CVE-2008-5137

tkman in tkman 2.2 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/tkman##### or (2) /tmp/ll temporary file.

Publication date: Tue, 18 Nov 2008 22:00:00 +0000

Cyber News related to CVE-2008-5137

CVE-2007-4851 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-5137. Reason: This candidate is a duplicate of CVE-2007-5137. Notes: All CVE users should reference CVE-2007-5137 instead of this candidate. All references and descriptions in ...
55 years ago Tenable.com

CVE-2008-5137 - tkman in tkman 2.2 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/tkman##### or (2) /tmp/ll temporary file. ...
15 years ago

CVE-2008-1378 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-2360, CVE-2008-2361, CVE-2008-2362. Reason: This candidate has been withdrawn by its CNA. It was SPLIT into separate candidates before publication. Notes: All CVE users should ...
55 years ago Tenable.com

CVE-2008-2617 - Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than ...
7 years ago

CVE-2008-2615 - Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than ...
7 years ago

CVE-2008-2621 - Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than ...
7 years ago

CVE-2008-2622 - Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than ...
7 years ago

CVE-2008-2616 - Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than ...
7 years ago

CVE-2008-2618 - Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than ...
7 years ago

CVE-2008-2620 - Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than ...
7 years ago

CVE-2008-3892 - Buffer overflow in a certain ActiveX control in the COM API in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build ...
6 years ago

CVE-2009-5137 - Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arbitrary code via a long URL in the [playlist] section in a .pls file, a different vector than CVE-2009-1667. ...
11 years ago

CVE-2016-5137 - The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and ...
7 years ago

CVE-2007-5137 - Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl (Tcl/Tk) 8.4.13 through 8.4.15 allows remote attackers to execute arbitrary code via multi-frame interlaced GIF files in which later frames are smaller than the first. NOTE: this ...
7 years ago

CVE-2009-1667 - Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arbitrary code via a long entry in a .m3u file, a different vector than CVE-2009-5137. ...
7 years ago

CVE-2007-5378 - Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk Toolkit 8.4.12 and earlier, and 8.3.5 and earlier, allows user-assisted attackers to cause a denial of service (segmentation fault) via an animated GIF in which the first subimage is ...
6 years ago

CVE-2013-5137 - IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API. ...
11 years ago

CVE-2017-5137 - An issue was discovered on SendQuick Entera and Avera devices before 2HF16. An attacker could request and download the SMS logs from an unauthenticated perspective. ...
7 years ago

CVE-2011-5137 - Multiple SQL injection vulnerabilities in tForum b0.915 allow remote attackers to execute arbitrary SQL commands via the (1) TopicID parameter to viewtopic.php, the (2) BoardID parameter to viewboard.php, or (3) CatID parameter to viewcat.php. ...
7 years ago

CVE-2018-5137 - A legacy extension's non-contentaccessible, defined resources can be loaded by an arbitrary web page through script. This script does this by using a maliciously crafted path string to reference the resources. Note: this vulnerability does not ...
6 years ago

CVE-2014-5137 - Innovative Interfaces Sierra Library Services Platform 1.2_3 provides different responses for login request depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of login requests, ...
6 years ago

CVE-2006-5137 - Multiple direct static code injection vulnerabilities in Groupee UBB.threads 6.5.1.1 allow remote attackers to (1) inject PHP code via a theme[] array parameter to admin/doedittheme.php, which is injected into includes/theme.inc.php; (2) inject PHP ...
6 years ago

CVE-2012-5137 - Use-after-free vulnerability in Google Chrome before 23.0.1271.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the Media Source API. ...
6 years ago

CVE-2017-16597 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Authentication is not required to exploit this vulnerability. The specific flaw exists within ...
5 years ago

CVE-2010-5137 - wxBitcoin and bitcoind before 0.3.5 allow remote attackers to cause a denial of service (daemon crash) via a Bitcoin transaction containing an OP_LSHIFT script opcode. ...
4 years ago

Latest Cyber News

CVE-2025-24982 - 1 day ago
CVE-2025-22475 - 1 day ago
CVE-2025-1003 - 1 day ago
CVE-2025-0148 - 1 day ago
CVE-2025-24957 - 1 day ago
CVE-2025-24958 - 1 day ago
CVE-2025-22129 - 1 day ago
CVE-2025-23210 - 1 day ago
CVE-2025-24029 - 1 day ago
CVE-2025-24371 - 1 day ago
CVE-2025-24901 - 1 day ago
CVE-2025-24902 - 1 day ago
CVE-2025-24905 - 1 day ago
CVE-2025-24906 - 1 day ago
CVE-2024-35177 - 1 day ago
CVE-2024-47770 - 1 day ago
CVE-2025-24960 - 1 day ago
CVE-2025-24961 - 1 day ago
CVE-2025-24962 - 1 day ago
CVE-2025-22918 - 1 day ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

CVE-2024-20141 - 2 days ago
CVE-2024-20142 - 2 days ago
CVE-2024-20147 - 2 days ago
CVE-2025-20631 - 2 days ago
CVE-2025-20632 - 2 days ago
CVE-2025-20633 - 2 days ago
CVE-2025-20634 - 2 days ago
CVE-2025-20635 - 2 days ago
CVE-2025-20636 - 2 days ago
CVE-2025-20637 - 2 days ago
CVE-2025-20638 - 2 days ago
CVE-2025-20639 - 2 days ago
CVE-2025-20640 - 2 days ago
CVE-2025-20641 - 2 days ago
CVE-2025-20642 - 2 days ago
CVE-2025-20643 - 2 days ago
CVE-2025-25062 - 2 days ago
CVE-2025-25063 - 2 days ago
CVE-2024-57966 - 2 days ago
CVE-2024-13347 - 2 days ago