CWE-59

Medium likelihood

Improper Link Resolution Before File Access ('Link Following')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1,532 vulnerabilities with CWE-59
CVE-2008-3791
GPicView 0.1.9 - Local Privilege Escalation
CVE-2008-3883
Caudium 1.4.12 - Local Privilege Escalation
CVE-2008-3699
Amarok <1.4.10 - Local File Overwrite
CVE-2008-3456
phpMyAdmin < 2.11.8 - Cross-Site Framing
CVE-2008-3329
Links < 2.1 - Unauthenticated Arbitrary File Access via URL Handling
CVE-2008-3261
Claroline < 1.8.10 - Open Redirect via URL Parameter
CVE-2008-3216
projectl <1.001 - Local Info Disclosure
CVE-2008-3227
Joomla! < 1.5.4 - Open Redirect via User Redirect Spam Fix
CVE-2008-2311
Apple Mac OS X - Remote Code Execution via Symlink Race Condition
CVE-2008-2389
openSUSE 10.2 - Arbitrary File Access via Symlink Attack
CVE-2008-0167
GForge - Unspecified Impact via Configuration File Truncation
CVE-2008-2266
nzbget < 0.3.0 - Arbitrary File Overwrite via Symlink Attack on Temporary Filename
CVE-2008-1103
Blender - Unspecified Temporary File Vulnerability
CVE-2008-1694
Emacs 20.7-22.1.50 - Local File Overwrite
CVE-2008-1901
apltinex <0.91 - Local Info Disclosure
CVE-2008-1832
Cecilia 2.0.5 - Local Privilege Escalation
CVE-2008-1684
Solaris 10 - Arbitrary File Write via Symlink Attack on Debug Log
CVE-2008-1569
policyd-weight <0.1.14.16 - Local File Modification
CVE-2008-1241
Mozilla Firefox <2.0.0.13 & SeaMonkey <1.1.9 - XSS
CVE-2008-1417
axyl 2.1.7 - Arbitrary File Overwrite via Symlink Attack on axyl.conf Temporary File
CVE-2008-1199
Dovecot - Symlink Attack via mail_extra_groups Configuration
CVE-2008-0883
Adobe Acrobat Reader 8.1.2 - Arbitrary File Overwrite via Symlink Attack on SSL Certificate Temporary Files
CVE-2008-0930
XWine 1.0.1 - Arbitrary File Overwrite via Symlink Attack on Temporary File
CVE-2008-1078
Gentoo and rPath Linux - Arbitrary File Overwrite via Symlink Attack on expn Temporary File
CVE-2008-0870
BEA WebLogic Portal 9.2-10.0 - Session Hijacking via HTTPS to HTTP Redirect
Details
Vulnerabilities 1,532
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits