|
318251
|
5.5 |
MEDIUM
Local
|
everybuddy
|
everybuddy
|
everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.
|
CWE-59
Link Following
|
CVE-2005-1880
|
2024-01-27 02:00 |
2005-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
318252
|
5.5 |
MEDIUM
Local
|
mathopd
|
mathopd
|
The internal_dump function in Mathopd before 1.5p5, and 1.6x before 1.6b6 BETA, when Mathopd is running with the -n option, allows local users to overwrite arbitrary files via a symlink attack on dum…
|
CWE-59
Link Following
|
CVE-2005-0824
|
2024-01-27 02:00 |
2005-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
318253
|
5.5 |
MEDIUM
Local
|
joseph_allen
|
joe
|
Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes.
|
CWE-59
Link Following
|
CVE-2000-1178
|
2024-01-27 01:59 |
2001-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
318254
|
5.5 |
MEDIUM
Local
|
hp
|
hp-ux
|
HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messa…
|
CWE-59
Link Following
|
CVE-2000-0972
|
2024-01-27 01:56 |
2000-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
318255
|
5.5 |
MEDIUM
Local
|
perl
|
perl
|
Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.
|
CWE-59
Link Following
|
CVE-1999-1386
|
2024-01-27 01:54 |
1999-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
318256
|
5.5 |
MEDIUM
Local
|
freebsd
|
freebsd
|
FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system.
|
CWE-59
Link Following
|
CVE-1999-0783
|
2024-01-27 01:54 |
1998-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
318257
|
- |
|
nextweb
|
nextweb_\(i\)site
|
NEXTWEB (i)Site stores databases under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to databases/Users.md…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2005-1835
|
2024-01-26 06:50 |
2005-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
318258
|
7.5 |
HIGH
Network
|
kde
debian
|
kde
debian_linux
|
The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and…
|
CWE-281
Improper Preservation of Permissions
|
CVE-2005-1920
|
2024-01-26 06:11 |
2005-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
318259
|
- |
|
baalsystems
|
baal_smart_forms
|
Baal Smart Forms before 3.2 allows remote attackers to bypass authentication and obtain system access via a direct request to regadmin.php.
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2004-2144
|
2024-01-26 06:11 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
318260
|
- |
|
phpmyfaq
|
phpmyfaq
|
phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request.
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2004-2257
|
2024-01-26 06:11 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
