Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-59

CWE-59

Medium likelihood

Improper Link Resolution Before File Access ('Link Following')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1,523 vulnerabilities with CWE-59

CVE-2017-1002101 HIGH

Kubernetes <1.7.14, <1.8.9, <1.9.4 - Info Disclosure

CVE-2017-2619 HIGH

Samba < 4.4.12 - Symlink Race Condition

CVE-2017-5188 MEDIUM

Open Build Service <20170320 - Info Disclosure

CVE-2017-18188 MEDIUM

OpenRC opentmpfiles < 0.1.3 - Arbitrary File Ownership via Hard Link Attack

CVE-2017-18078 HIGH

systemd < 237 - Local Privilege Escalation via Hard Link Ownership Bypass

CVE-2017-15111 MEDIUM

keycloak-httpd-client-install < 0.8 - Insecure Temporary File via Symbolic Link

CVE-2017-1000420 HIGH

Syncthing <0.14.33 - Path Traversal

CVE-2017-16611 MEDIUM

libXfont <1.5.4-2.0.3 - Info Disclosure

CVE-2017-15357 HIGH

Arq < 5.9.7 - Local Privilege Escalation via Symlink Attack on Updater Binary

CVE-2017-7501 HIGH

RPM <4.13.0.2 - Privilege Escalation

CVE-2017-12172 MEDIUM

PostgreSQL 9.2.x-9.6.x < 10.1 - Privilege Escalation via Symbolic Link Attack on Log File

CVE-2017-8806 MEDIUM

PostgreSQL-related scripts for Debian and Ubuntu - Arbitrary File Overwrite via Insecure Symbolic Link Handling

CVE-2017-2916 HIGH

Circle with Disney 2.0.1 - Arbitrary File Write via /api/CONFIG/restore

CVE-2017-1301 MEDIUM

IBM Spectrum Protect <8.1 - Local Privilege Escalation

CVE-2017-12258 MEDIUM

Cisco Unified Communications Manager - XSS

CVE-2017-1000115 HIGH

Mercurial < 4.3 - Arbitrary File Write via Symlink Attack

CVE-2017-7549 MEDIUM

Red Hat OpenStack - Symbolic-Link Attack

CVE-2017-9525 MEDIUM

Cron <3.0pl1-128 - Privilege Escalation

CVE-2017-8108 HIGH

Lynis < 2.5.0 - Arbitrary File Write via Symlink Attack on Temporary File

CVE-2017-6981 HIGH

Apple <10.3.2 - RCE

CVE-2017-7418 MEDIUM

ProFTPD <1.3.5e, <1.3.6rc5 - Privilege Escalation

CVE-2017-2390 MEDIUM

Apple <10.3 - Local Privilege Escalation

CVE-2016-8641 MEDIUM

Nagios 4.2.x - Privilege Escalation

CVE-2016-9595 HIGH

Katello < 3.4.0 - Insecure Temporary File Handling

CVE-2016-9602 HIGH

Qemu < 2.9 - Privilege Escalation via VirtFS Link Following

Previous Page 40 of 61 Next

Details

Vulnerabilities 1,523

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy