Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-59

CWE-59

Medium likelihood

Improper Link Resolution Before File Access ('Link Following')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1,525 vulnerabilities with CWE-59

Bokken < 1.6 and 1.5-x < 1.5-3 - Arbitrary File Overwrite via Symlink Attack on /tmp/graph.dot

X.Org xserver <1.11.2 - Info Disclosure

HP Linux Imaging and Printing Project < 3.11.10 - Arbitrary File Write via Symlink Attack on Temporary File

LightDM <1.0.6 - Local Privilege Escalation

invscout.rte <2.2.0.19 - Local Privilege Escalation

virtualenv < 1.5 - Arbitrary File Overwrite via Symlink Attack

Conky <1.8.1 - Local Privilege Escalation

Puppet <2.7.5, <2.6.11, <0.25 - Privilege Escalation

Puppet <2.7.5, <2.6.11, <0.25 - Local File Overwrite

QNX Neutrino RTOS <6.5.0 - Local Privilege Escalation

Hammerhead 2.1.4 - Arbitrary File Write via Symlink Attack on Log Files

fuse < 2.8.5 - Unauthenticated Arbitrary Directory Unmount via Symlink Attack

Fabric <1.1.0 - Local Privilege Escalation

Freedesktop Dbus - Symlink Following

OProfile < 0.9.6 - Arbitrary File Creation via Symlink Attack on opd_pipe

NetBSD <1.6.2 - Local Privilege Escalation

SPICE Firefox plug-in <2.4 - Local File Overwrite

openSUSE aaa_base < 11.2-43.48.1 and < 11.3-8.7.1 - Arbitrary File Overwrite via Symlink Attack on /dev/shm/mtab

GNOME Display Manager 2.x < 2.32.1 - Symlink Attack via dmrc or Face Icon File

PHP 5.3.5 - Arbitrary File Deletion via Symlink Attack on /var/lib/php5/

macOS X - Local File Existence Disclosure and MD5 Checksum Comparison via Symlink Attack on Temporary Files

PEAR < 1.9.2 - Arbitrary File Overwrite via Symlink Attack on package.xml

PEAR < 1.9.2 - Arbitrary File Overwrite via Symlink Attack on package.xml

Ruby Arbitrary File Deletion via Symlink Attack

feh < 1.11.2 - Arbitrary File Creation via Symlink Attack on Temporary File

Previous Page 48 of 61 Next

Details

Vulnerabilities 1,525

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy