CWE-59
Improper Link Resolution Before File Access ('Link Following')
Description
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-132 · CAPEC-17 · CAPEC-35 · CAPEC-76
CVEs mapped to this weakness (818)
page 32 of 41| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-5704 | 0.00 | — | 0.01 | Dec 22, 2008 | src/unit_test.c in gpsdrive (aka gpsdrive-scripts) 2.10~pre4 might allow local users to overwrite arbitrary files via a symlink attack on the /tmp/gpsdrive-unit-test/proc temporary file, a different vector than CVE-2008-4959 and CVE-2008-5380. | |||
| CVE-2008-5703 | 0.00 | — | 0.00 | Dec 22, 2008 | gpsdrive (aka gpsdrive-scripts) 2.10~pre4 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/.smswatch or (b) /tmp/gpsdrivepos temporary file, related to (1) examples/gpssmswatch and (2) src/splash.c, different vectors than CVE-2008-4959 and… | |||
| CVE-2008-5380 | 0.00 | — | 0.00 | Dec 8, 2008 | gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite arbitrary files via a symlink attack on an (a) /tmp/geo#####, a (b) /tmp/geocaching.loc, a (c) /tmp/geo#####.*, or a (d) /tmp/geo.* temporary file, related to the (1) geo-code and (2) geo-nearest scripts,… | |||
| CVE-2008-5379 | 0.00 | — | 0.00 | Dec 8, 2008 | netdisco-mibs-installer 1.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/netdisco-mibs-0.6.tar.gz temporary file, related to the (1) netdisco-mibs-install and (2) netdisco-mibs-download scripts. | |||
| CVE-2008-5378 | 0.00 | — | 0.00 | Dec 8, 2008 | arb-kill in arb 0.0.20071207.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/arb_pids_*_* temporary file. | |||
| CVE-2008-5376 | 0.00 | — | 0.00 | Dec 8, 2008 | editcomment in crip 3.7 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.tag.tmp temporary file. | |||
| CVE-2008-5375 | 0.00 | — | 0.00 | Dec 8, 2008 | cmus-status-display in cmus 2.2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/cmus-status temporary file. | |||
| CVE-2008-5374 | 0.00 | — | 0.00 | Dec 8, 2008 | bash-doc 3.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/cb#####.? temporary file, related to the (1) aliasconv.sh, (2) aliasconv.bash, and (3) cshtobash scripts. | |||
| CVE-2008-5373 | 0.00 | — | 0.00 | Dec 8, 2008 | mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mtx.##### temporary file, probably a related issue to CVE-2005-2995. | |||
| CVE-2008-5372 | 0.00 | — | 0.00 | Dec 8, 2008 | sdm-login in sdm-terminal 0.4.0b allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sdm.autologin.once temporary file. | |||
| CVE-2008-5371 | 0.00 | — | 0.00 | Dec 8, 2008 | screenie in screenie 1.30.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.screenie.##### temporary file. | |||
| CVE-2008-5370 | 0.00 | — | 0.00 | Dec 8, 2008 | pvpgn-support-installer in pvpgn 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pvpgn-support-1.0.tar.gz temporary file. | |||
| CVE-2008-5369 | 0.00 | — | 0.00 | Dec 8, 2008 | noip2 in noip2 2.1.7 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/noip2 temporary file. | |||
| CVE-2008-5368 | 0.00 | — | 0.00 | Dec 8, 2008 | muttprint in muttprint 0.72d allows local users to overwrite arbitrary files via a symlink attack on the /tmp/muttprint.log temporary file. | |||
| CVE-2008-5367 | 0.00 | — | 0.00 | Dec 8, 2008 | ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the /tmp/resolv.conf.tmp temporary file. | |||
| CVE-2008-5366 | 0.00 | — | 0.00 | Dec 8, 2008 | The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/probe-finished or (2) /tmp/ppp-errors temporary file. | |||
| CVE-2008-5313 | 0.00 | — | 0.00 | Dec 3, 2008 | mailscanner 4.68.8 and other versions before 4.74.16-1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files used by the (1) f-prot-autoupdate, (2) clamav-autoupdate, (3) avast-autoupdate, and (4) f-prot-6-autoupdate scripts in… | |||
| CVE-2008-5312 | 0.00 | — | 0.00 | Dec 3, 2008 | mailscanner 4.55.10 and other versions before 4.74.16-1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files used by the (1) f-prot-autoupdate, (2) clamav-autoupdate, (3) panda-autoupdate.new, (4) trend-autoupdate.new, and (5)… | |||
| CVE-2008-5299 | 0.00 | — | 0.00 | Dec 1, 2008 | chm2pdf 0.9 allows user-assisted local users to delete arbitrary files via a symlink attack on .chm files in the (1) /tmp/chm2pdf/work or (2) /tmp/chm2pdf/orig temporary directories. | |||
| CVE-2008-5256 | 0.00 | — | 0.00 | Nov 27, 2008 | The AcquireDaemonLock function in ipcdUnix.cpp in Sun Innotek VirtualBox before 2.0.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.vbox-$USER-ipc/lock temporary file. |
- CVE-2008-5704Dec 22, 2008risk 0.00cvss —epss 0.01
src/unit_test.c in gpsdrive (aka gpsdrive-scripts) 2.10~pre4 might allow local users to overwrite arbitrary files via a symlink attack on the /tmp/gpsdrive-unit-test/proc temporary file, a different vector than CVE-2008-4959 and CVE-2008-5380.
