Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-59

CWE-59

Medium likelihood

Improper Link Resolution Before File Access ('Link Following')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1,532 vulnerabilities with CWE-59

wmFrog weather monitor <0.2.0 - Local Privilege Escalation

CVE-2004-1603 MEDIUM

cPanel 9.4.1-RELEASE-64 - Arbitrary File Read and Chown via Hard Link Following

CVE-2004-0689 HIGH

KDE < 3.3.0 - Arbitrary File Creation or Truncation via Stale Symbolic Link Handling

CVE-2004-0217 HIGH

Symantec AntiVirus Scan Engine 4.0 and 4.3 - Arbitrary File Write via Symlink Attack on LiveUpdate.log

CVE-2003-1233 CRITICAL

Pedestal Software Integrity Protection Driver < 1.3 - Privileged File Access Restriction Bypass via Symbolic Link

Firefox - Cookie Information Disclosure via Extra Dot in Domain

Fujitsu Siemens NetWorker 6.0 - Arbitrary File Overwrite via Symlink Attack on nsrsh Temporary File

CVE-2003-0844 HIGH

mod_gzip <1.3.26.1a - Local File Overwrite

CVE-2003-0517 MEDIUM

mgetty <1.1.28 - Local File Overwrite

CVE-2003-0578 HIGH

IBM U2 UniVerse <10.0.0.9 - Privilege Escalation

CVE-2002-2323 HIGH

Sun PC NetLink 1.0-1.2 - Improper Preservation of Permissions via Symbolic Link Handling

Sun PatchPro 2.0 - Race Condition via Unsafe Temporary File Handling

CVSup 1.2 - Arbitrary File Write via Symlink Attack on /var/tmp/cvsupd.out

CVE-2002-0725 MEDIUM

Windows NT 4.0 and Windows 2000 SP2 - Audit Trail Bypass via NTFS Hard Link

CVE-2002-0793 MEDIUM

QNX Neutrino Real-Time Operating System - Arbitrary File Overwrite via Hard Link Following

Freebsd Point-to-point Protocol Daemon - Symlink Following

a2ps <4.14 - Local Privilege Escalation

CVE-2001-1494 MEDIUM

util-linux <2.11 - Local Privilege Escalation

fetchmail <5.7.4 - Local Privilege Escalation

CVE-2001-1042 HIGH

Transsoft Broker FTP Server 5.9.5.0 - Arbitrary File Read via .lnk File Upload

CVE-2001-1043 HIGH

ArGoSoft FTP Server 1.2.2.2 - Arbitrary File Read via .lnk File Upload

CVE-2001-1386 HIGH

WFTPD 3.00 - Unauthenticated Arbitrary File Read via .lnk. Extension Bypass

Apache HTTP Server - Arbitrary File Overwrite via Symlink Attack

CVE-2000-1178 MEDIUM

Joe - Symbolic Link Following in Rescue Copy Creation

CVE-2000-0972 MEDIUM

HP-UX 11.00 - Arbitrary File Read via crontab Symlink Attack

Previous Page 61 of 62 Next

Details

Vulnerabilities 1,532

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy