CWE-59
Improper Link Resolution Before File Access ('Link Following')
BaseDraftLikelihood: Medium
Description
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-132 · CAPEC-17 · CAPEC-35 · CAPEC-76
CVEs mapped to this weakness (624)
page 30 of 32| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2008-0163 | 0.00 | — | 0.00 | Feb 12, 2008 | Linux kernel 2.6, when using vservers, allows local users to access resources of other vservers via a symlink attack in /proc. | ||
| CVE-2008-0666 | 0.00 | — | 0.00 | Feb 11, 2008 | Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on (1) the /tmp/pe.tmp.$$ temporary file used by wml_contrib/wmg.cgi and (2) temporary files used by wml_backend/p3_eperl/eperl_sys.c. | ||
| CVE-2008-0665 | 0.00 | — | 0.00 | Feb 11, 2008 | wml_backend/p1_ipp/ipp.src in Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on the ipp.$$.tmp temporary file. | ||
| CVE-2007-4998 | 0.00 | — | 0.00 | Jan 31, 2008 | cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination. | ||
| CVE-2008-0525 | 0.00 | — | 0.00 | Jan 31, 2008 | PatchLink Update client for Unix, as used by Novell ZENworks Patch Management Update Agent for Linux/Unix/Mac (LUM) 6.2094 through 6.4102 and other products, allows local users to (1) truncate arbitrary files via a symlink attack on the /tmp/patchlink.tmp file used by the logtrimmer script, and (2) execute arbitrary code via a symlink attack on the /tmp/plshutdown file used by the rebootTask script. | ||
| CVE-2007-6692 | 0.00 | — | 0.01 | Jan 17, 2008 | Open redirect vulnerability in Menalto Gallery before 2.2.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) Core and (2) print modules. | ||
| CVE-2007-6595 | 0.00 | — | 0.00 | Dec 31, 2007 | ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on (1) temporary files used by the cli_gentempfd function in libclamav/others.c or on (2) .ascii files used by sigtool, when utf16-decode is enabled. | ||
| CVE-2007-6208 | 0.00 | — | 0.00 | Dec 4, 2007 | sylprint.pl in claws mail tools (claws-mail-tools) allows local users to overwrite arbitrary files via a symlink attack on the sylprint.[USER].[PID] temporary file. | ||
| CVE-2007-6061 | 0.00 | — | 0.01 | Nov 20, 2007 | Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock) by creating the directory before Audacity is run. NOTE: this issue can be leveraged to delete arbitrary files or directories via a symlink attack. | ||
| CVE-2007-5940 | 0.00 | — | 0.00 | Nov 13, 2007 | feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the feynmf$$.pl temporary file. | ||
| CVE-2007-3921 | 0.00 | — | 0.00 | Nov 8, 2007 | gforge 3.1 and 4.5.14 allows local users to truncate arbitrary files via a symlink attack on temporary files. | ||
| CVE-2007-4129 | 0.00 | — | 0.00 | Nov 8, 2007 | CoolKey 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files in the /tmp/.pk11ipc1/ directory. | ||
| CVE-2007-5839 | 0.00 | — | 0.00 | Nov 6, 2007 | The e_hostname function in commands.c in BitchX 1.1a allows local users to overwrite arbitrary files via a symlink attack on temporary files when using the (1) HOSTNAME or (2) IRCHOST command. | ||
| CVE-2007-5805 | 0.00 | — | 0.00 | Nov 5, 2007 | cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create an arbitrary file, and enable world writability of this file, via a symlink attack involving use of the file's name as the argument. NOTE: this issue is due to an incomplete fix for CVE-2007-5804. | ||
| CVE-2007-5718 | 0.00 | — | 0.00 | Oct 30, 2007 | vobcopy 0.5.14 allows local users to append data to an arbitrary file, or create an arbitrary new file, via a symlink attack on the (1) /tmp/vobcopy.bla or (2) /tmp/vobcopy_0.5.14.log temporary file. | ||
| CVE-2007-5695 | 0.00 | — | 0.01 | Oct 29, 2007 | Open redirect vulnerability in command.php in SiteBar 3.3.8 allows remote attackers to redirect users to arbitrary web sites via a URL in the forward parameter in a Log In action. | ||
| CVE-2007-3919 | 0.00 | — | 0.00 | Oct 28, 2007 | (1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm. | ||
| CVE-2007-5200 | 0.00 | — | 0.00 | Oct 14, 2007 | hugin, as used on various operating systems including SUSE openSUSE 10.2 and 10.3, allows local users to overwrite arbitrary files via a symlink attack on the hugin_debug_optim_results.txt temporary file. | ||
| CVE-2007-5437 | 0.00 | — | 0.00 | Oct 13, 2007 | The web console in CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 allows remote attackers to redirect users to arbitrary web sites via a crafted HTTP URL on port 6689. | ||
| CVE-2007-5377 | 0.00 | — | 0.00 | Oct 12, 2007 | The (1) tramp-make-temp-file and (2) tramp-make-tramp-temp-file functions in Tramp 2.1.10 extension for Emacs, and possibly earlier 2.1.x versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files. |