VYPR

CWE-59

Improper Link Resolution Before File Access ('Link Following')

BaseDraftLikelihood: Medium

Description

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-132 · CAPEC-17 · CAPEC-35 · CAPEC-76

CVEs mapped to this weakness (818)

page 31 of 41
  • CVE-2009-1867Jul 31, 2009
    risk 0.00cvss epss 0.04

    Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "clickjacking vulnerability."

  • CVE-2009-1893Jul 17, 2009
    risk 0.00cvss epss 0.01

    The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise Linux (RHEL) 3 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file, related to the "dhcpd -t" command.

  • CVE-2009-1962Jun 8, 2009
    risk 0.00cvss epss 0.00

    Xfig, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8) xfig-export[PID].err, (9)…

  • CVE-2009-1753May 22, 2009
    risk 0.00cvss epss 0.00

    Coccinelle 0.1.7 allows local users to overwrite arbitrary files via a symlink attack on an unspecified "result file."

  • CVE-2008-6762Apr 28, 2009
    risk 0.00cvss epss 0.02

    Open redirect vulnerability in wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backto parameter.

  • CVE-2008-6760Apr 28, 2009
    risk 0.00cvss epss 0.02

    ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain sensitive information via an unauthenticated add and save action for a shopping cart in cart_save.php, which reveals the SQL table names in an error message, related to code that mishandles the lack of a…

  • CVE-2008-6759Apr 28, 2009
    risk 0.00cvss epss 0.01

    ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain sensitive information via a URL in the POST_DATA parameter to manuals_search.php, which reveals the installation path in an error message.

  • CVE-2009-1253Apr 9, 2009
    risk 0.00cvss epss 0.00

    James Stone Tunapie 2.1 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file.

  • CVE-2008-6552Mar 30, 2009
    risk 0.00cvss epss 0.00

    Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs2-utils before 2.03.09-1, and CMAN - The Cluster Manager…

  • CVE-2008-6398Mar 4, 2009
    risk 0.00cvss epss 0.00

    sng_regress in SNG 1.0.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/recompiled$$.png, (2) /tmp/decompiled$$.sng, and (3) /tmp/canonicalized$$.sng temporary files.

  • CVE-2008-6397Mar 4, 2009
    risk 0.00cvss epss 0.00

    rlatex in AlcoveBook sgml2x 1.0.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

  • CVE-2008-4284Feb 10, 2009
    risk 0.00cvss epss 0.02

    Open redirect vulnerability in the ibm_security_logout servlet in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.x versions, 6.0.x before 6.0.2.33, and 6.1.x before 6.1.0.23 allows remote attackers to redirect users to arbitrary web sites and conduct phishing…

  • CVE-2009-0356Feb 4, 2009
    risk 0.00cvss epss 0.03

    Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the (1) about:plugins and (2) about:config URIs from .desktop files, which allows user-assisted remote attackers to bypass the Same Origin Policy and execute arbitrary code with chrome privileges via vectors…

  • CVE-2009-0416Feb 3, 2009
    risk 0.00cvss epss 0.00

    The SSL certificate setup program (genSslCert.sh) in Standards Based Linux Instrumentation for Manageability (SBLIM) sblim-sfcb 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /var/tmp/key.pem, (2) /var/tmp/cert.pem, and (3) /var/tmp/ssl.cnf…

  • CVE-2008-4990Feb 2, 2009
    risk 0.00cvss epss 0.00

    Enomaly Elastic Computing Platform (ECP), formerly Enomalism, before 2.1.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/enomalism2.pid temporary file.

  • CVE-2009-0313Jan 28, 2009
    risk 0.00cvss epss 0.00

    winetricks before 20081223 allows local users to overwrite arbitrary files via a symlink attack on the x_showmenu.txt temporary file.

  • CVE-2009-0032Jan 27, 2009
    risk 0.00cvss epss 0.00

    CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0 and 4.0, and Multi Network Firewall (MNF) 2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file.

  • CVE-2008-5825Jan 2, 2009
    risk 0.00cvss epss 0.02

    The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination of space, CR (aka \r), and . (dot) characters, which allows remote attackers to…

  • CVE-2008-5746Dec 29, 2008
    risk 0.00cvss epss 0.00

    Sun SNMP Management Agent (SUNWmasf) 1.4u2 through 1.5.4 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on temporary files.

  • CVE-2008-5743Dec 26, 2008
    risk 0.00cvss epss 0.00

    pdfjam creates the (1) pdf90, (2) pdfjoin, and (3) pdfnup files with a predictable name, which allows local users to overwrite arbitrary files via a symlink attack.