Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-59

CWE-59

Medium likelihood

Improper Link Resolution Before File Access ('Link Following')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1,525 vulnerabilities with CWE-59

SaltStack Salt < 2014.1.10 - Local Privilege Escalation via Temporary File Handling

GNU Readline <6.3-3 - Local File Manipulation

xml-dt < 0.64 - Arbitrary File Overwrite via Symlink Attack on Temporary File

Linux Kernel < 3.15.8 - Denial of Service via Symlink Handling in mountpoint_last

Canonical Ubuntu Linux < 1.7.4 - Symlink Following

CUPS 1.7.4 - Arbitrary File Read via Symlink Attack in Web Interface

CUPS < 1.7.4 - Arbitrary File Read via Symlink Attack in RSS Cache

Red Hat CloudForms Management Engine < 5.2.4.2 - Local Arbitrary Command Execution via Symlink Attack

ppc64-diag 2.6.1 - Local Info Disclosure

IBM AIX 6.1/7.1 & VIOS 2.2.x - Local Privilege Escalation

Lynis <1.5.5 - Local File Overwrite

Lynis <1.5.5 - Local File Overwrite

PHP < 5.3.29 - Arbitrary File Overwrite via Symlink Attack on /tmp/phpglibccheck

eyeD3 <7.0.3, 0.6.18 - Local File Modification

Mageia < 24.3 - Symlink Following

Mageia < 24.3 - Symlink Following

GNU Emacs < 24.3 - Arbitrary File Overwrite via Symlink Attack on Temporary File

Mageia < 24.3 - Symlink Following

Opensuse < 3.5 - Symlink Following

Pillow < 2.3.1 - Arbitrary File Write via Symlink Attack on Temporary Files

Apple iOS < 7.1 and tvOS < 6.1 - Arbitrary File Permission Change via Symlink in CrashHouseKeeping

logilab-commons <0.61.0 - Local Privilege Escalation

OpenJDK/Oracle Java - Local Privilege Escalation

Axiom <20100701-1.1 - Local File Overwrite

syncevo/installcheck-local.sh <1.3.99.7 - Local File Overwrite

Previous Page 44 of 61 Next

Details

Vulnerabilities 1,525

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy