CWE-59

Medium likelihood

Improper Link Resolution Before File Access ('Link Following')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1,525 vulnerabilities with CWE-59
CVE-2014-1638
localepurge <0.7.3.2 - Local File Overwrite
CVE-2014-1624
python-xdg 0.25 - Local Privilege Escalation
CVE-2014-0027
Flite 1.4 - Local File Modification
CVE-2013-1867 MEDIUM
Gemalto Tokend < 03-2013 - Arbitrary File Creation/Overwrite via Improper Link Resolution
CVSS 6.1
CVE-2013-1866 MEDIUM
OpenSC < 0.13.0 - Arbitrary File Creation and Overwrite via OpenSC.tokend
CVSS 6.1
CVE-2013-4184 MEDIUM
Data::UUID < 1.224 - Symlink Attack via Improper Link Resolution
CVSS 5.5
CVE-2013-4655 HIGH
Belkin N900 Firmware - Symlink Traversal via SMB Service Misconfiguration
CVSS 7.5
CVE-2013-1809 HIGH
Gambas < 3.4.0 - Symlink Attack via Insecure Temporary Directory Creation
CVSS 7.5
CVE-2013-1429 MEDIUM
Lintian < 2.5.12 - Information Disclosure via Symlink Resolution
CVSS 6.3
CVE-2013-0159 HIGH
fedora-business-cards - Symlink Attack via /tmp/fedora-business-cards-buffer.svg
CVSS 7.1
CVE-2013-4364 HIGH
Red Hat OpenShift Enterprise 1 and 2 - Symlink Attack via Temporary File in /tmp
CVSS 7.8
CVE-2013-6124
codeaurora/android-msm - Symlink Attack via chown or chmod Commands
CVE-2013-7393
Subversion <1.8.2 - Privilege Escalation
CVE-2013-4262
Subversion 1.8.0-1.8.2 - Privilege Escalation via PID File Symlink Attack
CVE-2013-4215
Nagios Plugins 1.4.16 - Privilege Escalation via Symlink Attack on /tmp/ipxping/ipxping
CVE-2013-0350
pkstat 1.8.5 - Arbitrary File Write via Symlink Attack on /tmp/smtp.log
CVE-2013-4472
poppler < 0.24.3 - Arbitrary File Overwrite via Symlink Attack on Predictable Temporary Files
CVE-2013-4116
Node Packaged Modules < 1.3.3 - Arbitrary File Overwrite via Symlink Attack on Temporary Files
CVE-2013-2105
show_in_browser gem 0.0.3 - Symlink Attack via /tmp/browser.html
CVE-2013-6456
libvirt 1.0.1-1.2.1 - Local Privilege Escalation and Denial of Service via Symlink Attacks on /dev
CVE-2013-6891
CUPS < 1.7.1 - Arbitrary File Read via Symlink Attack on .cups/client.conf
CVE-2013-2142
libimobiledevice 1.1.4 - Arbitrary File Write via Symlink Attack on Temporary Configuration Files
CVE-2013-4969
Puppet <3.3.3, <3.4.1 - Local Privilege Escalation
CVE-2013-6402
HP Linux Imaging and Printing Project < 3.13.11 - Arbitrary File Write via Symlink Attack on Temporary Log File
CVE-2013-2561
OpenFabrics ibutils 1.5.7 - Local File Overwrite
Details
Vulnerabilities 1,525
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits