| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-4973 | 0.00 | — | 0.00 | Nov 6, 2008 | i2myspell in myspell 3.1 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/i2my#####.1 and (2) /tmp/i2my#####.2 temporary files. | |||
| CVE-2008-4972 | 0.00 | — | 0.00 | Nov 6, 2008 | mailgo in mgt 2.31 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mailgo##### temporary file. | |||
| CVE-2008-4971 | 0.00 | — | 0.00 | Nov 6, 2008 | mafft-homologs in mafft 6.240 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/_vf#?????, (2) /tmp/_if#?????, (3) /tmp/_pf#?????, (4) /tmp/_af#?????, (5) /tmp/_rid#?????, (6) /tmp/_res#?????, (7) /tmp/_q#?????, and (8) /tmp/_bf#????? temporary… | |||
| CVE-2008-4970 | 0.00 | — | 0.00 | Nov 6, 2008 | runiozone in lustre 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/iozone.log temporary file. | |||
| CVE-2008-4969 | 0.00 | — | 0.00 | Nov 6, 2008 | ltp-network-test 20060918 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/vsftpd.conf, (b) /tmp/udp/2/*, (c) /tmp/tcp/2/*, (d) /tmp/udp/3/*, (e) /tmp/tcp/3/*, (f) /tmp/nfs_fsstress.udp.2.log, (g) /tmp/nfs_fsstress.udp.3.log, (h)… | |||
| CVE-2008-4968 | 0.00 | — | 0.00 | Nov 6, 2008 | The (1) rccs and (2) STUFF scripts in lmbench 3.0-a7 allow local users to overwrite arbitrary files via a symlink attack on a /tmp/sdiff.##### temporary file. | |||
| CVE-2008-4967 | 0.00 | — | 0.00 | Nov 6, 2008 | linuxtrade 3.65 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/bwk, (b) /tmp/zzz, and (c) /tmp/ggg temporary files, related to the (1) linuxtrade.bwkvol, (2) linuxtrade.wn, and (3) moneyam.helper scripts. | |||
| CVE-2008-4966 | 0.00 | — | 0.00 | Nov 6, 2008 | linux-patch-openswan 2.4.12 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/snap##### and (b) /tmp/nightly##### temporary files, related to the (1) maysnap and (2) maytest scripts. | |||
| CVE-2008-4965 | 0.00 | — | 0.00 | Nov 6, 2008 | liguidsoap.py in liguidsoap 0.3.8.1+2 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/liguidsoap.liq, (2) /tmp/lig.#####.log, and (3) /tmp/emission.ogg temporary files. | |||
| CVE-2008-4964 | 0.00 | — | 0.00 | Nov 6, 2008 | filters/any-UTF8 in konwert 1.8 allows local users to delete arbitrary files via a symlink attack on a /tmp/any-##### temporary file. | |||
| CVE-2008-4963 | 0.00 | — | 0.02 | Nov 6, 2008 | Unspecified vulnerability in the VLAN Trunking Protocol (VTP) implementation on Cisco IOS and CatOS, when the VTP operating mode is not transparent, allows remote attackers to cause a denial of service (device reload or hang) via a crafted VTP packet sent to a switch interface… | |||
| CVE-2008-4395 | 0.00 | — | 0.02 | Nov 6, 2008 | Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux kernel 2.6 allow remote attackers to execute arbitrary code by sending packets over a local wireless network that specify long ESSIDs. | |||
| CVE-2008-4960 | 0.00 | — | 0.00 | Nov 5, 2008 | impose in impose+ 0.2 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/*-tmp.ps and (2) /tmp/bboxx-* temporary files. | |||
| CVE-2008-4959 | 0.00 | — | 0.00 | Nov 5, 2008 | geo-code in gpsdrive-scripts 2.10~pre4 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/geo.google, (2) /tmp/geo.yahoo, (3) /tmp/geo.coords, and (4) /tmp/geo#####.coords temporary files. | |||
| CVE-2008-4958 | 0.00 | — | 0.00 | Nov 5, 2008 | gdrae in gdrae 0.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gdrae/palabra temporary file. | |||
| CVE-2008-4957 | 0.00 | — | 0.00 | Nov 5, 2008 | find_flags in Kitware GCC-XML (gccxml) 0.9.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.cxx temporary file. | |||
| CVE-2008-4956 | 0.00 | — | 0.00 | Nov 5, 2008 | fwb_install in fwbuilder 2.1.19 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/ssh-agent.##### temporary file. | |||
| CVE-2008-4955 | 0.00 | — | 0.00 | Nov 5, 2008 | freevo.real in freevo 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/*-#####.pid, (2) /tmp/freevo-gdb, (3) /tmp/freevo-gdb.sh, and (4) /tmp/*.stats temporary files. NOTE: this issue is only a vulnerability when a verbose debug mode is… | |||
