VYPR

CWE-59

Improper Link Resolution Before File Access ('Link Following')

BaseDraftLikelihood: Medium

Description

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-132 · CAPEC-17 · CAPEC-35 · CAPEC-76

CVEs mapped to this weakness (818)

page 40 of 41
  • CVE-2007-6595Dec 31, 2007
    risk 0.00cvss epss 0.00

    ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on (1) temporary files used by the cli_gentempfd function in libclamav/others.c or on (2) .ascii files used by sigtool, when utf16-decode is enabled.

  • CVE-2007-6208Dec 4, 2007
    risk 0.00cvss epss 0.00

    sylprint.pl in claws mail tools (claws-mail-tools) allows local users to overwrite arbitrary files via a symlink attack on the sylprint.[USER].[PID] temporary file.

  • CVE-2007-6061Nov 20, 2007
    risk 0.00cvss epss 0.03

    Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock) by creating the directory before Audacity is run. NOTE: this issue can be…

  • CVE-2007-5940Nov 13, 2007
    risk 0.00cvss epss 0.00

    feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the feynmf$$.pl temporary file.

  • CVE-2007-4129Nov 8, 2007
    risk 0.00cvss epss 0.00

    CoolKey 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files in the /tmp/.pk11ipc1/ directory.

  • CVE-2007-3921Nov 8, 2007
    risk 0.00cvss epss 0.00

    gforge 3.1 and 4.5.14 allows local users to truncate arbitrary files via a symlink attack on temporary files.

  • CVE-2007-5839Nov 6, 2007
    risk 0.00cvss epss 0.00

    The e_hostname function in commands.c in BitchX 1.1a allows local users to overwrite arbitrary files via a symlink attack on temporary files when using the (1) HOSTNAME or (2) IRCHOST command.

  • CVE-2007-5805Nov 5, 2007
    risk 0.00cvss epss 0.00

    cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create an arbitrary file, and enable world writability of this file, via a symlink attack involving use of the file's name as the…

  • CVE-2007-5718Oct 30, 2007
    risk 0.00cvss epss 0.00

    vobcopy 0.5.14 allows local users to append data to an arbitrary file, or create an arbitrary new file, via a symlink attack on the (1) /tmp/vobcopy.bla or (2) /tmp/vobcopy_0.5.14.log temporary file.

  • CVE-2007-5695Oct 29, 2007
    risk 0.00cvss epss 0.02

    Open redirect vulnerability in command.php in SiteBar 3.3.8 allows remote attackers to redirect users to arbitrary web sites via a URL in the forward parameter in a Log In action.

  • CVE-2007-3919Oct 28, 2007
    risk 0.00cvss epss 0.00

    (1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm.

  • CVE-2007-5200Oct 14, 2007
    risk 0.00cvss epss 0.00

    hugin, as used on various operating systems including SUSE openSUSE 10.2 and 10.3, allows local users to overwrite arbitrary files via a symlink attack on the hugin_debug_optim_results.txt temporary file.

  • CVE-2007-5437Oct 13, 2007
    risk 0.00cvss epss 0.03

    The web console in CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 allows remote attackers to redirect users to arbitrary web sites via a crafted HTTP URL on port 6689.

  • CVE-2007-5377Oct 12, 2007
    risk 0.00cvss epss 0.00

    The (1) tramp-make-temp-file and (2) tramp-make-tramp-temp-file functions in Tramp 2.1.10 extension for Emacs, and possibly earlier 2.1.x versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

  • CVE-2007-5207Oct 4, 2007
    risk 0.00cvss epss 0.00

    guilt 0.27 allows local users to overwrite arbitrary files via a symlink attack on a guilt.log.[PID] temporary file.

  • CVE-2007-3916Sep 24, 2007
    risk 0.00cvss epss 0.00

    The main function in skkdic-expr.c in SKK Tools 1.2 allows local users to overwrite or delete arbitrary files via a symlink attack on a skkdic$PID temporary file.

  • CVE-2007-4631Aug 31, 2007
    risk 0.00cvss epss 0.00

    The DataLoader::doStart function in dataloader.cpp in QGit 1.5.6 and other versions up to 2pre1 allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on temporary files with predictable filenames.

  • CVE-2007-4224Aug 8, 2007
    risk 0.00cvss epss 0.02

    KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property.

  • CVE-2007-3742Aug 3, 2007
    risk 0.00cvss epss 0.02

    WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name (IDN) support and Unicode fonts, which allows remote attackers to create a URL containing "look-alike characters" (homographs)…

  • CVE-2007-2978Jun 1, 2007
    risk 0.00cvss epss 0.01

    Session fixation vulnerability in eggblog 3.1.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.