Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-59

CWE-59

Medium likelihood

Improper Link Resolution Before File Access ('Link Following')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1,523 vulnerabilities with CWE-59

CVE-2019-13229 MEDIUM

deepin_clone < 1.1.3 - Unauthenticated Arbitrary File Write via Symlink Attack on /tmp/partclone.log

CVE-2019-13228 MEDIUM

deepin-clone < 1.1.3 - Symlink Attack and Arbitrary File Write via Fixed /tmp/repo.iso Path

CVE-2019-13227 MEDIUM

deepin-clone < 1.1.3 - Symlink Attack via Fixed Log File Path

CVE-2019-13226 HIGH

deepin-clone < 1.1.3 - Unauthenticated Race Condition via Predictable Mount Path

CVE-2019-13173 HIGH

fstream < 1.0.12 - Arbitrary File Overwrite via Hardlink Extraction

CVE-2019-1069 HIGH KEV

Windows 10 and Windows Server - Elevation of Privilege via Task Scheduler File Operation Validation

CVE-2019-1064 HIGH KEV

Windows 10 1607-1903 & Server 2016-2019 Privilege Escalation via AppX Deployment Service

CVE-2019-1053 MEDIUM

Windows - Elevation of Privilege via Folder Shortcut Validation

CVE-2019-0986 MEDIUM

Windows ProfSvc - Privilege Escalation

CVE-2019-12749 HIGH

dbus < 1.10.28, 1.12.x < 1.12.16, 1.13.x < 1.13.12 - Authentication Bypass via Symlink Attack on DBUS_COOKIE_SHA1

CVE-2019-12779 HIGH

libqb < 1.0.5 - Arbitrary File Overwrite via Symlink Attack

CVE-2019-12209 HIGH

Yubico pam-u2f 1.0.7 - Info Disclosure

CVE-2019-3567 HIGH

osquery < 3.4.0 - Unauthenticated Privilege Escalation via Hard Link Attack on Extensions Load Path

CVE-2019-9949 HIGH

Western Digital My Cloud - Code Injection

CVE-2019-0086 HIGH

Intel CSME <11.8.65 & TXE <3.1.65 - Privilege Escalation via Dynamic Application Loader

CVE-2019-0936 HIGH

Microsoft Windows - Privilege Escalation

CVE-2019-5438 MEDIUM

harpjs/harp < 0.29.0 - Path Traversal via Symlink

CVE-2019-11879 MEDIUM

WEBrick 1.4.2 - Directory Traversal via Symlink

CVE-2019-1836 HIGH

Cisco Nexus 9000 - Privilege Escalation

CVE-2019-8454 HIGH

Check Point Endpoint Security < E80.96 - Local Privilege Escalation via Hard Link and WPAD Impersonation

CVE-2019-11538 HIGH

Pulse Secure Pulse Connect Secure <9.0R3.4-8.2R12.1 - Info Disclosure

CVE-2019-11503 HIGH

snapd < 2.39 - Symlink Race Condition via chdir()

CVE-2019-11502 HIGH

snapd < 2.38 - Unintended Access to Private /tmp Directory via snap-confine Ownership Mismanagement

CVE-2019-8452 HIGH

Check Point Endpoint Security < E80.96 and ZoneAlarm < 15.4.062 - Privilege Escalation via Hard Link

CVE-2019-3902 MEDIUM

Mercurial < 4.9 - Path Traversal via Symlinks and Subrepositories

Previous Page 37 of 61 Next

Details

Vulnerabilities 1,523

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy