CVE & Exploit Intelligence Database

CVE-2006-5178 1 PoC Analysis EPSS 0.00

Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the open_basedir check and before the file is opened by the underlying system, as demonstrated by symlinking a symlink into a subdirectory, to point to a parent directory via .. (dot dot) sequences, and then unlinking the resulting symlink.

CWE-362 Oct 10, 2006

CVE-2006-4801 EPSS 0.00

Race condition in Deja Vu, as used in Roxio Toast Titanium 7 and possibly other products, allows local users to execute arbitrary code via temporary files, including dejavu_manual.rb, which are executed with raised privileges.

CWE-362 Sep 14, 2006

CVE-2006-0039 EPSS 0.00

Race condition in the do_add_counters function in netfilter for Linux kernel 2.6.16 allows local users with CAP_NET_ADMIN capabilities to read kernel memory by triggering the race condition in a way that produces a size value that is inconsistent with allocated memory, which leads to a buffer over-read in IPT_ENTRY_ITERATE.

CWE-362 May 19, 2006

CVE-2006-2094 1 PoC Analysis EPSS 0.38

Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control.

CWE-362 Apr 29, 2006

CVE-2006-1057 EPSS 0.00

Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file.

CWE-362 Apr 25, 2006

CVE-2005-3240 EPSS 0.10

Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window.

CWE-362 Dec 31, 2005

CVE-2004-2698 1 PoC Analysis EPSS 0.00

Race condition in IMWheel 1.0.0pre11 and earlier, when running with the -k option, allows local users to cause a denial of service (IMWheel crash) and possibly modify arbitrary files via a symlink attack on the imwheel.pid file.

CWE-362 Dec 31, 2004

CVE-2004-2491 1 PoC Analysis EPSS 0.10

A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before the page has been loaded, which allows remote attackers to spoof the URL in the address bar via the window.open and location.replace HTML parameters, which facilitates phishing attacks.

CWE-362 Dec 31, 2004

CVE-2004-2659 EPSS 0.00

Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears. NOTE: this is a different issue than CVE-2005-2407.

CWE-362 Dec 31, 2004

CVE-2004-2697 1 PoC Analysis EPSS 0.01

The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 and 5.1 allows local users to gain privileges via a symlink attack on a command line argument (log file). NOTE: this might be related to CVE-2006-5002.

CWE-362 Dec 31, 2004

CVE-2003-1562 EPSS 0.01

sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190.

CWE-362 Dec 31, 2003

CVE-2003-1438 EPSS 0.00

Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user.

CWE-362 Dec 31, 2003

CVE-2002-2244 EPSS 0.00

Akfingerd 0.5 and earlier versions allow local users to cause a denial of service (crash) via a .plan with a symlink to /dev/urandom or other device, then disconnecting while data is being transferred, which causes a SIGPIPE error that Akfingerd cannot handle.

CWE-362 Dec 31, 2002

CVE-2002-2374 EPSS 0.00

Unspecified vulnerability in pprosetup in Sun PatchPro 2.0 has unknown impact and attack vectors related to "unsafe use of temporary files."

CWE-362 Dec 31, 2002

CVE-2000-0864 1 PoC Analysis EPSS 0.00

Race condition in the creation of a Unix domain socket in GNOME esound 0.2.19 and earlier allows a local user to change the permissions of arbitrary files and directories, and gain additional privileges, via a symlink attack.

CWE-362 Nov 14, 2000

CVE-1999-0861 EPSS 0.05

Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext.

CWE-362 Aug 11, 1999