| CVE-2008-4954 | 0.00 | — | 0.00 | Nov 5, 2008 | mead.pl in fml 4.0.3 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/debugbuf temporary file. | |||
| CVE-2008-4953 | 0.00 | — | 0.00 | Nov 5, 2008 | firehol in firehol 1.256 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/.firehol-tmp-#####-*-* and (2) /tmp/firehol.conf temporary files. NOTE: the vendor disputes this vulnerability, stating that an attack "would require an attacker to create… | |||
| CVE-2008-4952 | 0.00 | — | 0.00 | Nov 5, 2008 | emacs-jabber in emacs-jabber 0.7.91 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.log temporary file. | |||
| CVE-2008-4951 | 0.00 | — | 0.00 | Nov 5, 2008 | dtc 0.29.6 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/awstats.log, (b) /tmp/spam.log.#####, and (c) /tmp/spam_err.log temporary files, related to the (1) accesslog.php and (2) sa-wrapper scripts. | |||
| CVE-2008-4950 | 0.00 | — | 0.00 | Nov 5, 2008 | gccross in dpkg-cross 2.3.0 allows local users to overwrite arbitrary files via a symlink attack on the tmp/gccross2.log temporary file. NOTE: the vendor disputes this vulnerability, stating that "There is no sense in this bug - the script ... is called under specific… | |||
| CVE-2008-4949 | 0.00 | — | 0.00 | Nov 5, 2008 | dist 3.5 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/cil#####, (b) /tmp/pdo#####, and (c) /tmp/pdn##### temporary files, related to the (1) patcil and (2) patdiff scripts. | |||
| CVE-2008-4948 | 0.00 | — | 0.00 | Nov 5, 2008 | fest.pl in digitaldj 0.7.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ddj_fest.tmp temporary file. | |||
| CVE-2008-4947 | 0.00 | — | 0.00 | Nov 5, 2008 | dhis-dummy-log-engine in dhis-server 5.3 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/dhis-dummy-log-engine.log temporary file. | |||
| CVE-2008-4946 | 0.00 | — | 0.00 | Nov 5, 2008 | convirt 0.8.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/set_output temporary file, related to the (1) _template_/provision.sh, (2) Linux_CD_Install/provision.sh, (3) Fedora_PV_Install/provision.sh, (4) CentOS_PV_Install/provision.sh, (5)… | |||
| CVE-2008-4945 | 0.00 | — | 0.00 | Nov 5, 2008 | amlabel-cdrw in cdrw-taper 0.4 might allow local users to overwrite arbitrary files via a symlink attack involving a /tmp/amlabel-cdrw.##### temporary directory. | |||
| CVE-2008-4944 | 0.00 | — | 0.00 | Nov 5, 2008 | writtercontrol in cdcontrol 1.90 allows local users to overwrite arbitrary files via a symlink attack on /tmp/v-recorder*-out temporary files. | |||
| CVE-2008-4943 | 0.00 | — | 0.00 | Nov 5, 2008 | bulmages-servers 0.11.1 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/error.txt, (b) /tmp/errores.txt, and possibly other temporary files, related to the (1) creabulmafact, (2) creabulmacont, and possibly (3) actualizabulmacont, (4)… | |||
| CVE-2008-4942 | 0.00 | — | 0.00 | Nov 5, 2008 | audiolink in audiolink 0.05 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/audiolink.db.tmp and (2) /tmp/audiolink.tb.tmp temporary files. | |||
| CVE-2008-4941 | 0.00 | — | 0.00 | Nov 5, 2008 | arb-common 0.0.20071207.1 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/arb_fdnaml_*, (b) /tmp/arb_pids_*, (c) /tmp/arbdsmz.html, and (d) /tmp/arbdsmz.htm temporary files, related to the (1) arb_fastdnaml and (2) dszmconnect.pl scripts. | |||
| CVE-2008-4940 | 0.00 | — | 0.00 | Nov 5, 2008 | xmlfile.py in aptoncd 0.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/aptoncd temporary file. | |||
| CVE-2008-4939 | 0.00 | — | 0.00 | Nov 5, 2008 | apertium 3.0.7 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/#####.lex.cc, (b) /tmp/#####.deformat.l, (c) /tmp/#####.reformat.l, (d) /tmp/#####docxorig, (e) /tmp/#####docxsalida.zip, (f) /tmp/#####xlsxembed, (g) /tmp/#####xlsxorig, and (h)… | |||
| CVE-2008-4938 | 0.00 | — | 0.00 | Nov 5, 2008 | aegis 4.24 and aegis-web 4.24 allow local users to overwrite arbitrary files via a symlink attack on (a) /tmp/#####, (b) /tmp/#####.intro, (c) /tmp/aegis.#####.ae, (d) /tmp/aegis.#####, (e) /tmp/aegis.#####.1, (f) /tmp/aegis.#####.2, (g) /tmp/aegis.#####.log, and (h)… | |||
| CVE-2008-4937 | 0.00 | — | 0.00 | Nov 5, 2008 | senddoc in OpenOffice.org (OOo) 2.4.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/log.obr.##### temporary file. | |||
| CVE-2008-4936 | 0.00 | — | 0.00 | Nov 5, 2008 | faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/faxsp.##### temporary file. | |||
| CVE-2008-4935 | 0.00 | — | 0.00 | Nov 5, 2008 | asciiview in aview 1.3.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/aview#####.pgm temporary file. | |||
| CVE-2008-4934 | 0.00 | — | 0.03 | Nov 5, 2008 | The hfsplus_block_allocate function in fs/hfsplus/bitmap.c in the Linux kernel before 2.6.28-rc1 does not check a certain return value from the read_mapping_page function before calling kmap, which allows attackers to cause a denial of service (system crash) via a crafted… | |||
| CVE-2008-4933 | 0.00 | — | 0.03 | Nov 5, 2008 | Buffer overflow in the hfsplus_find_cat function in fs/hfsplus/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfsplus filesystem image with an invalid catalog namelength field, related to… | |||
| CVE-2008-4932 | 0.03 | — | 0.06 | Nov 5, 2008 | webmail/modules/filesystem/edit.php in U-Mail Webmail server 4.91 allows remote attackers to overwrite arbitrary files via an absolute pathname in the path parameter and arbitrary content in the content parameter. NOTE: this can be leveraged for code execution by writing to a… | |||
| CVE-2008-4931 | 0.03 | — | 0.01 | Nov 5, 2008 | Cross-site scripting (XSS) vulnerability in the account module in firmCHANNEL Digital Signage 3.24, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the action parameter to index.php. | |||
| CVE-2008-4817 | 0.01 | — | 0.09 | Nov 5, 2008 | The Download Manager in Adobe Acrobat Professional and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that calls an AcroJS function with a long string argument, triggering heap corruption. | |||
| CVE-2008-4816 | 0.00 | — | 0.02 | Nov 5, 2008 | Unspecified vulnerability in the Download Manager in Adobe Reader 8.1.2 and earlier on Windows allows remote attackers to change Internet Security options on a client machine via unknown vectors. | |||
| CVE-2008-4815 | 0.01 | — | 0.08 | Nov 5, 2008 | Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 and earlier on Unix and Linux allows attackers to gain privileges via a Trojan Horse program in an unspecified directory that is associated with an insecure RPATH. | |||
| CVE-2008-4814 | 0.01 | — | 0.12 | Nov 5, 2008 | Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an "input validation issue." | |||
| CVE-2008-4813 | 0.01 | — | 0.10 | Nov 5, 2008 | Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allow remote attackers to execute arbitrary code via a crafted PDF document that (1) performs unspecified actions on a Collab object that trigger memory corruption, related to a GetCosObj method; or (2) contains a… | |||
| CVE-2008-4812 | 0.01 | — | 0.09 | Nov 5, 2008 | Array index error in Adobe Reader and Acrobat, and the Explorer extension (aka AcroRd32Info), 8.1.2, 8.1.1, and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that triggers an out-of-bounds write, related to parsing of Type 1 fonts. | |||
| CVE-2008-3527 | 0.00 | — | 0.00 | Nov 5, 2008 | arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects (vDSO) implementation in the Linux kernel before 2.6.21 does not properly check boundaries, which allows local users to gain privileges or cause a denial of service via unspecified vectors, related to the… | |||
| CVE-2008-4930 | 0.00 | — | 0.01 | Nov 4, 2008 | MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded file with a nonstandard file type that contains HTML sequences, which allows remote attackers to cause that file to be processed as HTML by Internet Explorer's content inspection, aka "Incomplete protection… |
- CVE-2008-4973Nov 6, 2008risk 0.00cvss —epss 0.00
i2myspell in myspell 3.1 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/i2my#####.1 and (2) /tmp/i2my#####.2 temporary files.
