary files, related to the (1) ogle_audio_debug, (2) ogle_cli_debug, (3) ogle_ctrl_debug, (4) ogle_gui_debug, (5) ogle_mpeg_ps_debug, (6) ogle_mpeg_vs_debug, (7) ogle_nav_debug, and (8) ogle_vout_debug scripts.

Action-Not Available
Vendor-alan_woodlandn/a
Product-ogle-mmxoglen/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4993
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 7.29%
||
7 Day CHG~0.00%
Published-07 Nov, 2008 | 19:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/args temporary file.

Action-Not Available
Vendor-n/aXen Project
Product-xenn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5153
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 8.58%
||
7 Day CHG~0.00%
Published-18 Nov, 2008 | 15:00
Updated-07 Aug, 2024 | 10:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/spell-check-debug.log, (2) /tmp/spell-check-before, or (3) /tmp/spell-check-after temporary file.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodlen/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4936
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 7.73%
||
7 Day CHG~0.00%
Published-05 Nov, 2008 | 14:51
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/faxsp.##### temporary file.

Action-Not Available
Vendor-gert_doeringn/a
Product-mgettyn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4997
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.09% / 25.43%
||
7 Day CHG~0.00%
Published-07 Nov, 2008 | 19:00
Updated-17 Sep, 2024 | 04:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dfxml-invoice in datafreedom-perl 0.1.7 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/zenity temporary file. NOTE: the vendor disputes this vulnerability, stating that the vector is solely "an EXAMPLE used in the manpage.

Action-Not Available
Vendor-pilot-qofn/a
Product-datafreedom-perln/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5299
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 5.32%
||
7 Day CHG~0.00%
Published-01 Dec, 2008 | 15:00
Updated-07 Aug, 2024 | 10:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

chm2pdf 0.9 allows user-assisted local users to delete arbitrary files via a symlink attack on .chm files in the (1) /tmp/chm2pdf/work or (2) /tmp/chm2pdf/orig temporary directories.

Action-Not Available
Vendor-karakas-onlinen/a
Product-chm2pdfn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4974
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 7.77%
||
7 Day CHG~0.00%
Published-06 Nov, 2008 | 11:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rrdedit in netmrg 0.20 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/*.xml and (2) /tmp/*.backup temporary files.

Action-Not Available
Vendor-netmrgn/a
Product-netmrgn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4966
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 6.88%
||
7 Day CHG~0.00%
Published-06 Nov, 2008 | 11:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

linux-patch-openswan 2.4.12 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/snap##### and (b) /tmp/nightly##### temporary files, related to the (1) maysnap and (2) maytest scripts.

Action-Not Available
Vendor-openswann/a
Product-linux-patch-openswann/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4969
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 6.57%
||
7 Day CHG~0.00%
Published-06 Nov, 2008 | 11:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ltp-network-test 20060918 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/vsftpd.conf, (b) /tmp/udp/2/*, (c) /tmp/tcp/2/*, (d) /tmp/udp/3/*, (e) /tmp/tcp/3/*, (f) /tmp/nfs_fsstress.udp.2.log, (g) /tmp/nfs_fsstress.udp.3.log, (h) /tmp/nfs_fsstress.tcp.2.log, (i) /tmp/nfs_fsstress.tcp.3.log, and (j) /tmp/nfs_fsstress.sardata temporary files, related to the (1) ftp_setup_vsftp_conf and (2) nfs_fsstress.sh scripts.

Action-Not Available
Vendor-alastair_mckinstryn/a
Product-ltp-network-testn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4946
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 6.57%
||
7 Day CHG~0.00%
Published-05 Nov, 2008 | 14:51
Updated-16 Sep, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

convirt 0.8.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/set_output temporary file, related to the (1) _template_/provision.sh, (2) Linux_CD_Install/provision.sh, (3) Fedora_PV_Install/provision.sh, (4) CentOS_PV_Install/provision.sh, (5) common/provision.sh, (6) example/provision.sh, and (7) Windows_CD_Install/provision.sh scripts in image_store/.

Action-Not Available
Vendor-convirturen/a
Product-convirtn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4980
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 7.77%
||
7 Day CHG~0.00%
Published-06 Nov, 2008 | 11:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

delqueueask in rccp 0.9 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/cccp_tmp.txt temporary file.

Action-Not Available
Vendor-zak_b_elepn/a
Product-rccpn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5376
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 6.33%
||
7 Day CHG~0.00%
Published-08 Dec, 2008 | 23:00
Updated-17 Sep, 2024 | 00:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

editcomment in crip 3.7 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.tag.tmp temporary file.

Action-Not Available
Vendor-cripn/a
Product-cripn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5372
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 6.33%
||
7 Day CHG~0.00%
Published-08 Dec, 2008 | 23:00
Updated-16 Sep, 2024 | 23:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sdm-login in sdm-terminal 0.4.0b allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sdm.autologin.once temporary file.

