CWE-59
Improper Link Resolution Before File Access ('Link Following')
Description
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-132 · CAPEC-17 · CAPEC-35 · CAPEC-76
CVEs mapped to this weakness (818)
page 23 of 41| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-0556 | 0.00 | — | 0.04 | Apr 8, 2015 | Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive. | |||
| CVE-2015-1377 | 0.00 | — | 0.00 | Feb 10, 2015 | The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file. | |||
| CVE-2014-4480 | 0.00 | — | 0.03 | Jan 30, 2015 | Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink. | |||
| CVE-2015-1196 | 0.00 | — | 0.06 | Jan 21, 2015 | GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file. | |||
| CVE-2015-1194 | 0.00 | — | 0.02 | Jan 21, 2015 | pax 1:20140703 allows remote attackers to write to arbitrary files via a symlink attack in an archive. | |||
| CVE-2015-1038 | 0.00 | — | 0.03 | Jan 21, 2015 | p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive. | |||
| CVE-2014-9508 | 0.00 | — | 0.02 | Jan 4, 2015 | The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for… | |||
| CVE-2014-9358 | 0.00 | — | 0.03 | Dec 16, 2014 | Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation or (2) "registry communications." | |||
| CVE-2014-6407 | 0.00 | — | 0.05 | Dec 12, 2014 | Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation. | |||
| CVE-2014-3627 | 0.00 | — | 0.03 | Dec 5, 2014 | The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which is not… | |||
| CVE-2014-8585 | 0.00 | — | 0.03 | Nov 4, 2014 | Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php. | |||
| CVE-2014-7206 | 0.00 | — | 0.00 | Oct 15, 2014 | The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file. | |||
| CVE-2014-1875 | 0.00 | — | 0.01 | Oct 6, 2014 | The Capture::Tiny module before 0.24 for Perl allows local users to write to arbitrary files via a symlink attack on a temporary file. | |||
| CVE-2014-5459 | 0.00 | — | 0.01 | Sep 27, 2014 | The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions. | |||
| CVE-2014-4372 | 0.00 | — | 0.00 | Sep 18, 2014 | syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to change the permissions of arbitrary files via a symlink attack on an unspecified file. | |||
| CVE-2013-6124 | 0.00 | — | 0.00 | Aug 31, 2014 | The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a (1) chown or (2) chmod command, as demonstrated by changing the… | |||
| CVE-2014-4199 | 0.00 | — | 0.00 | Aug 28, 2014 | vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp. | |||
| CVE-2014-3563 | 0.00 | — | 0.00 | Aug 22, 2014 | Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud. | |||
| CVE-2014-2524 | 0.00 | — | 0.00 | Aug 20, 2014 | The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file. | |||
| CVE-2014-5260 | 0.00 | — | 0.00 | Aug 16, 2014 | The (1) mkxmltype and (2) mkdtskel scripts in XML-DT before 0.64 allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_xml_##### temporary file. |
- CVE-2015-0556Apr 8, 2015risk 0.00cvss —epss 0.04
Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive.
- CVE-2015-1377Feb 10, 2015risk 0.00cvss —epss 0.00
The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file.
- CVE-2014-4480Jan 30, 2015risk 0.00cvss —epss 0.03
Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink.
- CVE-2015-1196Jan 21, 2015risk 0.00cvss —epss 0.06
GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.
- CVE-2015-1194Jan 21, 2015risk 0.00cvss —epss 0.02
pax 1:20140703 allows remote attackers to write to arbitrary files via a symlink attack in an archive.
- CVE-2015-1038Jan 21, 2015risk 0.00cvss —epss 0.03
p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive.
- CVE-2014-9508Jan 4, 2015risk 0.00cvss —epss 0.02
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for…
- CVE-2014-9358Dec 16, 2014risk 0.00cvss —epss 0.03
Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation or (2) "registry communications."
- CVE-2014-6407Dec 12, 2014risk 0.00cvss —epss 0.05
Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.
- CVE-2014-3627Dec 5, 2014risk 0.00cvss —epss 0.03
The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which is not…
- CVE-2014-8585Nov 4, 2014risk 0.00cvss —epss 0.03
Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php.
- CVE-2014-7206Oct 15, 2014risk 0.00cvss —epss 0.00
The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file.
- CVE-2014-1875Oct 6, 2014risk 0.00cvss —epss 0.01
The Capture::Tiny module before 0.24 for Perl allows local users to write to arbitrary files via a symlink attack on a temporary file.
- CVE-2014-5459Sep 27, 2014risk 0.00cvss —epss 0.01
The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions.
- CVE-2014-4372Sep 18, 2014risk 0.00cvss —epss 0.00
syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to change the permissions of arbitrary files via a symlink attack on an unspecified file.
- CVE-2013-6124Aug 31, 2014risk 0.00cvss —epss 0.00
The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a (1) chown or (2) chmod command, as demonstrated by changing the…
- CVE-2014-4199Aug 28, 2014risk 0.00cvss —epss 0.00
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp.
- CVE-2014-3563Aug 22, 2014risk 0.00cvss —epss 0.00
Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.
- CVE-2014-2524Aug 20, 2014risk 0.00cvss —epss 0.00
The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.
- CVE-2014-5260Aug 16, 2014risk 0.00cvss —epss 0.00
The (1) mkxmltype and (2) mkdtskel scripts in XML-DT before 0.64 allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_xml_##### temporary file.