Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-59

CWE-59

Medium likelihood

Improper Link Resolution Before File Access ('Link Following')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1,527 vulnerabilities with CWE-59

Ruby Arbitrary File Deletion via Symlink Attack

feh < 1.11.2 - Arbitrary File Creation via Symlink Attack on Temporary File

feh < 1.11.2 - Arbitrary File Overwrite via Symlink Attack on Temporary File

PHP < 5.3.4 - Improper Link Resolution in SplFileInfo::getType

Exim <4.72 - Local Privilege Escalation

dpkg < 1.14.31 - Arbitrary File Modification via Symlink Attack in .pc Directory

pimd <2.1.5 - Local Privilege Escalation

CVE-2010-4817 MEDIUM

pithos < 0.3.5 - Arbitrary File Overwrite via Symlink

CVE-2010-3095 MEDIUM

mailscanner <4.79.11-2.1 - Local File Overwrite

CVE-2010-0398 MEDIUM

autokey < 0.61.3 - Arbitrary File Write via Symlink Attack

CVE-2010-2064 HIGH

rpcbind 0.2.0 - Privilege Escalation via Symlink Attack on Temporary Files

Blender <2.63a - Local Privilege Escalation

CVE-2010-4226 HIGH

GNU cpio - Arbitrary File Overwrite via Symlink in RPM Package Archive

libfuse < 2.8.5 - Unauthenticated Arbitrary Filesystem Unmount via Symlink Attack

ocrodjvu 0.4.6-1 - Arbitrary File Modification via Symlink Attack on Temporary Files

gnash 0.8.8 - Arbitrary File Overwrite via Symlink Attack on Temporary Files

glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation

libsdp < 1.1.104 - Arbitrary File Write via Symlink Attack on /tmp/libsdp.log

OpenFabrics Enterprise Distribution 1.5.2 - Arbitrary File Overwrite via Symlink Attack on Temporary File

phpCAS < 1.1.3 - Arbitrary File Write via Symlink Attack

spice-xpi - Arbitrary File Overwrite via Symlink Attack on Log File

GNU gv < 3.7.0 - Arbitrary File Overwrite via Symlink Attack

libpam-modules <1.1.0-2ubuntu1.1/1.1.1-2ubuntu5 - Privilege Escalation

CUPS < 1.4.4 - Arbitrary File Overwrite via Symlink Attack on Cache Files

pmount 0.9.18 - Arbitrary File Overwrite via Symlink Attack in make_lockdir_name

Previous Page 49 of 62 Next

Details

Vulnerabilities 1,527

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy