| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1151 |
CVE-2002-1508 |
|
|
|
2003-02-19 |
2008-09-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users to overwrite arbitrary files via a race condition during the creation of a log file for rejected replication requests. |
|
1152 |
CVE-2002-0760 |
|
|
|
2002-08-12 |
2008-09-05 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed. |
|
1153 |
CVE-2002-0435 |
|
|
|
2002-07-26 |
2008-09-05 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it is being deleted, which causes fileutils to chdir to a ".." directory that is higher than expected, possibly up to the root file system. |
|
1154 |
CVE-2002-0415 |
|
|
Dir. Trav. |
2002-08-12 |
2008-09-05 |
1.7 |
None |
Local |
Low |
??? |
Partial |
None |
None |
|
Directory traversal vulnerability in the web server used in RealPlayer 6.0.7, and possibly other versions, may allow local users to read files that are accessible to RealPlayer via a .. (dot dot) in an HTTP GET request to port 1275. |
|
1155 |
CVE-2002-0296 |
|
|
|
2002-05-31 |
2017-07-11 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
The installation of Tarantella Enterprise 3 allows local users to overwrite arbitrary files via a symlink attack on the "spinning" temporary file. |
|
1156 |
CVE-2002-0271 |
|
|
|
2002-05-29 |
2016-10-18 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
Runtime library in GNU Ada compiler (GNAT) 3.12p through 3.14p allows local users to modify files of other users via a symlink attack on temporary files. |
|
1157 |
CVE-2002-0141 |
|
|
|
2002-03-25 |
2008-11-04 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
Maelstrom GPL 3.0.1 allows local users to overwrite arbitrary files of other Maelstrom users via a symlink attack on the /tmp/f file. |
|
1158 |
CVE-2001-1346 |
|
|
|
2001-05-18 |
2021-04-07 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT) allows local users to overwrite arbitrary files via a symlink attack on the temporary files (1) asagent.tmp or (2) inetd.tmp. |
|
1159 |
CVE-2001-1333 |
|
|
|
2001-05-10 |
2008-09-05 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
Linux CUPS before 1.1.6 does not securely handle temporary files, possibly due to a symlink vulnerability that could allow local users to overwrite files. |
|
1160 |
CVE-2001-1331 |
|
|
|
2001-05-03 |
2008-09-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
mandb in the man-db package before 2.3.16-3 allows local users to overwrite arbitrary files via the command line options (1) -u or (2) -c, which do not drop privileges and follow symlinks. |
|
1161 |
CVE-2001-1301 |
|
|
|
2001-08-07 |
2008-09-05 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file. |
|
1162 |
CVE-2001-1276 |
|
|
|
2001-06-21 |
2016-10-18 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
ispell before 3.1.20 allows local users to overwrite files of other users via a symlink attack on a temporary file. |
|
1163 |
CVE-2001-1256 |
|
|
|
2001-06-11 |
2017-12-19 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create arbitrary world-writeable files via a symlink attack on the (1) /tmp/.kmmodreg_lock and (2) /tmp/kmpath.tmp temporary files. |
|
1164 |
CVE-2001-1146 |
|
|
|
2001-07-11 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
AllCommerce with debugging enabled in EnGarde Secure Linux 1.0.1 creates temporary files with predictable names, which allows local users to modify files via a symlink attack. |
|
1165 |
CVE-2001-1047 |
|
|
DoS |
2001-06-02 |
2017-12-19 |
1.2 |
None |
Local |
High |
Not required |
None |
None |
Partial |
|
Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or (2) calling dup2 on a file descriptor in one process, then setting the descriptor to NULL via a close in another process that is created via rfork. |
|
1166 |
CVE-2001-0887 |
|
|
|
2002-01-15 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
xSANE 0.81 and earlier allows local users to modify files of other xSANE users via a symlink attack on temporary files. |
|
1167 |
CVE-2001-0222 |
|
|
|
2001-03-26 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack. |
|
1168 |
CVE-2001-0143 |
|
|
|
2001-03-12 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack. |
|
1169 |
CVE-2001-0142 |
|
|
|
2001-03-12 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations. |
|
1170 |
CVE-2001-0141 |
|
|
|
2001-03-12 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
mgetty 1.1.22 allows local users to overwrite arbitrary files via a symlink attack in some configurations. |
|
1171 |
CVE-2001-0140 |
|
|
|
2001-03-12 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
arpwatch 2.1a4 allows local users to overwrite arbitrary files via a symlink attack in some configurations. |
|
1172 |
CVE-2001-0139 |
|
|
|
2001-03-12 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations. |
|
1173 |
CVE-2001-0138 |
|
|
|
2001-03-12 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack. |
|
1174 |
CVE-2001-0132 |
|
|
|
2001-03-12 |
2008-09-05 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
Interscan VirusWall 3.6.x and earlier follows symbolic links when uninstalling the product, which allows local users to overwrite arbitrary files via a symlink attack. |
|
1175 |
CVE-2001-0125 |
|
|
|
2001-03-12 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
exmh 2.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the exmhErrorMsg temporary file. |
|
1176 |
CVE-2001-0120 |
|
|
|
2001-03-12 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
useradd program in shadow-utils program may allow local users to overwrite arbitrary files via a symlink attack. |
|
1177 |
CVE-2001-0119 |
|
|
|
2001-03-12 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
getty_ps 2.0.7j allows local users to overwrite arbitrary files via a symlink attack. |
|
1178 |
CVE-2001-0118 |
|
|
|
2001-03-12 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
rdist 6.1.5 allows local users to overwrite arbitrary files via a symlink attack. |
|
1179 |
CVE-2001-0117 |
|
|
|
2001-03-12 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
sdiff 2.7 in the diffutils package allows local users to overwrite files via a symlink attack. |
|
1180 |
CVE-2001-0116 |
|
|
|
2001-03-12 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
gpm 1.19.3 allows local users to overwrite arbitrary files via a symlink attack. |
|
1181 |
CVE-2001-0109 |
|
|
|
2001-03-12 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
rctab in SuSE 7.0 and earlier allows local users to create or overwrite arbitrary files via a symlink attack on the rctmp temporary file. |
|
1182 |
CVE-2001-0095 |
|
|
|
2001-02-12 |
2018-10-30 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
catman in Solaris 2.7 and 2.8 allows local users to overwrite arbitrary files via a symlink attack on the sman_PID temporary file. |
|
1183 |
CVE-2001-0036 |
|
|
|
2001-02-16 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
KTH Kerberos IV allows local users to overwrite arbitrary files via a symlink attack on a ticket file. |
|
1184 |
CVE-2000-1045 |
|
|
DoS |
2000-12-11 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
None |
Partial |
|
nss_ldap earlier than 121, when run with nscd (name service caching daemon), allows remote attackers to cause a denial of service via a flood of LDAP requests. |
|
1185 |
CVE-2000-0959 |
|
|
|
2000-12-19 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack. |
|
1186 |
CVE-2000-0890 |
|
|
|
2001-02-16 |
2018-05-03 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
periodic in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows local users to overwrite arbitrary files via a symlink attack. |
|
1187 |
CVE-2000-0723 |
|
|
|
2000-10-20 |
2008-09-05 |
1.2 |
None |
Local |
High |
Not required |
None |
None |
Partial |
|
Helix GNOME Updater helix-update 0.5 and earlier does not properly create /tmp directories, which allows local users to create empty system configuration files such as /etc/config.d/bashrc, /etc/config.d/csh.cshrc, and /etc/rc.config. |
|
1188 |
CVE-2000-0718 |
|
|
|
2000-10-20 |
2008-09-05 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
A race condition in MandrakeUpdate allows local users to modify RPM files while they are in the /tmp directory before they are installed. |
|
1189 |
CVE-2000-0371 |
|
|
|
1999-03-01 |
2008-09-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
The libmediatool library used for the KDE mediatool allows local users to create arbitrary files via a symlink attack. |
|
1190 |
CVE-2000-0224 |
|
|
+Priv |
2000-02-15 |
2008-09-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
ARCserve agent in SCO UnixWare 7.x allows local attackers to gain root privileges via a symlink attack. |
|
1191 |
CVE-2000-0210 |
|
|
|
2000-02-21 |
2008-09-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
The lit program in Sun Flex License Manager (FlexLM) follows symlinks, which allows local users to modify arbitrary files. |
|
1192 |
CVE-2000-0154 |
|
|
|
2000-02-16 |
2008-09-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
The ARCserve agent in UnixWare allows local attackers to modify arbitrary files via a symlink attack. |
|
1193 |
CVE-1999-1486 |
|
|
|
1998-02-25 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
sadc in IBM AIX 4.1 through 4.3, when called from programs such as timex that are setgid adm, allows local users to overwrite arbitrary files via a symlink attack. |
|
1194 |
CVE-1999-1480 |
|
|
|
1998-06-11 |
2008-09-05 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
(1) acledit and (2) aclput in AIX 4.3 allow local users to create or modify files via a symlink attack. |
|
1195 |
CVE-1999-1042 |
|
|
|
1999-12-31 |
2008-09-05 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
Cisco Resource Manager (CRM) 1.0 and 1.1 creates world-readable log files and temporary files, which may expose sensitive information, to local users such as user IDs, passwords and SNMP community strings. |
|
1196 |
CVE-1999-0475 |
|
|
|
1999-04-05 |
2008-09-09 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
A race condition in how procmail handles .procmailrc files allows a local user to read arbitrary files available to the user who is running procmail. |
|
1197 |
CVE-1999-0371 |
|
|
|
1999-02-11 |
2008-09-09 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
Lynx allows a local user to overwrite sensitive files through /tmp symlinks. |
|
1198 |
CVE-1999-0078 |
|
|
Exec Code |
1996-04-18 |
2018-10-30 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call. |
