Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

CVEs (1,500)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2008-5742 1Netcat 1Netcat Apr 23, 2026 Dec 26, 2008 N/A· v4 N/A· v3 4.0 MEDIUM· v2 Multiple open redirect vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the redirect parameter in a logoff action to mod...Show more Multiple open redirect vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the redirect parameter in a logoff action to modules/auth/index.php or (2) the url parameter to modules/linkmanager/redirect.php. NOTE: this was reported within an "HTTP Response Splitting" section in the original disclosure.Show less
CVE-2008-5706 1Verlihub Project 1Verlihub Apr 23, 2026 Dec 22, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechanism in the daemon in Verlihub 0.9.8d-RC2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/trigger.tmp tempo...Show more The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechanism in the daemon in Verlihub 0.9.8d-RC2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/trigger.tmp temporary file.Show less
CVE-2008-5704 1Gpsdrive 1Gpsdrive Apr 23, 2026 Dec 22, 2008 N/A· v4 N/A· v3 7.6 HIGH· v2 src/unit_test.c in gpsdrive (aka gpsdrive-scripts) 2.10~pre4 might allow local users to overwrite arbitrary files via a symlink attack on the /tmp/gpsdrive-unit-test/proc temporary file, a different vector than CVE-2008-...Show more src/unit_test.c in gpsdrive (aka gpsdrive-scripts) 2.10~pre4 might allow local users to overwrite arbitrary files via a symlink attack on the /tmp/gpsdrive-unit-test/proc temporary file, a different vector than CVE-2008-4959 and CVE-2008-5380.Show less
CVE-2008-5703 1Gpsdrive 1Gpsdrive Apr 23, 2026 Dec 22, 2008 N/A· v4 N/A· v3 6.2 MEDIUM· v2 gpsdrive (aka gpsdrive-scripts) 2.10~pre4 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/.smswatch or (b) /tmp/gpsdrivepos temporary file, related to (1) examples/gpssmswatch and (2)...Show more gpsdrive (aka gpsdrive-scripts) 2.10~pre4 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/.smswatch or (b) /tmp/gpsdrivepos temporary file, related to (1) examples/gpssmswatch and (2) src/splash.c, different vectors than CVE-2008-4959 and CVE-2008-5380.Show less
CVE-2008-5394 1Debian 1Shadow Apr 23, 2026 Dec 9, 2008 N/A· v4 N/A· v3 7.2 HIGH· v2 /bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (...Show more /bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry.Show less
CVE-2008-5380 1Gpsdrive 1Gpsdrive Apr 23, 2026 Dec 8, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite arbitrary files via a symlink attack on an (a) /tmp/geo#####, a (b) /tmp/geocaching.loc, a (c) /tmp/geo#####., or a (d) /tmp/geo. temporary file, rel...Show more gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite arbitrary files via a symlink attack on an (a) /tmp/geo#####, a (b) /tmp/geocaching.loc, a (c) /tmp/geo#####., or a (d) /tmp/geo. temporary file, related to the (1) geo-code and (2) geo-nearest scripts, different vectors than CVE-2008-4959.Show less
CVE-2008-5379 1Oliver Gorwits 1Netdisco Mibs Installer Apr 23, 2026 Dec 8, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 netdisco-mibs-installer 1.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/netdisco-mibs-0.6.tar.gz temporary file, related to the (1) netdisco-mibs-install and (2) netdisco-mibs-downloa...Show more netdisco-mibs-installer 1.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/netdisco-mibs-0.6.tar.gz temporary file, related to the (1) netdisco-mibs-install and (2) netdisco-mibs-download scripts.Show less
CVE-2008-5378 1Lehrstuhl Fur Mikrobiologie 1Arb Apr 23, 2026 Dec 8, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 arb-kill in arb 0.0.20071207.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/arb_pids__ temporary file.
CVE-2008-5377 1Apple 1Cups Apr 23, 2026 Dec 8, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333.
CVE-2008-5376 1Crip 1Crip Apr 23, 2026 Dec 8, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 editcomment in crip 3.7 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.tag.tmp temporary file.
CVE-2008-5375 1Cmus 1Cmus Apr 23, 2026 Dec 8, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 cmus-status-display in cmus 2.2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/cmus-status temporary file.
CVE-2008-5374 1Matthias Klose 1Bash Doc Apr 23, 2026 Dec 8, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 bash-doc 3.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/cb#####.? temporary file, related to the (1) aliasconv.sh, (2) aliasconv.bash, and (3) cshtobash scripts.
CVE-2008-5373 1Bacula 1Bacula Apr 23, 2026 Dec 8, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mtx.##### temporary file, probably a related issue to CVE-2005-2995.
CVE-2008-5372 1Jonas Smedegaard 1Sdm Terminal Apr 23, 2026 Dec 8, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 sdm-login in sdm-terminal 0.4.0b allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sdm.autologin.once temporary file.
CVE-2008-5371 1Marc Gloor 1Screenie Apr 23, 2026 Dec 8, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 screenie in screenie 1.30.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.screenie.##### temporary file.
CVE-2008-5370 1Pvpgn 1Pvpgn Apr 23, 2026 Dec 8, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 pvpgn-support-installer in pvpgn 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pvpgn-support-1.0.tar.gz temporary file.
CVE-2008-5369 1No Ip 1No Ip2 Apr 23, 2026 Dec 8, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 noip2 in noip2 2.1.7 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/noip2 temporary file.
CVE-2008-5368 1Lukas Ruf 1Muttprint Apr 23, 2026 Dec 8, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 muttprint in muttprint 0.72d allows local users to overwrite arbitrary files via a symlink attack on the /tmp/muttprint.log temporary file.
CVE-2008-5367 1Marco D'itri 1Ppp Udeb Apr 23, 2026 Dec 8, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the /tmp/resolv.conf.tmp temporary file.
CVE-2008-5366 1Marco D'itri 1Ppp Apr 23, 2026 Dec 8, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/probe-finished or (2) /tmp/ppp-errors temporary file.

Previous 1...636465...75 Next