Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

CVEs (1,500)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2008-5141 1Dann Frazier 1Flamethrower Apr 23, 2026 Nov 18, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 flamethrower in flamethrower 0.1.8 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/multicast.tar.##### temporary file.
CVE-2008-5140 1Debian 1Mailscanner Apr 23, 2026 Nov 18, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 trend-autoupdate.new in mailscanner 4.55.10 and other versions before 4.74.16-1 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/opr.ini.##### or (2) /tmp/lpt*.zip temporary file.
CVE-2008-5139 1Javier Fernandez 1Jailer Apr 23, 2026 Nov 18, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 updatejail in jailer 0.4 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/#####.updatejail temporary file.
CVE-2008-5138 1Bkleineidam 1Libpam Mount Apr 23, 2026 Nov 18, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 passwdehd in libpam-mount 0.43 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/passwdehd.##### temporary file.
CVE-2008-5137 1Tkman 1Tkman Apr 23, 2026 Nov 18, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 tkman in tkman 2.2 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/tkman##### or (2) /tmp/ll temporary file.
CVE-2008-5136 1Ldrolez 1Tkusr Apr 23, 2026 Nov 18, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 tkusr in tkusr 0.82 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/tkusr.pgm temporary file.
CVE-2008-5135 1Debian 1Os Prober Apr 23, 2026 Nov 18, 2008 N/A· v4 N/A· v3 6.2 MEDIUM· v2 os-prober in os-prober 1.17 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/mounted-map or (2) /tmp/raided-map temporary file. NOTE: the vendor disputes this issue, stating "the inse...Show more os-prober in os-prober 1.17 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/mounted-map or (2) /tmp/raided-map temporary file. NOTE: the vendor disputes this issue, stating "the insecure code path should only ever run inside a d-i environment, which has no non-root users.Show less
CVE-2008-4832 1Rpath 1Initscripts Apr 23, 2026 Nov 17, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows local users to delete arbitrary files via a symlink attack on a directory under (1) /var/lock or (2) /var/run. NOTE: this issue exists because of a rac...Show more rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows local users to delete arbitrary files via a symlink attack on a directory under (1) /var/lock or (2) /var/run. NOTE: this issue exists because of a race condition in an incorrect fix for CVE-2008-3524. NOTE: exploitation may require an unusual scenario in which rc.sysinit is executed other than at boot time.Show less
CVE-2008-5034 1A Mennucc1 1Printfilters Ppd Apr 23, 2026 Nov 10, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 master-filter in printfilters-ppd 2.13 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filter.debug temporary file. NOTE: the vendor disputes this vulnerability, stating 'this package do...Show more master-filter in printfilters-ppd 2.13 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filter.debug temporary file. NOTE: the vendor disputes this vulnerability, stating 'this package does not have " possibility of attack with the help of symlinks"'Show less
CVE-2008-5007 1Lazarus 1Lazarus Apr 23, 2026 Nov 10, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 create_lazarus_export_tgz.sh in lazarus 0.9.24 allows local users to overwrite or delete arbitrary files via a symlink attack on a (1) /tmp/lazarus.tgz temporary file or a (2) /tmp/lazarus temporary directory.
CVE-2008-4998 1Twiki 1Twiki Apr 23, 2026 Nov 7, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 postinst in twiki 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/twiki temporary file. NOTE: the vendor disputes this vulnerability, stating "this bug is invalid.
CVE-2008-4997 1Pilot Qof 1Datafreedom Perl Apr 23, 2026 Nov 7, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 dfxml-invoice in datafreedom-perl 0.1.7 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/zenity temporary file. NOTE: the vendor disputes this vulnerability, stating that the vector is so...Show more dfxml-invoice in datafreedom-perl 0.1.7 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/zenity temporary file. NOTE: the vendor disputes this vulnerability, stating that the vector is solely "an EXAMPLE used in the manpage.Show less
CVE-2008-4996 1Debian 1Initramfs Tools Apr 23, 2026 Nov 7, 2008 N/A· v4 5.5 MEDIUM· v3 6.9 MEDIUM· v2 init in initramfs-tools 0.92f allows local users to overwrite arbitrary files via a symlink attack on the /tmp/initramfs.debug temporary file. NOTE: the vendor disputes this vulnerability, stating that "init is [used in...Show more init in initramfs-tools 0.92f allows local users to overwrite arbitrary files via a symlink attack on the /tmp/initramfs.debug temporary file. NOTE: the vendor disputes this vulnerability, stating that "init is [used in] a single-user context; there's no possibility that this is exploitable.Show less
CVE-2008-4995 1Jose M.vidal 1Bk2site Apr 23, 2026 Nov 7, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 redirect.pl in bk2site 1.1.9 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/redirect.log temporary file. NOTE: this vulnerability is only limited to debug mode, which is disabled by defa...Show more redirect.pl in bk2site 1.1.9 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/redirect.log temporary file. NOTE: this vulnerability is only limited to debug mode, which is disabled by default.Show less
CVE-2008-4994 1Ti Kan 1Xmcd Apr 23, 2026 Nov 7, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 The (1) ncsarmt and (2) ncsawrap scripts in xmcd 2.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.*pid temporary file.
CVE-2008-4993 1Xen 1Xen Apr 23, 2026 Nov 7, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/args temporary file.
CVE-2008-4988 1Lars Bahner 1Xcal Apr 23, 2026 Nov 6, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 pscal in xcal 4.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/pscal##### temporary file.
CVE-2008-4987 1Xastir 1Xastir Apr 23, 2026 Nov 6, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 xastir 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/ldconfig.tmp, (b) /tmp/ldconf.tmp, and (c) /tmp/ld.so.conf temporary files, related to the (1) get-maptools.sh and (2) get...Show more xastir 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/ldconfig.tmp, (b) /tmp/ldconf.tmp, and (c) /tmp/ld.so.conf temporary files, related to the (1) get-maptools.sh and (2) get_shapelib.sh scripts.Show less
CVE-2008-4986 1Georges Khaznadar 1Wims Apr 23, 2026 Nov 6, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 wims 3.62 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/env#####, (b) /tmp/sed#####, and (c) /tmp/referer-home.log temporary files, related to the (1) coqweb and (2) account.sh scripts.
CVE-2008-4985 1Cadsoft 1Vdr Apr 23, 2026 Nov 6, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 vdrleaktest in Video Disk Recorder (aka vdr-dbg or vdr) 1.6.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/memleaktest.log temporary file.

Previous 1...656667...75 Next