- CVE-2008-5703Dec 22, 2008risk 0.00cvss —epss 0.00
gpsdrive (aka gpsdrive-scripts) 2.10~pre4 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/.smswatch or (b) /tmp/gpsdrivepos temporary file, related to (1) examples/gpssmswatch and (2) src/splash.c, different vectors than CVE-2008-4959 and…
- CVE-2008-5380Dec 8, 2008risk 0.00cvss —epss 0.00
gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite arbitrary files via a symlink attack on an (a) /tmp/geo#####, a (b) /tmp/geocaching.loc, a (c) /tmp/geo#####.*, or a (d) /tmp/geo.* temporary file, related to the (1) geo-code and (2) geo-nearest scripts,…
- CVE-2008-5379Dec 8, 2008risk 0.00cvss —epss 0.00
netdisco-mibs-installer 1.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/netdisco-mibs-0.6.tar.gz temporary file, related to the (1) netdisco-mibs-install and (2) netdisco-mibs-download scripts.
- CVE-2008-5378Dec 8, 2008risk 0.00cvss —epss 0.00
arb-kill in arb 0.0.20071207.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/arb_pids_*_* temporary file.
- CVE-2008-5376Dec 8, 2008risk 0.00cvss —epss 0.00
editcomment in crip 3.7 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.tag.tmp temporary file.
- CVE-2008-5375Dec 8, 2008risk 0.00cvss —epss 0.00
cmus-status-display in cmus 2.2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/cmus-status temporary file.
- CVE-2008-5374Dec 8, 2008risk 0.00cvss —epss 0.00
bash-doc 3.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/cb#####.? temporary file, related to the (1) aliasconv.sh, (2) aliasconv.bash, and (3) cshtobash scripts.
- CVE-2008-5373Dec 8, 2008risk 0.00cvss —epss 0.00
mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mtx.##### temporary file, probably a related issue to CVE-2005-2995.
- CVE-2008-5372Dec 8, 2008risk 0.00cvss —epss 0.00
sdm-login in sdm-terminal 0.4.0b allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sdm.autologin.once temporary file.
- CVE-2008-5371Dec 8, 2008risk 0.00cvss —epss 0.00
screenie in screenie 1.30.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.screenie.##### temporary file.
- CVE-2008-5370Dec 8, 2008risk 0.00cvss —epss 0.00
pvpgn-support-installer in pvpgn 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pvpgn-support-1.0.tar.gz temporary file.
- CVE-2008-5369Dec 8, 2008risk 0.00cvss —epss 0.00
noip2 in noip2 2.1.7 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/noip2 temporary file.
- CVE-2008-5368Dec 8, 2008risk 0.00cvss —epss 0.00
muttprint in muttprint 0.72d allows local users to overwrite arbitrary files via a symlink attack on the /tmp/muttprint.log temporary file.
- CVE-2008-5367Dec 8, 2008risk 0.00cvss —epss 0.00
ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the /tmp/resolv.conf.tmp temporary file.
- CVE-2008-5366Dec 8, 2008risk 0.00cvss —epss 0.00
The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/probe-finished or (2) /tmp/ppp-errors temporary file.
- CVE-2008-5313Dec 3, 2008risk 0.00cvss —epss 0.00
mailscanner 4.68.8 and other versions before 4.74.16-1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files used by the (1) f-prot-autoupdate, (2) clamav-autoupdate, (3) avast-autoupdate, and (4) f-prot-6-autoupdate scripts in…
- CVE-2008-5312Dec 3, 2008risk 0.00cvss —epss 0.00
mailscanner 4.55.10 and other versions before 4.74.16-1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files used by the (1) f-prot-autoupdate, (2) clamav-autoupdate, (3) panda-autoupdate.new, (4) trend-autoupdate.new, and (5)…
- CVE-2008-5299Dec 1, 2008risk 0.00cvss —epss 0.00
chm2pdf 0.9 allows user-assisted local users to delete arbitrary files via a symlink attack on .chm files in the (1) /tmp/chm2pdf/work or (2) /tmp/chm2pdf/orig temporary directories.
- CVE-2008-5256Nov 27, 2008risk 0.00cvss —epss 0.00
The AcquireDaemonLock function in ipcdUnix.cpp in Sun Innotek VirtualBox before 2.0.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.vbox-$USER-ipc/lock temporary file.