CVE-2008-5743

pdfjam creates the 1 pdf90, 2 pdfjoin, and 3 pdfnup files with a predictable name, which allows local users to overwrite arbitrary files via a symlink attack...

CVE-2008-4959

geo-code in gpsdrive-scripts 2.10pre4 allows local users to overwrite arbitrary files via a symlink attack on 1 /tmp/geo.google, 2 /tmp/geo.yahoo, 3 /tmp/geo.coords, and 4 /tmp/geo.coords temporary files...

CVE-2013-4262

svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions ADT3. The irkerbridge.py issue is covered by...

CVE-2012-4454

openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the 1 .pkapixpk or 2 .pkcs11spinloc file in /tmp...

CVE-2012-0808

as31 2.3.1-4 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack...

pam: pam_env and pam_mail accessing users' file with root privileges

The 1 pamenv and 2 pammail modules in Linux-PAM aka pam before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem activity, as demonstrated by a...

CVE-2009-0313

winetricks before 20081223 allows local users to overwrite arbitrary files via a symlink attack on the xshowmenu.txt temporary file...

CVE-2005-2672

pwmconfig in LMsensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file...