- CVE-2008-4972Nov 6, 2008risk 0.00cvss —epss 0.00
mailgo in mgt 2.31 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mailgo##### temporary file.
- CVE-2008-4971Nov 6, 2008risk 0.00cvss —epss 0.00
mafft-homologs in mafft 6.240 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/_vf#?????, (2) /tmp/_if#?????, (3) /tmp/_pf#?????, (4) /tmp/_af#?????, (5) /tmp/_rid#?????, (6) /tmp/_res#?????, (7) /tmp/_q#?????, and (8) /tmp/_bf#????? temporary…
- CVE-2008-4970Nov 6, 2008risk 0.00cvss —epss 0.00
runiozone in lustre 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/iozone.log temporary file.
- CVE-2008-4969Nov 6, 2008risk 0.00cvss —epss 0.00
ltp-network-test 20060918 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/vsftpd.conf, (b) /tmp/udp/2/*, (c) /tmp/tcp/2/*, (d) /tmp/udp/3/*, (e) /tmp/tcp/3/*, (f) /tmp/nfs_fsstress.udp.2.log, (g) /tmp/nfs_fsstress.udp.3.log, (h)…
- CVE-2008-4968Nov 6, 2008risk 0.00cvss —epss 0.00
The (1) rccs and (2) STUFF scripts in lmbench 3.0-a7 allow local users to overwrite arbitrary files via a symlink attack on a /tmp/sdiff.##### temporary file.
- CVE-2008-4967Nov 6, 2008risk 0.00cvss —epss 0.00
linuxtrade 3.65 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/bwk, (b) /tmp/zzz, and (c) /tmp/ggg temporary files, related to the (1) linuxtrade.bwkvol, (2) linuxtrade.wn, and (3) moneyam.helper scripts.
- CVE-2008-4966Nov 6, 2008risk 0.00cvss —epss 0.00
linux-patch-openswan 2.4.12 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/snap##### and (b) /tmp/nightly##### temporary files, related to the (1) maysnap and (2) maytest scripts.
- CVE-2008-4965Nov 6, 2008risk 0.00cvss —epss 0.00
liguidsoap.py in liguidsoap 0.3.8.1+2 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/liguidsoap.liq, (2) /tmp/lig.#####.log, and (3) /tmp/emission.ogg temporary files.
- CVE-2008-4964Nov 6, 2008risk 0.00cvss —epss 0.00
filters/any-UTF8 in konwert 1.8 allows local users to delete arbitrary files via a symlink attack on a /tmp/any-##### temporary file.
- CVE-2008-4963Nov 6, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in the VLAN Trunking Protocol (VTP) implementation on Cisco IOS and CatOS, when the VTP operating mode is not transparent, allows remote attackers to cause a denial of service (device reload or hang) via a crafted VTP packet sent to a switch interface…
- CVE-2008-4395Nov 6, 2008risk 0.00cvss —epss 0.02
Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux kernel 2.6 allow remote attackers to execute arbitrary code by sending packets over a local wireless network that specify long ESSIDs.
- CVE-2008-4960Nov 5, 2008risk 0.00cvss —epss 0.00
impose in impose+ 0.2 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/*-tmp.ps and (2) /tmp/bboxx-* temporary files.
- CVE-2008-4959Nov 5, 2008risk 0.00cvss —epss 0.00
geo-code in gpsdrive-scripts 2.10~pre4 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/geo.google, (2) /tmp/geo.yahoo, (3) /tmp/geo.coords, and (4) /tmp/geo#####.coords temporary files.
- CVE-2008-4958Nov 5, 2008risk 0.00cvss —epss 0.00
gdrae in gdrae 0.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gdrae/palabra temporary file.
- CVE-2008-4957Nov 5, 2008risk 0.00cvss —epss 0.00
find_flags in Kitware GCC-XML (gccxml) 0.9.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.cxx temporary file.
