Search Results (8800 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-0824 1 Freebsd 1 Point-to-point Protocol Daemon 2026-04-16 N/A
BSD pppd allows local users to change the permissions of arbitrary files via a symlink attack on a file that is specified as a tty device.
CVE-2002-0793 1 Blackberry 1 Qnx Neutrino Real-time Operating System 2026-04-16 5.5 Medium
Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 (aka QNX4) allow local users to overwrite arbitrary files via (1) the -f argument to the monitor utility, (2) the -d argument to dumper, (3) the -c argument to crttrap, or (4) using the Watcom sample utility.
CVE-2002-0725 1 Microsoft 2 Windows 2000, Windows Nt 2026-04-16 5.5 Medium
NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file.
CVE-2001-1556 1 Apache 1 Http Server 2026-04-16 3.3 Low
The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
CVE-2001-1494 3 Avaya, Kernel, Redhat 8 Cvlan, Integrated Management Suit, Interactive Response and 5 more 2026-04-16 5.5 Medium
script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.
CVE-2001-1386 1 Texasimperialsoftware 1 Wftpd 2026-04-16 7.5 High
WFTPD 3.00 allows remote attackers to read arbitrary files by uploading a (link) file that ends in a ".lnk." extension, which bypasses WFTPD's check for a ".lnk" extension.
CVE-2001-1378 2 Fetchmail, Redhat 2 Fetchmail, Linux 2026-04-16 N/A
fetchmailconf in fetchmail before 5.7.4 allows local users to overwrite files of other users via a symlink attack on temporary files.
CVE-2000-0944 1 Cgi 1 Script Center News Update 2026-04-16 9.8 Critical
CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password.
CVE-1999-0981 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka "Server-side Page Reference Redirect."
CVE-1999-0794 1 Microsoft 2 Excel, Office 2026-04-16 N/A
Microsoft Excel does not warn a user when a macro is present in a Symbolic Link (SYLK) format file.
CVE-1999-0783 1 Freebsd 1 Freebsd 2026-04-16 5.5 Medium
FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system.
CVE-1999-0013 1 Ssh 1 Ssh 2026-04-16 8.4 High
Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user.
CVE-2005-2527 1 Sun 1 Java 2026-04-16 N/A
Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to corrupt files or create arbitrary files via unspecified attack vectors related to a temporary directory, possibly due to a symlink attack.
CVE-1999-1386 1 Perl 1 Perl 2026-04-16 5.5 Medium
Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.
CVE-2003-1233 1 Pedestalsoftware 1 Integrity Protection Driver 2026-04-16 9.8 Critical
Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers, such as rootkits, to bypass file access restrictions to the Windows kernel by using the NtCreateSymbolicLinkObject function to create a symbolic link to (1) \Device\PhysicalMemory or (2) to a drive letter using the subst command.
CVE-2000-0342 1 Qualcomm 1 Eudora 2026-04-16 7.5 High
Eudora 4.x allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka "Stealth Attachment."
CVE-2000-1178 1 Joseph Allen 1 Joe 2026-04-16 5.5 Medium
Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes.
CVE-2005-3126 1 Antiword 1 Antiword 2026-04-16 N/A
The (1) kantiword (kantiword.sh) and (2) gantiword (gantiword.sh) scripts in antiword 0.35 and earlier allow local users to overwrite arbitrary files via a symlink attack on temporary (a) output and (b) error files.
CVE-2005-1880 1 Everybuddy 1 Everybuddy 2026-04-16 5.5 Medium
everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.
CVE-2005-1879 1 Lutel 1 Lutelwall 2026-04-16 5.5 Medium
LutelWall 0.97 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.