Action-Not Available
Vendor-jonas_smedegaardn/a
Product-sdm-terminaln/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4970
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 7.77%
||
7 Day CHG~0.00%
Published-06 Nov, 2008 | 11:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

runiozone in lustre 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/iozone.log temporary file.

Action-Not Available
Vendor-lustren/a
Product-lustre-testsn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5366
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 6.33%
||
7 Day CHG~0.00%
Published-08 Dec, 2008 | 23:00
Updated-07 Aug, 2024 | 10:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/probe-finished or (2) /tmp/ppp-errors temporary file.

Action-Not Available
Vendor-marco_d\'itrin/a
Product-pppn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5139
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 6.57%
||
7 Day CHG~0.00%
Published-18 Nov, 2008 | 15:00
Updated-07 Aug, 2024 | 10:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

updatejail in jailer 0.4 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/#####.updatejail temporary file.

Action-Not Available
Vendor-javier_fernandezn/a
Product-jailern/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4994
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 6.88%
||
7 Day CHG~0.00%
Published-07 Nov, 2008 | 19:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) ncsarmt and (2) ncsawrap scripts in xmcd 2.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.*pid temporary file.

Action-Not Available
Vendor-ti_kann/a
Product-xmcdn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4984
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 7.38%
||
7 Day CHG~0.00%
Published-06 Nov, 2008 | 11:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

scratchbox2 1.99.0.24 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/dpkg.#####.tmp, (b) /tmp/missing_deps.#####, and (c) /tmp/sb2-pkg-chk.$tstamp.##### temporary files, related to the (1) dpkg-checkbuilddeps and (2) sb2-check-pkg-mappings scripts.

Action-Not Available
Vendor-n/afreedesktop.org
Product-scratchbox2n/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4985
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 7.66%
||
7 Day CHG~0.00%
Published-06 Nov, 2008 | 11:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

vdrleaktest in Video Disk Recorder (aka vdr-dbg or vdr) 1.6.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/memleaktest.log temporary file.

Action-Not Available
Vendor-cadsoftn/a
Product-vdrn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4990
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 6.57%
||
7 Day CHG~0.00%
Published-02 Feb, 2009 | 22:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Enomaly Elastic Computing Platform (ECP), formerly Enomalism, before 2.1.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/enomalism2.pid temporary file.

Action-Not Available
Vendor-enomalyn/a
Product-elastic_computing_platformn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4960
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 7.77%
||
7 Day CHG~0.00%
Published-05 Nov, 2008 | 14:51
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

impose in impose+ 0.2 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/*-tmp.ps and (2) /tmp/bboxx-* temporary files.

Action-Not Available
Vendor-dov_grobgeldn/a
Product-impose\+n/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4959
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.06% / 18.54%
||
7 Day CHG~0.00%
Published-05 Nov, 2008 | 14:51
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

geo-code in gpsdrive-scripts 2.10~pre4 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/geo.google, (2) /tmp/geo.yahoo, (3) /tmp/geo.coords, and (4) /tmp/geo#####.coords temporary files.

Action-Not Available
Vendor-gpsdriven/a
Product-gpsdrive-scriptsn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4964
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 5.99%
||
7 Day CHG~0.00%
Published-06 Nov, 2008 | 11:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

filters/any-UTF8 in konwert 1.8 allows local users to delete arbitrary files via a symlink attack on a /tmp/any-##### temporary file.

Action-Not Available
Vendor-krzysztof_kozlowskin/a
Product-konwertn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4476
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 6.00%
||
7 Day CHG~0.00%
Published-07 Oct, 2008 | 21:00
Updated-07 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sympa_aliases.$$ temporary file. NOTE: wwsympa.fcgi was also reported, but the issue occurred in a dead function, so it is not a vulnerability.

Action-Not Available
Vendor-sympan/a
Product-sympan/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4192
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.13% / 32.75%
||
7 Day CHG~0.00%
Published-29 Sep, 2008 | 17:00
Updated-07 Aug, 2024 | 10:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The pserver_shutdown function in fence_egenera in cman 2.20080629 and 2.20080801 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/eglog temporary file.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-cmann/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-3928
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 9.96%
||
7 Day CHG~0.00%
Published-04 Sep, 2008 | 18:00
Updated-07 Aug, 2024 | 10:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

test.sh in Honeyd 1.5c might allow local users to overwrite arbitrary files via a symlink attack on a temporary file.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-honeyd_commonn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2007-4998
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.10% / 26.67%
||
7 Day CHG~0.00%
Published-31 Jan, 2008 | 20:00
Updated-07 Aug, 2024 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-3930
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 7.38%
||
7 Day CHG~0.00%
Published-04 Sep, 2008 | 18:00
Updated-07 Aug, 2024 | 10:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

migrate_aliases.sh in Citadel Server 7.37 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-citadel_servern/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5371
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 6.33%
||
7 Day CHG~0.00%
Published-08 Dec, 2008 | 23:00
Updated-07 Aug, 2024 | 10:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

screenie in screenie 1.30.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.screenie.##### temporary file.

Action-Not Available
Vendor-marc_gloorn/a
Product-screenien/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found