Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

CVEs (1,500)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2008-4192 1Redhat 1Cman Apr 23, 2026 Sep 29, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 The pserver_shutdown function in fence_egenera in cman 2.20080629 and 2.20080801 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/eglog temporary file.
CVE-2008-3524 1Redhat 2Fedora Initscripts Apr 23, 2026 Sep 29, 2008 N/A· v4 N/A· v3 4.7 MEDIUM· v2 rc.sysinit in initscripts before 8.76.3-1 on Fedora 9 and other Linux platforms allows local users to delete arbitrary files via a symlink attack on a file or directory under (1) /var/lock or (2) /var/run.
CVE-2008-4191 1Emacspeak Inc 1Emacspeak Apr 23, 2026 Sep 24, 2008 N/A· v4 N/A· v3 6.6 MEDIUM· v2 extract-table.pl in Emacspeak 26 and 28 allows local users to overwrite arbitrary files via a symlink attack on the extract-table.csv temporary file.
CVE-2008-4190 2Openswan Xelerance 2Openswan Openswan Apr 23, 2026 Sep 24, 2008 N/A· v4 N/A· v3 4.4 MEDIUM· v2 The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.ol...Show more The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files. NOTE: in many distributions and the upstream version, this tool has been disabled.Show less
CVE-2008-4162 1Nooms 1Nooms Apr 23, 2026 Sep 22, 2008 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Open redirect vulnerability in admin/auth.php in NooMS 1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the g_site_url parameter.
CVE-2008-4108 1Python Software Foundation 1Python Apr 23, 2026 Sep 18, 2008 N/A· v4 N/A· v3 7.2 HIGH· v2 Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be c...Show more Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory.Show less
CVE-2008-4104 1Joomla 1Joomla Apr 23, 2026 Sep 18, 2008 N/A· v4 N/A· v3 5.8 MEDIUM· v2 Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL.
CVE-2008-4098 4Canonical DebianMysql+1 more 4Debian Linux MysqlMysql+1 more Apr 23, 2026 Sep 18, 2008 N/A· v4 N/A· v3 4.6 MEDIUM· v2 MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pa...Show more MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.Show less
CVE-2008-4085 1Stephenjungels 1Plait Apr 23, 2026 Sep 15, 2008 N/A· v4 N/A· v3 4.4 MEDIUM· v2 plaiter in Plait before 1.6 allows local users to overwrite arbitrary files via a symlink attack on (1) cut.$$, (2) head.$$, (3) awk.$$, and (4) ps.$$ temporary files in /tmp/.
CVE-2008-3946 1Hp 1Openvms Apr 23, 2026 Sep 5, 2008 N/A· v4 N/A· v3 4.9 MEDIUM· v2 The finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to read arbitrary files via a link corresponding to a (1) .plan or (2) .project file.
CVE-2008-3931 1R Foundation 1R Apr 23, 2026 Sep 4, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 javareconf in R 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2008-3930 1Debian 1Citadel Server Apr 23, 2026 Sep 4, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 migrate_aliases.sh in Citadel Server 7.37 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
CVE-2008-3929 1Ampache 1Ampache Apr 23, 2026 Sep 4, 2008 N/A· v4 N/A· v3 7.2 HIGH· v2 gather-messages.sh in Ampache 3.4.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filelist temporary file.
CVE-2008-3928 1Debian 1Honeyd Common Apr 23, 2026 Sep 4, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 test.sh in Honeyd 1.5c might allow local users to overwrite arbitrary files via a symlink attack on a temporary file.
CVE-2008-3927 1Tiger 1Tiger Apr 23, 2026 Sep 4, 2008 N/A· v4 N/A· v3 7.2 HIGH· v2 genmsgidx in Tiger 3.2.2 allows local users to overwrite or delete arbitrary files via a symlink attack on temporary files.
CVE-2008-3791 1Lxde 1Lightweight X11 Desktop Environment Apr 23, 2026 Sep 3, 2008 N/A· v4 N/A· v3 4.6 MEDIUM· v2 src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop Environment (LXDE) allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rot.jpg temporary file.
CVE-2008-3883 1Caudium 1Caudium Apr 23, 2026 Sep 2, 2008 N/A· v4 N/A· v3 7.2 HIGH· v2 configvar in Caudium 1.4.12 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/roken#####.pike temporary file.
CVE-2008-3699 1Amarok 1Amarok Apr 23, 2026 Aug 14, 2008 N/A· v4 N/A· v3 3.3 LOW· v2 The MagnatuneBrowser::listDownloadComplete function in magnatunebrowser/magnatunebrowser.cpp in Amarok before 1.4.10 allows local users to overwrite arbitrary files via a symlink attack on the album_info.xml temporary fi...Show more The MagnatuneBrowser::listDownloadComplete function in magnatunebrowser/magnatunebrowser.cpp in Amarok before 1.4.10 allows local users to overwrite arbitrary files via a symlink attack on the album_info.xml temporary file.Show less
CVE-2008-3456 1Phpmyadmin 1Phpmyadmin Apr 23, 2026 Aug 4, 2008 N/A· v4 N/A· v3 6.4 MEDIUM· v2 phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-s...Show more phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack.Show less
CVE-2008-3329 1Twibright 1Links Apr 23, 2026 Jul 27, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 Unspecified vulnerability in Links before 2.1, when "only proxies" is enabled, has unknown impact and attack vectors related to providing "URLs to external programs."

Previous 1...697071...75 Next