CWE-59
Improper Link Resolution Before File Access ('Link Following')
BaseDraftLikelihood: Medium
Description
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-132 · CAPEC-17 · CAPEC-35 · CAPEC-76
CVEs mapped to this weakness (624)
page 21 of 32| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2009-4030 | 0.00 | — | 0.00 | Nov 30, 2009 | MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079. | ||
| CVE-2008-7247 | 0.00 | — | 0.00 | Nov 30, 2009 | sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink. | ||
| CVE-2009-1297 | 0.00 | — | 0.00 | Oct 23, 2009 | iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name. | ||
| CVE-2009-2939 | 0.00 | — | 0.00 | Sep 21, 2009 | The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files. | ||
| CVE-2009-1867 | 0.00 | — | 0.01 | Jul 31, 2009 | Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "clickjacking vulnerability." | ||
| CVE-2009-1893 | 0.00 | — | 0.00 | Jul 17, 2009 | The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise Linux (RHEL) 3 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file, related to the "dhcpd -t" command. | ||
| CVE-2009-1962 | 0.00 | — | 0.00 | Jun 8, 2009 | Xfig, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8) xfig-export[PID].err, (9) xfig-batch[PID], (10) xfig-exp[PID], or (11) xfig-spell.[PID] temporary files, where [PID] is a process ID. | ||
| CVE-2009-1753 | 0.00 | — | 0.00 | May 22, 2009 | Coccinelle 0.1.7 allows local users to overwrite arbitrary files via a symlink attack on an unspecified "result file." | ||
| CVE-2008-6762 | 0.00 | — | 0.00 | Apr 28, 2009 | Open redirect vulnerability in wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backto parameter. | ||
| CVE-2008-6760 | 0.00 | — | 0.00 | Apr 28, 2009 | ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain sensitive information via an unauthenticated add and save action for a shopping cart in cart_save.php, which reveals the SQL table names in an error message, related to code that mishandles the lack of a user_id parameter. | ||
| CVE-2008-6759 | 0.00 | — | 0.00 | Apr 28, 2009 | ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain sensitive information via a URL in the POST_DATA parameter to manuals_search.php, which reveals the installation path in an error message. | ||
| CVE-2009-1253 | 0.00 | — | 0.00 | Apr 9, 2009 | James Stone Tunapie 2.1 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file. | ||
| CVE-2008-6552 | 0.00 | — | 0.00 | Mar 30, 2009 | Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs2-utils before 2.03.09-1, and CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9. | ||
| CVE-2008-6398 | 0.00 | — | 0.00 | Mar 4, 2009 | sng_regress in SNG 1.0.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/recompiled$$.png, (2) /tmp/decompiled$$.sng, and (3) /tmp/canonicalized$$.sng temporary files. | ||
| CVE-2008-6397 | 0.00 | — | 0.00 | Mar 4, 2009 | rlatex in AlcoveBook sgml2x 1.0.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | ||
| CVE-2008-4284 | 0.00 | — | 0.00 | Feb 10, 2009 | Open redirect vulnerability in the ibm_security_logout servlet in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.x versions, 6.0.x before 6.0.2.33, and 6.1.x before 6.1.0.23 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage feature. | ||
| CVE-2009-0473 | 0.00 | — | 0.00 | Feb 6, 2009 | Open redirect vulnerability in the web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||
| CVE-2009-0356 | 0.00 | — | 0.01 | Feb 4, 2009 | Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the (1) about:plugins and (2) about:config URIs from .desktop files, which allows user-assisted remote attackers to bypass the Same Origin Policy and execute arbitrary code with chrome privileges via vectors involving the URL field in a Desktop Entry section of a .desktop file, related to representation of about: URIs as jar:file:// URIs. NOTE: this issue exists because of an incomplete fix for CVE-2008-4582. | ||
| CVE-2009-0416 | 0.00 | — | 0.00 | Feb 3, 2009 | The SSL certificate setup program (genSslCert.sh) in Standards Based Linux Instrumentation for Manageability (SBLIM) sblim-sfcb 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /var/tmp/key.pem, (2) /var/tmp/cert.pem, and (3) /var/tmp/ssl.cnf temporary files. | ||
| CVE-2008-4990 | 0.00 | — | 0.00 | Feb 2, 2009 | Enomaly Elastic Computing Platform (ECP), formerly Enomalism, before 2.1.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/enomalism2.pid temporary file. |