Search Results (8830 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-4173 1 Openfabrics 1 Libsdp 2025-04-11 N/A
The default configuration of libsdp.conf in libsdp 1.1.104 and earlier creates log files in /tmp, which allows local users to overwrite arbitrary files via a (1) symlink or (2) hard link attack on the libsdp.log.##### temporary file.
CVE-2012-2093 1 Gajim 1 Gajim 2025-04-11 N/A
src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary files via a symlink attack on a temporary latex file, related to the get_tmpfile_name function.
CVE-2012-3440 2 Redhat, Todd Miller 2 Enterprise Linux, Sudo 2025-04-11 N/A
A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file.
CVE-2011-0702 1 Feh Project 1 Feh 2025-04-11 N/A
The feh_unique_filename function in utils.c in feh before 1.11.2 might allow local users to overwrite arbitrary files via a symlink attack on a /tmp/feh_ temporary file.
CVE-2010-1183 1 Sun 1 Solaris 2025-04-11 N/A
Certain patch-installation scripts in Oracle Solaris allow local users to append data to arbitrary files via a symlink attack on the /tmp/CLEANUP temporary file, related to use of Update Manager.
CVE-2013-2217 3 Jeff Ortel, Opensuse, Redhat 3 Suds, Opensuse, Enterprise Linux 2025-04-11 N/A
cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/.
CVE-2011-0754 2 Microsoft, Php 2 Windows, Php 2025-04-11 N/A
The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check.
CVE-2010-2056 1 Gnu 1 Gv 2025-04-11 N/A
GNU gv before 3.7.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
CVE-2010-3258 1 Google 1 Chrome 2025-04-11 N/A
The sandbox implementation in Google Chrome before 6.0.472.53 does not properly deserialize parameters, which has unspecified impact and remote attack vectors.
CVE-2022-47037 1 Siklu 10 Tg Firmware, Tg Lr T280, Tg Mpl-261 and 7 more 2025-04-10 7.5 High
Siklu TG Terragraph devices before 2.1.1 allow attackers to discover valid, randomly generated credentials via GetCredentials.
CVE-2024-51542 1 Abb 41 Aspect-ent-12, Aspect-ent-12 Firmware, Aspect-ent-2 and 38 more 2025-04-10 8.2 High
Configuration Download vulnerabilities allow access to dependency configuration information.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
CVE-2024-51546 1 Abb 41 Aspect-ent-12, Aspect-ent-12 Firmware, Aspect-ent-2 and 38 more 2025-04-10 7.5 High
Credentials Disclosure vulnerabilities allow access to on board project back-up bundles.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
CVE-2022-4236 1 Welcart 1 Welcart E-commerce 2025-04-10 6.5 Medium
The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file via an AJAX action available to any authenticated users, which could allow users with a role as low as subscriber to read arbitrary files on the server.
CVE-2024-9052 2025-04-10 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-57762 1 Wangl1989 1 Mysiteforme 2025-04-10 7.5 High
MSFM before v2025.01.01 was discovered to contain a deserialization vulnerability via the pom.xml configuration file.
CVE-2024-57763 1 Wangl1989 1 Mysiteforme 2025-04-10 9.1 Critical
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/addField.
CVE-2024-57764 1 Wangl1989 1 Mysiteforme 2025-04-10 9.1 Critical
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/add.
CVE-2024-57766 1 Wangl1989 1 Mysiteforme 2025-04-10 9.1 Critical
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/editField.
CVE-2023-40510 1 Lg 1 Simple Editor 2025-04-10 7.5 High
LG Simple Editor getServerSetting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getServerSetting method. The issue results from the exposure of plaintext credentials. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-20012.
CVE-2023-40511 1 Lg 1 Simple Editor 2025-04-10 7.5 High
LG Simple Editor checkServer Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the checkServer method. The issue results from the exposure of plaintext credentials. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-20013.