Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-59

CWE-59

Medium likelihood

Improper Link Resolution Before File Access ('Link Following')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1,525 vulnerabilities with CWE-59

GNU patch <2.7.1 - Remote Code Execution

pax 1:20140703 - Arbitrary File Write via Symlink Attack

p7zip 9.20.1 - Code Injection

CVE-2014-1420 LOW

Ubuntu UI Toolkit < 1.1.1188+14.10.20140813.4-0ubuntu1 - Sensitive Data Exposure via StateSaver Serialization

CVE-2014-1938 MEDIUM

python-rply <0.7.4 - Info Disclosure

CVE-2014-4150 MEDIUM

Scheme 48 - Arbitrary File Write via Symlink Attack on /tmp/s48lose.tmp

CVE-2014-0243 MEDIUM

Check_MK <1.2.5i2p1 - Info Disclosure

CVE-2014-2312 MEDIUM

Thermald - Local Privilege Escalation

CVE-2014-3219 HIGH

fish < 2.1.1 - Arbitrary File Write via Symlink Attack on Temporary Files

CVE-2014-4996 MEDIUM

VladTheEnterprising gem 0.2 - Local File Write

CVE-2014-5509 MEDIUM

Clipboard module for Perl - Arbitrary File Deletion via Symlink Attack on /tmp/clipedit$$

CVE-2014-1859 MEDIUM

NumPy < 1.8.1 - Arbitrary File Write via Symlink Attack on Temporary Files

CVE-2014-4978 MEDIUM

Rawstudio - Local Privilege Escalation

rsync 3.1.1 - Arbitrary File Write via Symlink Attack

Apple iOS <8.1.3 & Apple TV <7.0.3 - Path Traversal

TYPO3 <4.5.39, <6.2.9, <7.0.2 - XSS

Docker < 1.3.2 - Arbitrary File Write and Remote Code Execution via Symlink Attack in Image Archive

Nagios Plugins <2.0.2 - Info Disclosure

Apache Hadoop 0.23.0-0.23.11 and 2.x < 2.5.2 - Symlink Attack via Public Tar Archive Localization

WordPress Download Manager - Unauthenticated Directory Traversal via fname Parameter

Advanced Package Tool < 1.0.9.2 - Arbitrary File Write via Symlink Attack on Changelog File

Capture::Tiny <0.24 - Local File Write

PHP < 5.6.0 - Arbitrary File Write via PEAR_REST Cache Symlink Attack

Apple iOS <8, Apple TV <7 - Privilege Escalation

vm-support 0.88 - Local Info Disclosure

Previous Page 43 of 61 Next

Details

Vulnerabilities 1,525

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy