Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

CVEs (1,500)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2008-6760 1Viart 1Viart Shop Apr 23, 2026 Apr 28, 2009 N/A· v4 N/A· v3 4.3 MEDIUM· v2 ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain sensitive information via an unauthenticated add and save action for a shopping cart in cart_save.php, which reveals the SQL table names in an error me...Show more ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain sensitive information via an unauthenticated add and save action for a shopping cart in cart_save.php, which reveals the SQL table names in an error message, related to code that mishandles the lack of a user_id parameter.Show less
CVE-2008-6759 1Viart 1Viart Shop Apr 23, 2026 Apr 28, 2009 N/A· v4 N/A· v3 4.3 MEDIUM· v2 ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain sensitive information via a URL in the POST_DATA parameter to manuals_search.php, which reveals the installation path in an error message.
CVE-2009-1253 1James Stone 1Tunapie Apr 23, 2026 Apr 9, 2009 N/A· v4 N/A· v3 4.4 MEDIUM· v2 James Stone Tunapie 2.1 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file.
CVE-2008-6552 2Fedoraproject Redhat 5Cluster Project CmanFedora+2 more Apr 23, 2026 Mar 30, 2009 N/A· v4 N/A· v3 6.9 MEDIUM· v2 Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs...Show more Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs2-utils before 2.03.09-1, and CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9.Show less
CVE-2009-0876 1Sun 1Xvm Virtualbox Apr 23, 2026 Mar 12, 2009 N/A· v4 N/A· v3 6.9 MEDIUM· v2 Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and 2.1.4r42893 on Linux allows local users to gain privileges via a hardlink attack, which preserves setuid/setgid bits on Linux, related to DT_RPATH:$O...Show more Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and 2.1.4r42893 on Linux allows local users to gain privileges via a hardlink attack, which preserves setuid/setgid bits on Linux, related to DT_RPATH:$ORIGIN.Show less
CVE-2008-6398 1Eric Raymond 1Sng Apr 23, 2026 Mar 4, 2009 N/A· v4 N/A· v3 6.9 MEDIUM· v2 sng_regress in SNG 1.0.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/recompiled$$.png, (2) /tmp/decompiled$$.sng, and (3) /tmp/canonicalized$$.sng temporary files.
CVE-2008-6397 1Alcovebook 1Sgml2x Apr 23, 2026 Mar 4, 2009 N/A· v4 N/A· v3 4.4 MEDIUM· v2 rlatex in AlcoveBook sgml2x 1.0.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2008-4284 1Ibm 1Websphere Application Server Apr 23, 2026 Feb 10, 2009 N/A· v4 N/A· v3 5.8 MEDIUM· v2 Open redirect vulnerability in the ibm_security_logout servlet in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.x versions, 6.0.x before 6.0.2.33, and 6.1.x before 6.1.0.23 allows remote attackers to redi...Show more Open redirect vulnerability in the ibm_security_logout servlet in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.x versions, 6.0.x before 6.0.2.33, and 6.1.x before 6.1.0.23 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage feature.Show less
CVE-2009-0473 1Rockwellautomation 1Controllogix 1756 Enbt/a Ethernet/ Ip Bridge Apr 23, 2026 Feb 6, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Open redirect vulnerability in the web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks...Show more Open redirect vulnerability in the web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.Show less
CVE-2009-0356 1Mozilla 1Firefox Apr 23, 2026 Feb 4, 2009 N/A· v4 N/A· v3 5.1 MEDIUM· v2 Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the (1) about:plugins and (2) about:config URIs from .desktop files, which allows user-assisted remote attackers to bypass the Same Origin Policy and execu...Show more Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the (1) about:plugins and (2) about:config URIs from .desktop files, which allows user-assisted remote attackers to bypass the Same Origin Policy and execute arbitrary code with chrome privileges via vectors involving the URL field in a Desktop Entry section of a .desktop file, related to representation of about: URIs as jar:file:// URIs. NOTE: this issue exists because of an incomplete fix for CVE-2008-4582.Show less
CVE-2009-0416 1Standards Based Linux Instrumentation 1Sblim Sfcb Apr 23, 2026 Feb 3, 2009 N/A· v4 N/A· v3 6.9 MEDIUM· v2 The SSL certificate setup program (genSslCert.sh) in Standards Based Linux Instrumentation for Manageability (SBLIM) sblim-sfcb 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /var/t...Show more The SSL certificate setup program (genSslCert.sh) in Standards Based Linux Instrumentation for Manageability (SBLIM) sblim-sfcb 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /var/tmp/key.pem, (2) /var/tmp/cert.pem, and (3) /var/tmp/ssl.cnf temporary files.Show less
CVE-2008-4990 1Enomaly 1Elastic Computing Platform Apr 23, 2026 Feb 2, 2009 N/A· v4 N/A· v3 6.9 MEDIUM· v2 Enomaly Elastic Computing Platform (ECP), formerly Enomalism, before 2.1.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/enomalism2.pid temporary file.