- CVE-2008-4956Nov 5, 2008risk 0.00cvss —epss 0.00
fwb_install in fwbuilder 2.1.19 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/ssh-agent.##### temporary file.
- CVE-2008-4955Nov 5, 2008risk 0.00cvss —epss 0.00
freevo.real in freevo 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/*-#####.pid, (2) /tmp/freevo-gdb, (3) /tmp/freevo-gdb.sh, and (4) /tmp/*.stats temporary files. NOTE: this issue is only a vulnerability when a verbose debug mode is…
- CVE-2008-4954Nov 5, 2008risk 0.00cvss —epss 0.00
mead.pl in fml 4.0.3 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/debugbuf temporary file.
- CVE-2008-4953Nov 5, 2008risk 0.00cvss —epss 0.00
firehol in firehol 1.256 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/.firehol-tmp-#####-*-* and (2) /tmp/firehol.conf temporary files. NOTE: the vendor disputes this vulnerability, stating that an attack "would require an attacker to create…
- CVE-2008-4952Nov 5, 2008risk 0.00cvss —epss 0.00
emacs-jabber in emacs-jabber 0.7.91 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.log temporary file.
- CVE-2008-4951Nov 5, 2008risk 0.00cvss —epss 0.00
dtc 0.29.6 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/awstats.log, (b) /tmp/spam.log.#####, and (c) /tmp/spam_err.log temporary files, related to the (1) accesslog.php and (2) sa-wrapper scripts.
- CVE-2008-4950Nov 5, 2008risk 0.00cvss —epss 0.00
gccross in dpkg-cross 2.3.0 allows local users to overwrite arbitrary files via a symlink attack on the tmp/gccross2.log temporary file. NOTE: the vendor disputes this vulnerability, stating that "There is no sense in this bug - the script ... is called under specific…
- CVE-2008-4949Nov 5, 2008risk 0.00cvss —epss 0.00
dist 3.5 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/cil#####, (b) /tmp/pdo#####, and (c) /tmp/pdn##### temporary files, related to the (1) patcil and (2) patdiff scripts.
- CVE-2008-4948Nov 5, 2008risk 0.00cvss —epss 0.00
fest.pl in digitaldj 0.7.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ddj_fest.tmp temporary file.
- CVE-2008-4947Nov 5, 2008risk 0.00cvss —epss 0.00
dhis-dummy-log-engine in dhis-server 5.3 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/dhis-dummy-log-engine.log temporary file.
- CVE-2008-4946Nov 5, 2008risk 0.00cvss —epss 0.00
convirt 0.8.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/set_output temporary file, related to the (1) _template_/provision.sh, (2) Linux_CD_Install/provision.sh, (3) Fedora_PV_Install/provision.sh, (4) CentOS_PV_Install/provision.sh, (5)…
- CVE-2008-4945Nov 5, 2008risk 0.00cvss —epss 0.00
amlabel-cdrw in cdrw-taper 0.4 might allow local users to overwrite arbitrary files via a symlink attack involving a /tmp/amlabel-cdrw.##### temporary directory.
- CVE-2008-4944Nov 5, 2008risk 0.00cvss —epss 0.00
writtercontrol in cdcontrol 1.90 allows local users to overwrite arbitrary files via a symlink attack on /tmp/v-recorder*-out temporary files.
- CVE-2008-4943Nov 5, 2008risk 0.00cvss —epss 0.00
bulmages-servers 0.11.1 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/error.txt, (b) /tmp/errores.txt, and possibly other temporary files, related to the (1) creabulmafact, (2) creabulmacont, and possibly (3) actualizabulmacont, (4)…
- CVE-2008-4942Nov 5, 2008risk 0.00cvss —epss 0.00
audiolink in audiolink 0.05 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/audiolink.db.tmp and (2) /tmp/audiolink.tb.tmp temporary files.
- CVE-2008-4941Nov 5, 2008risk 0.00cvss —epss 0.00
arb-common 0.0.20071207.1 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/arb_fdnaml_*, (b) /tmp/arb_pids_*, (c) /tmp/arbdsmz.html, and (d) /tmp/arbdsmz.htm temporary files, related to the (1) arb_fastdnaml and (2) dszmconnect.pl scripts.
- CVE-2008-4940Nov 5, 2008risk 0.00cvss —epss 0.00
xmlfile.py in aptoncd 0.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/aptoncd temporary file.
- CVE-2008-4939Nov 5, 2008risk 0.00cvss —epss 0.00
apertium 3.0.7 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/#####.lex.cc, (b) /tmp/#####.deformat.l, (c) /tmp/#####.reformat.l, (d) /tmp/#####docxorig, (e) /tmp/#####docxsalida.zip, (f) /tmp/#####xlsxembed, (g) /tmp/#####xlsxorig, and (h)…
- CVE-2008-4938Nov 5, 2008risk 0.00cvss —epss 0.00
aegis 4.24 and aegis-web 4.24 allow local users to overwrite arbitrary files via a symlink attack on (a) /tmp/#####, (b) /tmp/#####.intro, (c) /tmp/aegis.#####.ae, (d) /tmp/aegis.#####, (e) /tmp/aegis.#####.1, (f) /tmp/aegis.#####.2, (g) /tmp/aegis.#####.log, and (h)…
- CVE-2008-4937Nov 5, 2008risk 0.00cvss —epss 0.00
senddoc in OpenOffice.org (OOo) 2.4.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/log.obr.##### temporary file.
- CVE-2008-4936Nov 5, 2008risk 0.00cvss —epss 0.00
faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/faxsp.##### temporary file.
- CVE-2008-4935Nov 5, 2008risk 0.00cvss —epss 0.00
asciiview in aview 1.3.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/aview#####.pgm temporary file.
- CVE-2008-4934Nov 5, 2008risk 0.00cvss —epss 0.03
The hfsplus_block_allocate function in fs/hfsplus/bitmap.c in the Linux kernel before 2.6.28-rc1 does not check a certain return value from the read_mapping_page function before calling kmap, which allows attackers to cause a denial of service (system crash) via a crafted…
- CVE-2008-4933Nov 5, 2008risk 0.00cvss —epss 0.03
Buffer overflow in the hfsplus_find_cat function in fs/hfsplus/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfsplus filesystem image with an invalid catalog namelength field, related to…
- CVE-2008-4932Nov 5, 2008risk 0.03cvss —epss 0.06
webmail/modules/filesystem/edit.php in U-Mail Webmail server 4.91 allows remote attackers to overwrite arbitrary files via an absolute pathname in the path parameter and arbitrary content in the content parameter. NOTE: this can be leveraged for code execution by writing to a…
- CVE-2008-4931Nov 5, 2008risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the account module in firmCHANNEL Digital Signage 3.24, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the action parameter to index.php.
- CVE-2008-4817Nov 5, 2008risk 0.01cvss —epss 0.09
The Download Manager in Adobe Acrobat Professional and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that calls an AcroJS function with a long string argument, triggering heap corruption.
- CVE-2008-4816Nov 5, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Download Manager in Adobe Reader 8.1.2 and earlier on Windows allows remote attackers to change Internet Security options on a client machine via unknown vectors.
- CVE-2008-4815Nov 5, 2008risk 0.01cvss —epss 0.08
Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 and earlier on Unix and Linux allows attackers to gain privileges via a Trojan Horse program in an unspecified directory that is associated with an insecure RPATH.
- CVE-2008-4814Nov 5, 2008risk 0.01cvss —epss 0.12
Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an "input validation issue."
- CVE-2008-4813Nov 5, 2008risk 0.01cvss —epss 0.10
Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allow remote attackers to execute arbitrary code via a crafted PDF document that (1) performs unspecified actions on a Collab object that trigger memory corruption, related to a GetCosObj method; or (2) contains a…
- CVE-2008-4812Nov 5, 2008risk 0.01cvss —epss 0.09
Array index error in Adobe Reader and Acrobat, and the Explorer extension (aka AcroRd32Info), 8.1.2, 8.1.1, and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that triggers an out-of-bounds write, related to parsing of Type 1 fonts.
- CVE-2008-3527Nov 5, 2008risk 0.00cvss —epss 0.00
arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects (vDSO) implementation in the Linux kernel before 2.6.21 does not properly check boundaries, which allows local users to gain privileges or cause a denial of service via unspecified vectors, related to the…
- CVE-2008-4930Nov 4, 2008risk 0.00cvss —epss 0.01
MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded file with a nonstandard file type that contains HTML sequences, which allows remote attackers to cause that file to be processed as HTML by Internet Explorer's content inspection, aka "Incomplete protection…