Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-59

CWE-59

Medium likelihood

Improper Link Resolution Before File Access ('Link Following')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1,523 vulnerabilities with CWE-59

CVE-2018-17567 HIGH

Jekyll <3.6.2, <3.7.4, <3.8.4 - Info Disclosure

CVE-2018-10928 HIGH

Debian Linux < 3.12.14 - Symlink Following

CVE-2018-6557 HIGH

base-files Privilege Escalation via MOTD Update Script (Ubuntu 18.04/18.10)

CVE-2018-15351 MEDIUM

Kraftway 24F2XG Router <3.5.30.1118 - DoS

CVE-2018-10897 HIGH

yum-utils < 1.1.31 - Path Traversal via Remote Repository Configuration

CVE-2018-14335 MEDIUM

H2 <1.4.197 - Info Disclosure

CVE-2018-14329 MEDIUM

HTSlib 1.8 - Local Privilege Escalation

CVE-2018-11637 HIGH

Dialogic PowerMedia XMS <= 3.5 - Unauthenticated Arbitrary File Read via Symlink in Web Root

CVE-2018-13054 HIGH

Debian Linux < 3.8.6 - Symlink Following

CVE-2018-1000544 CRITICAL

rubyzip < 1.2.1 - Directory Traversal and Arbitrary File Write via Zip::File Component

CVE-2018-12026 CRITICAL

Phusion Passenger <5.3.2 - Privilege Escalation

CVE-2018-5107 MEDIUM

Firefox < 58 - Local File Access via Printing Process Symlink Bypass

CVE-2018-12015 HIGH

Perl <5.26.2 - Path Traversal

CVE-2018-10380 HIGH

KDE KWallet <5.12.6 - Privilege Escalation

CVE-2018-10722 HIGH

CylancePROTECT < 1470 - Unauthenticated Privilege Escalation via Symlink Chain in Log Folder

CVE-2018-4112 MEDIUM

macOS < 10.13.4 - Information Disclosure via ATS Symlink Mishandling

CVE-2018-5225 CRITICAL

Atlassian Bitbucket 4.13.0-5.8.1 - Authenticated Remote Code Execution via Symbolic Link

CVE-2018-1196 MEDIUM

Spring Boot <2.0.0.M7 - Privilege Escalation

CVE-2018-1000073 HIGH

RubyGems < 2.2.9, 2.3.6, 2.4.3, 2.5.0 - Directory Traversal in install_location Function

CVE-2018-1063 MEDIUM

Red Hat Enterprise Linux - Improper Link Resolution Before File Access in Context Relabeling

CVE-2018-6954 HIGH

systemd < 237 - Local Privilege Escalation via Symlink Handling in systemd-tmpfiles

CVE-2018-6198 MEDIUM

Tats W3m < 0.5.3 - Symlink Following

CVE-2017-18925 MEDIUM

opentmpfiles <0.3.1 - Privilege Escalation

CVE-2017-7500 HIGH

rpm 4.13.0.0-4.13.0.1 - Improper Link Resolution Before File Access

CVE-2017-15097 MEDIUM

Red Hat Enterprise Linux - Privilege Escalation via PostgreSQL Initialization Scripts

Previous Page 39 of 61 Next

Details

Vulnerabilities 1,523

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy