Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-03-02 | CVE-2010-0789 | Link Following vulnerability in Fuse fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local users to unmount an arbitrary FUSE filesystem share via a symlink attack on a mountpoint. | 3.3 |
2010-03-02 | CVE-2010-0788 | Link Following vulnerability in Ncpfs 2.2.6 ncpfs 2.2.6 allows local users to cause a denial of service, obtain sensitive information, or possibly gain privileges via symlink attacks involving the (1) ncpmount and (2) ncpumount programs. | 4.4 |
2010-02-25 | CVE-2010-0118 | Link Following vulnerability in Becauseinter Bournal Bournal before 1.4.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files associated with a --hack_the_gibson update check. | 3.3 |
2009-12-29 | CVE-2009-4454 | Link Following vulnerability in Saini Videocache 1.9.2 vccleaner in VideoCache 1.9.2 allows local users with Squid proxy user privileges to overwrite arbitrary files via a symlink attack on /var/log/videocache/vccleaner.log. | 3.3 |
2009-12-04 | CVE-2009-3304 | Link Following vulnerability in Gforge 4.5.14/4.7/4.8.2 GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to overwrite arbitrary files via a symlink attack on authorized_keys files in users' home directories, related to deb-specific/ssh_dump_update.pl and cronjobs/cvs-cron/ssh_create.php. | 3.3 |
2009-12-03 | CVE-2009-4193 | Link Following vulnerability in Merkaartor 0.14 Merkaartor 0.14 allows local users to append data to arbitrary files via a symlink attack on the /tmp/merkaartor.log temporary file. | 3.3 |
2009-11-30 | CVE-2008-7247 | Link Following vulnerability in multiple products sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink. | 6.0 |
2009-10-23 | CVE-2009-1297 | Link Following vulnerability in multiple products iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name. | 4.4 |
2009-09-21 | CVE-2009-2939 | Link Following vulnerability in Postfix 2.5.5 The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files. | 6.9 |
2009-07-31 | CVE-2009-1867 | Link Following vulnerability in Adobe Air, Flash Player and Flex Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "clickjacking vulnerability." | 4.3 |