Common Weakness Enumeration

CWE-59

Allowed

Improper Link Resolution Before File Access ('Link Following')

Abstraction: Base · Status: Draft

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1991 vulnerabilities reference this CWE, most recent first.

GHSA-JX7X-RF3F-J644

Vulnerability from github – Published: 2023-10-25 18:32 – Updated: 2023-11-02 16:49
VLAI
Summary
Jenkins CloudBees CD Plugin vulnerable to arbitrary file deletion
Details

In Jenkins CloudBees CD Plugin, artifacts that were previously copied from an agent to the controller are deleted after publishing by the 'CloudBees CD - Publish Artifact' post-build step.

CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during this cleanup process.

This allows attackers able to configure jobs to delete arbitrary files on the Jenkins controller file system.

CloudBees CD Plugin 1.1.33 deletes symbolic links without following them.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:electricflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.33"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-46654"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-59"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-10-30T14:57:14Z",
    "nvd_published_at": "2023-10-25T18:17:40Z",
    "severity": "HIGH"
  },
  "details": "In Jenkins CloudBees CD Plugin, artifacts that were previously copied from an agent to the controller are deleted after publishing by the \u0027CloudBees CD - Publish Artifact\u0027 post-build step.\n\nCloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during this cleanup process.\n\nThis allows attackers able to configure jobs to delete arbitrary files on the Jenkins controller file system.\n\nCloudBees CD Plugin 1.1.33 deletes symbolic links without following them.",
  "id": "GHSA-jx7x-rf3f-j644",
  "modified": "2023-11-02T16:49:59Z",
  "published": "2023-10-25T18:32:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46654"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jenkinsci/electricflow-plugin/commit/e45ca8428ae45f45ca07611e802eaa0f1484ab50"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jenkinsci/electricflow-plugin"
    },
    {
      "type": "WEB",
      "url": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3237"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/10/25/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Jenkins CloudBees CD Plugin vulnerable to arbitrary file deletion"
}

GHSA-JX8M-XM6X-225Q

Vulnerability from github – Published: 2022-04-29 01:26 – Updated: 2024-01-26 18:30
VLAI
Details

cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2003-0578"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2003-08-18T04:00:00Z",
    "severity": "MODERATE"
  },
  "details": "cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files.",
  "id": "GHSA-jx8m-xm6x-225q",
  "modified": "2024-01-26T18:30:30Z",
  "published": "2022-04-29T01:26:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0578"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0025.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=105839150004682\u0026w=2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JXHX-2GQW-C77X

Vulnerability from github – Published: 2022-05-24 17:02 – Updated: 2022-05-24 17:02
VLAI
Details

The chkstat tool in the permissions package followed symlinks before commit a9e1d26cd49ef9ee0c2060c859321128a6dd4230 (please also check the additional hardenings after this fix). This allowed local attackers with control over a path that is traversed by chkstat to escalate privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-3690"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-12-05T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "The chkstat tool in the permissions package followed symlinks before commit a9e1d26cd49ef9ee0c2060c859321128a6dd4230 (please also check the additional hardenings after this fix). This allowed local attackers with control over a path that is traversed by chkstat to escalate privileges.",
  "id": "GHSA-jxhx-2gqw-c77x",
  "modified": "2022-05-24T17:02:46Z",
  "published": "2022-05-24T17:02:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3690"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1150734"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00024.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-JXPQ-C7WX-P6H2

Vulnerability from github – Published: 2022-05-17 03:05 – Updated: 2022-05-17 03:05
VLAI
Details

The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2014-5029"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-07-29T14:55:00Z",
    "severity": "LOW"
  },
  "details": "The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537.",
  "id": "GHSA-jxpq-c7wx-p6h2",
  "modified": "2022-05-17T03:05:53Z",
  "published": "2022-05-17T03:05:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-5029"
    },
    {
      "type": "WEB",
      "url": "https://cups.org/str.php?L4455"
    },
    {
      "type": "WEB",
      "url": "http://advisories.mageia.org/MGASA-2014-0313.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1388.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60509"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60787"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2014/dsa-2990"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:108"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2014/07/22/13"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2014/07/22/2"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2341-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-JXRQ-8FM4-9P58

