Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

CVEs (1,500)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2011-2533 1Freedesktop 1Dbus Apr 29, 2026 Jun 22, 2011 N/A· v4 N/A· v3 3.3 LOW· v2 The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/.
CVE-2011-2473 1Maynard Johnson 1Oprofile Apr 29, 2026 Jun 9, 2011 N/A· v4 N/A· v3 6.3 MEDIUM· v2 The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to create or overwrite arbitrary files via a crafted --session-dir argument in conjunction with a symlink attack on the o...Show more The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to create or overwrite arbitrary files via a crafted --session-dir argument in conjunction with a symlink attack on the opd_pipe file, a different vulnerability than CVE-2011-1760.Show less
CVE-2011-1920 2Ihji Netbsd 2Netbsd Pmake Apr 29, 2026 May 23, 2011 N/A· v4 N/A· v3 3.3 LOW· v2 The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib....Show more The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk.Show less
CVE-2011-0012 1Redhat 1Spice Xpi Apr 29, 2026 Apr 18, 2011 N/A· v4 N/A· v3 3.3 LOW· v2 The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows local users to overwrite arbitrary files via a symlink attack on the usbrdrctl log file, which has a predictable name.
CVE-2011-0461 1Opensuse 1Opensuse Apr 29, 2026 Apr 4, 2011 N/A· v4 N/A· v3 6.3 MEDIUM· v2 /etc/init.d/boot.localfs in the aaa_base package before 11.2-43.48.1 in SUSE openSUSE 11.2, and before 11.3-8.7.1 in openSUSE 11.3, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/mtab.
CVE-2011-0727 1Gnome 1Gdm Apr 29, 2026 Mar 31, 2011 N/A· v4 N/A· v3 6.9 MEDIUM· v2 GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/.
CVE-2011-0441 1Php 1Php Apr 29, 2026 Mar 29, 2011 N/A· v4 N/A· v3 6.3 MEDIUM· v2 The Debian GNU/Linux /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/.
CVE-2011-1073 2Apple Freebsd 2Freebsd Mac Os X Apr 29, 2026 Mar 4, 2011 N/A· v4 N/A· v3 1.9 LOW· v2 crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users to (1) determine the existence of arbitrary files via a symlink attack on a /tmp/crontab.XXXXXXXXXX temporary file and (2) perform MD5 checksum compar...Show more crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users to (1) determine the existence of arbitrary files via a symlink attack on a /tmp/crontab.XXXXXXXXXX temporary file and (2) perform MD5 checksum comparisons on arbitrary pairs of files via two symlink attacks on /tmp/crontab.XXXXXXXXXX temporary files.Show less
CVE-2011-1144 1Php 1Pear Apr 29, 2026 Mar 3, 2011 N/A· v4 N/A· v3 3.3 LOW· v2 The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-downlo...Show more The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1072.Show less
CVE-2011-1072 1Php 1Pear Apr 29, 2026 Mar 3, 2011 N/A· v4 N/A· v3 3.3 LOW· v2 The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download di...Show more The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519.Show less
CVE-2011-1004 1Ruby Lang 1Ruby Apr 29, 2026 Mar 2, 2011 N/A· v4 N/A· v3 6.3 MEDIUM· v2 The FileUtils.remove_entry_secure method in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, 1.8.8dev, 1.9.1 through 1.9.1-430, 1.9.2 through 1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via...Show more The FileUtils.remove_entry_secure method in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, 1.8.8dev, 1.9.1 through 1.9.1-430, 1.9.2 through 1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via a symlink attack.Show less
CVE-2011-1031 1Feh Project 1Feh Apr 29, 2026 Feb 14, 2011 N/A· v4 N/A· v3 3.3 LOW· v2 The feh_unique_filename function in utils.c in feh 1.11.2 and earlier might allow local users to create arbitrary files via a symlink attack on a /tmp/feh_ temporary file, a different vulnerability than CVE-2011-0702.
CVE-2011-0702 1Feh Project 1Feh Apr 29, 2026 Feb 14, 2011 N/A· v4 N/A· v3 3.3 LOW· v2 The feh_unique_filename function in utils.c in feh before 1.11.2 might allow local users to overwrite arbitrary files via a symlink attack on a /tmp/feh_ temporary file.
CVE-2011-0754 1Php 1Php Apr 29, 2026 Feb 2, 2011 N/A· v4 N/A· v3 4.4 MEDIUM· v2 The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks...Show more The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check.Show less
CVE-2011-0017 1Exim 1Exim Apr 29, 2026 Feb 2, 2011 N/A· v4 N/A· v3 6.9 MEDIUM· v2 The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
CVE-2010-3879 1Libfuse Project 1Libfuse Apr 29, 2026 Jan 22, 2011 N/A· v4 N/A· v3 5.8 MEDIUM· v2 FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE file...Show more FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem, a different vulnerability than CVE-2010-0789.Show less
CVE-2010-4338 1Jwilk 1Ocrodjvu Apr 29, 2026 Jan 20, 2011 N/A· v4 N/A· v3 6.2 MEDIUM· v2 ocrodjvu 0.4.6-1 on Debian GNU/Linux allows local users to modify arbitrary files via a symlink attack on temporary files that are generated when Cuneiform is invoked as the OCR engine.
CVE-2010-4337 1Gnu 1Gnash Apr 29, 2026 Jan 14, 2011 N/A· v4 N/A· v3 3.3 LOW· v2 The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/gnash-configure-errors.$$, (2) /tmp/gnash-configure-warnings.$$, or (3) /tmp/gnash-configure-recomm...Show more The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/gnash-configure-errors.$$, (2) /tmp/gnash-configure-warnings.$$, or (3) /tmp/gnash-configure-recommended.$$ files.Show less
CVE-2011-0402 1Debian 1Dpkg Apr 29, 2026 Jan 11, 2011 N/A· v4 N/A· v3 6.8 MEDIUM· v2 dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory.
CVE-2011-0007 1Troglobit 1Pimd Apr 29, 2026 Jan 11, 2011 N/A· v4 N/A· v3 3.3 LOW· v2 pimd 2.1.5 and possibly earlier versions allows user-assisted local users to overwrite arbitrary files via a symlink attack on (1) pimd.dump when a USR1 signal is sent, or (2) pimd.cache when USR2 is sent.

Previous 1...596061...75 Next