Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

CVEs (1,500)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2010-0156 1Puppet 1Puppet Apr 29, 2026 Mar 3, 2010 N/A· v4 N/A· v3 3.3 LOW· v2 Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.a...Show more Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux temporary file.Show less
CVE-2010-0789 1Fuse 1Fuse Apr 29, 2026 Mar 2, 2010 N/A· v4 N/A· v3 3.3 LOW· v2 fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local users to unmount an arbitrary FUSE filesystem share via a symlink attack on a mountpoint.
CVE-2010-0788 1Ncpfs 1Ncpfs Apr 29, 2026 Mar 2, 2010 N/A· v4 N/A· v3 4.4 MEDIUM· v2 ncpfs 2.2.6 allows local users to cause a denial of service, obtain sensitive information, or possibly gain privileges via symlink attacks involving the (1) ncpmount and (2) ncpumount programs.
CVE-2010-0787 1Samba 1Samba Apr 29, 2026 Mar 2, 2010 N/A· v4 N/A· v3 4.4 MEDIUM· v2 client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a symlink attack on the mo...Show more client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a symlink attack on the mountpoint directory file.Show less
CVE-2010-0424 2Fedorahosted Paul Vixie 2Cronie Vixie Cron Apr 29, 2026 Feb 25, 2010 N/A· v4 N/A· v3 3.3 LOW· v2 The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie cron (vixie-cron) allows local users to change the modification times of arbitrary files, and consequently cause a denial of service, via a syml...Show more The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie cron (vixie-cron) allows local users to change the modification times of arbitrary files, and consequently cause a denial of service, via a symlink attack on a temporary file in the /tmp directory.Show less
CVE-2010-0118 1Becauseinter 1Bournal Apr 29, 2026 Feb 25, 2010 N/A· v4 N/A· v3 3.3 LOW· v2 Bournal before 1.4.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files associated with a --hack_the_gibson update check.
CVE-2009-4454 1Saini 1Videocache Apr 23, 2026 Dec 29, 2009 N/A· v4 N/A· v3 3.3 LOW· v2 vccleaner in VideoCache 1.9.2 allows local users with Squid proxy user privileges to overwrite arbitrary files via a symlink attack on /var/log/videocache/vccleaner.log.
CVE-2009-4135 3Canonical FedoraprojectGnu 3Coreutils FedoraUbuntu Linux Apr 23, 2026 Dec 11, 2009 N/A· v4 N/A· v3 4.4 MEDIUM· v2 The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.
CVE-2009-3304 1Gforge 1Gforge Apr 23, 2026 Dec 4, 2009 N/A· v4 N/A· v3 3.3 LOW· v2 GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to overwrite arbitrary files via a symlink attack on authorized_keys files in users' home directories, related to deb-specific/ssh_dump_update.pl and cronjobs/cvs-cron...Show more GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to overwrite arbitrary files via a symlink attack on authorized_keys files in users' home directories, related to deb-specific/ssh_dump_update.pl and cronjobs/cvs-cron/ssh_create.php.Show less
CVE-2009-4193 1Merkaartor 1Merkaartor Apr 23, 2026 Dec 3, 2009 N/A· v4 N/A· v3 3.3 LOW· v2 Merkaartor 0.14 allows local users to append data to arbitrary files via a symlink attack on the /tmp/merkaartor.log temporary file.
CVE-2009-4030 2Mysql Oracle 2Mysql Mysql Apr 23, 2026 Nov 30, 2009 N/A· v4 N/A· v3 4.4 MEDIUM· v2 MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated w...Show more MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079.Show less
CVE-2008-7247 2Mysql Oracle 2Mysql Mysql Apr 23, 2026 Nov 30, 2009 N/A· v4 N/A· v3 6.0 MEDIUM· v2 sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass int...Show more sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink.Show less
CVE-2009-1297 2Novell Opensuse 2Opensuse Suse Linux Apr 23, 2026 Oct 23, 2009 N/A· v4 N/A· v3 4.4 MEDIUM· v2 iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unsp...Show more iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name.Show less
CVE-2009-2939 1Postfix 1Postfix Apr 23, 2026 Sep 21, 2009 N/A· v4 N/A· v3 6.9 MEDIUM· v2 The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite...Show more The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files.Show less
CVE-2009-1867 1Adobe 3Air Flash PlayerFlex Apr 23, 2026 Jul 31, 2009 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "clickjacking vulnerability....Show more Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "clickjacking vulnerability."Show less
CVE-2009-1893 2Isc Redhat 2Dhcp Enterprise Linux Apr 23, 2026 Jul 17, 2009 N/A· v4 N/A· v3 6.9 MEDIUM· v2 The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise Linux (RHEL) 3 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file, related...Show more The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise Linux (RHEL) 3 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file, related to the "dhcpd -t" command.Show less
CVE-2009-1962 2Debian Xfig 2Debian Linux Xfig Apr 23, 2026 Jun 8, 2009 N/A· v4 N/A· v3 4.4 MEDIUM· v2 Xfig, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfi...Show more Xfig, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8) xfig-export[PID].err, (9) xfig-batch[PID], (10) xfig-exp[PID], or (11) xfig-spell.[PID] temporary files, where [PID] is a process ID.Show less
CVE-2009-1753 1Emn 1Coccinelle Apr 23, 2026 May 22, 2009 N/A· v4 N/A· v3 3.3 LOW· v2 Coccinelle 0.1.7 allows local users to overwrite arbitrary files via a symlink attack on an unspecified "result file."
CVE-2009-1526 1Directadmin 1Directadmin Dec 16, 2025 May 5, 2009 N/A· v4 N/A· v3 6.9 MEDIUM· v2 JBMC Software DirectAdmin before 1.334 allows local users to create or overwrite any file via a symlink attack on an arbitrary file in a certain temporary directory, related to a request for this temporary file in the PA...Show more JBMC Software DirectAdmin before 1.334 allows local users to create or overwrite any file via a symlink attack on an arbitrary file in a certain temporary directory, related to a request for this temporary file in the PATH_INFO to the CMD_DB script during a backup action.Show less
CVE-2008-6762 1Wordpress 1Wordpress Apr 23, 2026 Apr 28, 2009 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Open redirect vulnerability in wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backto parameter.

Previous 1...616263...75 Next