Vulnerability from github – Published: 2026-03-03 23:09 – Updated: 2026-03-03 23:09
VLAI
Summary
OpenClaw: Zip extraction symlink traversal could write outside destination
Details

Summary

A path confinement bypass in OpenClaw ZIP extraction allowed writes outside the intended destination when a pre-existing symlink was present under the extraction root.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Latest published npm version at triage time: 2026.2.21-2
  • Affected versions: <= 2026.2.21-2
  • Planned patched version for next release: 2026.2.22

Technical Details

The vulnerable path was in src/infra/archive.ts ZIP extraction logic. Output-path checks were lexical, but writes could still traverse an existing symlink in destination path segments.

The fix blocks this by: - rejecting symlink traversal in destination path segments, - validating resolved destination paths remain inside the extraction root, - using no-follow file opens for ZIP output writes where supported, - adding a regression test for pre-seeded destination symlink traversal.

Impact

  • Type: Arbitrary file write outside extraction root via symlink traversal during ZIP extraction.
  • Preconditions: attacker-controlled archive extraction plus pre-existing symlink in destination path.

Fix Commit(s)

  • 4b226b74f5fd3b106a83a6347fd404172e2fd246

Release Process Note

Patched version is pre-set to the planned next release (2026.2.22). Once npm release 2026.2.22 is published, the advisory can be published without further field edits.

OpenClaw thanks @tdjackey for reporting.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.2.22"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-03T23:09:31Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Summary\nA path confinement bypass in OpenClaw ZIP extraction allowed writes outside the intended destination when a pre-existing symlink was present under the extraction root.\n\n### Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version at triage time: `2026.2.21-2`\n- Affected versions: `\u003c= 2026.2.21-2`\n- Planned patched version for next release: `2026.2.22`\n\n### Technical Details\nThe vulnerable path was in `src/infra/archive.ts` ZIP extraction logic. Output-path checks were lexical, but writes could still traverse an existing symlink in destination path segments.\n\nThe fix blocks this by:\n- rejecting symlink traversal in destination path segments,\n- validating resolved destination paths remain inside the extraction root,\n- using no-follow file opens for ZIP output writes where supported,\n- adding a regression test for pre-seeded destination symlink traversal.\n\n### Impact\n- Type: Arbitrary file write outside extraction root via symlink traversal during ZIP extraction.\n- Preconditions: attacker-controlled archive extraction plus pre-existing symlink in destination path.\n\n### Fix Commit(s)\n- 4b226b74f5fd3b106a83a6347fd404172e2fd246\n\n### Release Process Note\nPatched version is pre-set to the planned next release (`2026.2.22`).\nOnce npm release `2026.2.22` is published, the advisory can be published without further field edits.\n\nOpenClaw thanks @tdjackey for reporting.",
  "id": "GHSA-jxrq-8fm4-9p58",
  "modified": "2026-03-03T23:09:31Z",
  "published": "2026-03-03T23:09:31Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jxrq-8fm4-9p58"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/4b226b74f5fd3b106a83a6347fd404172e2fd246"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw: Zip extraction symlink traversal could write outside destination"
}

GHSA-JXVM-52QC-QCP4

Vulnerability from github – Published: 2026-04-29 15:30 – Updated: 2026-06-06 09:31
VLAI
Details

Improper link resolution before file access ('link following') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack.

This issue affects Pardus About: before v1.2.1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-5161"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-29T15:16:08Z",
    "severity": "HIGH"
  },
  "details": "Improper link resolution before file access (\u0027link following\u0027) vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack.\n\nThis issue affects Pardus About: before v1.2.1.",
  "id": "GHSA-jxvm-52qc-qcp4",
  "modified": "2026-06-06T09:31:16Z",
  "published": "2026-04-29T15:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5161"
    },
    {
      "type": "WEB",
      "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0131"
    },
    {
      "type": "WEB",
      "url": "https://www.usom.gov.tr/bildirim/tr-26-0131"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JXW3-C37C-7RFX

Vulnerability from github – Published: 2023-04-21 21:30 – Updated: 2024-04-04 03:38
VLAI
Details

The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-47505"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-21T20:15:07Z",
    "severity": "HIGH"
  },
  "details": "The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges.",
  "id": "GHSA-jxw3-c37c-7rfx",
  "modified": "2024-04-04T03:38:18Z",
  "published": "2023-04-21T21:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47505"
    },
    {
      "type": "WEB",
      "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-2_release_notes.htm"
    },
    {
      "type": "WEB",
      "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2022-47505"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M27F-97WM-9GQR

Vulnerability from github – Published: 2026-05-05 15:31 – Updated: 2026-05-05 15:31
VLAI
Details

A security flaw has been discovered in IObit Advanced SystemCare 19. This affects an unknown part of the file ASC.exe of the component Service. The manipulation results in symlink following. Attacking locally is a requirement. This attack is characterized by high complexity. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be used for attacks.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-7832"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-05T13:16:31Z",
    "severity": "MODERATE"
  },
  "details": "A security flaw has been discovered in IObit Advanced SystemCare 19. This affects an unknown part of the file ASC.exe of the component Service. The manipulation results in symlink following. Attacking locally is a requirement. This attack is characterized by high complexity. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be used for attacks.",
  "id": "GHSA-m27f-97wm-9gqr",
  "modified": "2026-05-05T15:31:36Z",
  "published": "2026-05-05T15:31:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7832"
    },
    {
      "type": "WEB",
      "url": "https://github.com/usernameone101/Writeups/blob/main/IObit%20Zero%20Day%20(Updated%20v2).pdf"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/submit/797630"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/361111"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/361111/cti"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-M2G8-2VHM-M4CX

Vulnerability from github – Published: 2025-03-20 12:32 – Updated: 2025-03-20 12:32
VLAI
Details

A vulnerability in binary-husky/gpt_academic version git 310122f allows for remote code execution. The application supports the extraction of user-provided RAR files without proper validation. The Python rarfile module, which supports symlinks, can be exploited to perform arbitrary file writes. This can lead to remote code execution by writing to sensitive files such as SSH keys, crontab files, or the application's own code.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-12390"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-475",
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-20T10:15:28Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in binary-husky/gpt_academic version git 310122f allows for remote code execution. The application supports the extraction of user-provided RAR files without proper validation. The Python rarfile module, which supports symlinks, can be exploited to perform arbitrary file writes. This can lead to remote code execution by writing to sensitive files such as SSH keys, crontab files, or the application\u0027s own code.",
  "id": "GHSA-m2g8-2vhm-m4cx",
  "modified": "2025-03-20T12:32:43Z",
  "published": "2025-03-20T12:32:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12390"
    },
    {
      "type": "WEB",
      "url": "https://huntr.com/bounties/1add2b26-460d-4aa5-8fda-ab045d153177"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M3PV-JRFQ-7XP6

Vulnerability from github – Published: 2024-11-23 03:31 – Updated: 2024-11-23 03:31
VLAI
Details

Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the PSANHost executable. By creating a junction, an attacker can abuse the service to create arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23413.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-7243"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-22T22:15:17Z",
    "severity": "HIGH"
  },
  "details": "Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the PSANHost executable. By creating a junction, an attacker can abuse the service to create arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23413.",
  "id": "GHSA-m3pv-jrfq-7xp6",
  "modified": "2024-11-23T03:31:58Z",
  "published": "2024-11-23T03:31:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7243"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1013"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-48.1
Architecture and Design

Strategy: Separation of Privilege

  • Follow the principle of least privilege when assigning access rights to entities in a software system.
  • Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-132: Symlink Attack

An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name.

CAPEC-17: Using Malicious Files

An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.

CAPEC-35: Leverage Executable Code in Non-Executable Files

An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.

CAPEC-76: Manipulating Web Input to File System Calls

An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.