Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

CVEs (1,500)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2008-4941 1Arb Project 1Arb Common Apr 23, 2026 Nov 5, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 arb-common 0.0.20071207.1 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/arb_fdnaml_, (b) /tmp/arb_pids_, (c) /tmp/arbdsmz.html, and (d) /tmp/arbdsmz.htm temporary files, related to th...Show more arb-common 0.0.20071207.1 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/arb_fdnaml_, (b) /tmp/arb_pids_, (c) /tmp/arbdsmz.html, and (d) /tmp/arbdsmz.htm temporary files, related to the (1) arb_fastdnaml and (2) dszmconnect.pl scripts.Show less
CVE-2008-4940 1Aptoncd 1Aptoncd Apr 23, 2026 Nov 5, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 xmlfile.py in aptoncd 0.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/aptoncd temporary file.
CVE-2008-4939 1Apertium 1Apertium Apr 23, 2026 Nov 5, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 apertium 3.0.7 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/#####.lex.cc, (b) /tmp/#####.deformat.l, (c) /tmp/#####.reformat.l, (d) /tmp/#####docxorig, (e) /tmp/#####docxsalida.zip, (f...Show more apertium 3.0.7 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/#####.lex.cc, (b) /tmp/#####.deformat.l, (c) /tmp/#####.reformat.l, (d) /tmp/#####docxorig, (e) /tmp/#####docxsalida.zip, (f) /tmp/#####xlsxembed, (g) /tmp/#####xlsxorig, and (h) /tmp/#####xslxsalida.zip temporary files, related to the (1) apertium-gen-deformat, (2) apertium-gen-reformat, and (3) apertium scripts.Show less
CVE-2008-4938 1Aegis 2Aegis Aegis Web Apr 23, 2026 Nov 5, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 aegis 4.24 and aegis-web 4.24 allow local users to overwrite arbitrary files via a symlink attack on (a) /tmp/#####, (b) /tmp/#####.intro, (c) /tmp/aegis.#####.ae, (d) /tmp/aegis.#####, (e) /tmp/aegis.#####.1, (f) /tmp/a...Show more aegis 4.24 and aegis-web 4.24 allow local users to overwrite arbitrary files via a symlink attack on (a) /tmp/#####, (b) /tmp/#####.intro, (c) /tmp/aegis.#####.ae, (d) /tmp/aegis.#####, (e) /tmp/aegis.#####.1, (f) /tmp/aegis.#####.2, (g) /tmp/aegis.#####.log, and (h) /tmp/aegis.#####.out temporary files, related to the (1) bng_dvlpd.sh, (2) bng_rvwd.sh, (3) awt_dvlp.sh, (4) awt_intgrtn.sh, and (5) aegis.cgi scripts.Show less
CVE-2008-4937 1Openoffice 1Openoffice.org Apr 23, 2026 Nov 5, 2008 N/A· v4 N/A· v3 2.6 LOW· v2 senddoc in OpenOffice.org (OOo) 2.4.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/log.obr.##### temporary file.
CVE-2008-4936 1Gert Doering 1Mgetty Apr 23, 2026 Nov 5, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/faxsp.##### temporary file.
CVE-2008-4935 1Amiga 1Aview Apr 23, 2026 Nov 5, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 asciiview in aview 1.3.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/aview#####.pgm temporary file.
CVE-2008-4908 1Crossfire 1Crossfire Apr 23, 2026 Nov 4, 2008 N/A· v4 N/A· v3 3.3 LOW· v2 maps/Info/combine.pl in CrossFire crossfire-maps 1.11.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
CVE-2008-4694 1Opera 1Opera Browser Apr 23, 2026 Oct 23, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 Unspecified vulnerability in Opera before 9.60 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a redirect that specifies a crafted URL.
CVE-2008-4639 1Sentex 1Jhead Apr 23, 2026 Oct 21, 2008 N/A· v4 N/A· v3 4.6 MEDIUM· v2 jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
CVE-2008-4580 1Gentoo 2Cman Fence Apr 23, 2026 Oct 15, 2008 N/A· v4 N/A· v3 7.2 HIGH· v2 fence_manual, as used in fence 2.02.00-r1 and possibly cman, allows local users to modify arbitrary files via a symlink attack on the fence_manual.fifo temporary file.
CVE-2008-4579 1Gentoo 2Cman Fence Apr 23, 2026 Oct 15, 2008 N/A· v4 N/A· v3 1.9 LOW· v2 The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) fence 2.02.00-r1 and possibly (b) cman, when running in verbose mode, allows local users to append to arbitrary files via a symlink attack on the apclog t...Show more The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) fence 2.02.00-r1 and possibly (b) cman, when running in verbose mode, allows local users to append to arbitrary files via a symlink attack on the apclog temporary file.Show less
CVE-2008-4553 1Qemu 1Qemu Apr 23, 2026 Oct 15, 2008 N/A· v4 N/A· v3 7.2 HIGH· v2 qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files and directories.
CVE-2008-4477 1Jim Trocki 1Mon Apr 23, 2026 Oct 8, 2008 N/A· v4 N/A· v3 7.2 HIGH· v2 alert.d/test.alert in mon 0.99.2 allows local users to overwrite arbitrary files via a symlink attack on the test.alert.log temporary file.
CVE-2008-4476 1Sympa 1Sympa Apr 23, 2026 Oct 7, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sympa_aliases.$$ temporary file. NOTE: wwsympa.fcgi was also reported, but the issue occurred in a dead function,...Show more sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sympa_aliases.$$ temporary file. NOTE: wwsympa.fcgi was also reported, but the issue occurred in a dead function, so it is not a vulnerability.Show less
CVE-2008-4475 1Gnu 1Ibackup Apr 23, 2026 Oct 7, 2008 N/A· v4 N/A· v3 7.2 HIGH· v2 ibackup 2.27 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2008-4474 1Freeradius 1Freeradius Apr 23, 2026 Oct 7, 2008 N/A· v4 N/A· v3 7.2 HIGH· v2 freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) t...Show more freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) truncate_radacct.Show less
CVE-2008-4440 1Debian 1Feta Apr 23, 2026 Oct 3, 2008 N/A· v4 N/A· v3 7.2 HIGH· v2 The to-upgrade plugin in feta 1.4.16 allows local users to overwrite arbitrary files via a symlink on the (1) /tmp/feta.install.$USER and (2) /tmp/feta.avail.$USER temporary files.
CVE-2008-4406 1Debian 1Xsabre Apr 23, 2026 Oct 3, 2008 N/A· v4 N/A· v3 7.2 HIGH· v2 A certain Debian patch to the run scripts for sabre (aka xsabre) 0.2.4b allows local users to delete or overwrite arbitrary files via a symlink attack on unspecified .tmp files.
CVE-2008-3521 1Jasper Project 1Jasper Apr 23, 2026 Oct 2, 2008 N/A· v4 N/A· v3 7.2 HIGH· v2 Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file,...Show more Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit. NOTE: this was originally reported as a symlink issue, but this was incorrect. NOTE: some vendors dispute the severity of this issue, but it satisfies CVE's requirements for inclusion.Show less

Previous 1...686970...75 Next