Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-09-04 | CVE-2007-4652 | Link Following vulnerability in PHP The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink. | 4.4 |
2007-08-31 | CVE-2007-4631 | Link Following vulnerability in Qgit 1.5.62Pre1 The DataLoader::doStart function in dataloader.cpp in QGit 1.5.6 and other versions up to 2pre1 allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on temporary files with predictable filenames. | 6.9 |
2007-08-08 | CVE-2007-4224 | Link Following vulnerability in KDE Konqueror 3.5.7 KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property. | 4.3 |
2007-07-15 | CVE-2007-3103 | Link Following vulnerability in multiple products The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file. | 6.2 |
2007-06-01 | CVE-2007-2978 | Link Following vulnerability in Eggblog Session fixation vulnerability in eggblog 3.1.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | 6.8 |
2007-02-21 | CVE-2007-1027 | Link Following vulnerability in IBM DB2 9.0 Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file. | 4.4 |
2006-11-10 | CVE-2006-5851 | Link Following vulnerability in Openbase International LTD Openbase openexec in OpenBase SQL before 10.0.1 allows local users to create arbitrary files via a symlink attack on the /tmp/output file, a different vulnerability than CVE-2006-5328. | 2.1 |
2006-04-19 | CVE-2006-1247 | Link Following vulnerability in IBM AIX rm_mlcache_file in bos.rte.install in AIX 5.1.0 through 5.3.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | 3.3 |
2005-12-31 | CVE-2005-3126 | Link Following vulnerability in Antiword 0.32/0.35 The (1) kantiword (kantiword.sh) and (2) gantiword (gantiword.sh) scripts in antiword 0.35 and earlier allow local users to overwrite arbitrary files via a symlink attack on temporary (a) output and (b) error files. | 1.9 |
2005-12-31 | CVE-2005-2714 | Link Following vulnerability in Apple mac OS X and mac OS X Server passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to overwrite arbitrary files via a symlink attack on the .pwtmp.[PID] temporary file. | 6.8 |