CVE-2009-0347 1Autonomy 1Ultraseek Apr 23, 2026 Jan 29, 2009 N/A· v4 N/A· v3 5.8 MEDIUM· v2 Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.
CVE-2009-0321 1Apple 1Safari Apr 23, 2026 Jan 28, 2009 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote attackers to cause a denial of service (infinite loop or access violation) via a link to an http URI in which the authority (aka hostname) portion is ei...Show more Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote attackers to cause a denial of service (infinite loop or access violation) via a link to an http URI in which the authority (aka hostname) portion is either a (1) . (dot) or (2) .. (dot dot) sequence.Show less
CVE-2009-0313 1Kegel 1Winetricks Apr 23, 2026 Jan 28, 2009 N/A· v4 N/A· v3 6.9 MEDIUM· v2 winetricks before 20081223 allows local users to overwrite arbitrary files via a symlink attack on the x_showmenu.txt temporary file.
CVE-2009-0032 1Apple 1Cups Apr 23, 2026 Jan 27, 2009 N/A· v4 N/A· v3 6.9 MEDIUM· v2 CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0 and 4.0, and Multi Network Firewall (MNF) 2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary fi...Show more CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0 and 4.0, and Multi Network Firewall (MNF) 2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file.Show less
CVE-1999-1593 1Microsoft 3Windows 2000 Windows 95Windows 98 Apr 23, 2026 Jan 15, 2009 N/A· v4 N/A· v3 7.6 HIGH· v2 Windows Internet Naming Service (WINS) allows remote attackers to cause a denial of service (connectivity loss) or steal credentials via a 1Ch registration that causes WINS to change the domain controller to point to a m...Show more Windows Internet Naming Service (WINS) allows remote attackers to cause a denial of service (connectivity loss) or steal credentials via a 1Ch registration that causes WINS to change the domain controller to point to a malicious server. NOTE: this problem may be limited when Windows 95/98 clients are used, or if the primary domain controller becomes unavailable.Show less
CVE-2008-5825 1Nokia 16131 Nfc Apr 23, 2026 Jan 2, 2009 N/A· v4 N/A· v3 2.6 LOW· v2 The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination of space, CR (aka \r...Show more The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination of space, CR (aka \r), and . (dot) characters, which allows remote attackers to trick a user into loading an arbitrary URI via a crafted NDEF tag, as demonstrated by (1) an http: URI for a malicious web site, (2) a tel: URI for a premium-rate telephone number, and (3) an sms: URI that triggers purchase of a ringtone.Show less
CVE-2008-5746 1Sun 1Snmp Management Agent Apr 23, 2026 Dec 29, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 Sun SNMP Management Agent (SUNWmasf) 1.4u2 through 1.5.4 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on temporary files.
CVE-2008-5743 1Pdfjam 1Pdfjam Apr 23, 2026 Dec 26, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 pdfjam creates the (1) pdf90, (2) pdfjoin, and (3) pdfnup files with a predictable name, which allows local users to overwrite arbitrary files via a symlink attack.

Previous 1...626364...75 Next