CVE-2005-0269

The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that include uppercase letters...

[SCAN Associates Security Advisory] xoops 2.0.9.2 and below weak file extension validation

Summary: xoops 2.0.9.2 and below weak file extension validation Description =========== XOOPS is an extensible, OO Object Oriented, easy to use dynamic web content management system written in PHP. XOOPS is the ideal tool for developing small to large dynamic community websites, intra company...

security flaw

Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content...

CVE-2005-0586

Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content...

CVE-2004-1404

The CVE-2004-1404 entry concerns the Attachment Mod 2.3.10 module for phpBB when used with Apache mod_mime. The vulnerability arises from improper handling of files with double extensions (e.g., .php.rar), which can enable remote attackers to upload and execute arbitrary code on the server. The p...

CVE-2004-1405

MediaWiki 1.3.8 and earlier, when used with Apache modmime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code...

CVE-2005-0269

The CVE-2005-0269 vulnerability affects GNUBoard versions 3.40 and earlier, where a file extension check only validates lowercase-letter extensions. This allows remote attackers to upload arbitrary files by using file extensions that contain uppercase letters. The root cause is a case-sensitive c...

CVE-2005-0269

The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that include uppercase letters...

ArGoSoft FTP Server < 1.4.2.8 Shortcut File Extension Filter Bypass

Binary data 2604.prm...

CVE-2005-0190

CVE-2005-0190 describes a directory-traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and earlier. A Real Metadata Packages (RMP) file with a FILENAME tag containing ".." sequences and ending with a question mark, combined with an allowed extension (e.g., .mp3), bypasses the file-extension...

STG Security Advisory: [SSA-20041224-21] File extensions restriction bypass vulnerability in GNUBoard

STG Security Advisory: SSA-20041224-21 File extensions restriction bypass vulnerability in GNUBoard. Revision 1.0 Date Published: 2004-12-24 KST Last Update: 2005-01-03 Disclosed by SSR Team [email protected] Summary ======== GNUBoard is one of widely used web BBS applications in Korea...

CVE-2004-1404

Attachment Mod 2.3.10 module for phpBB, when used with Apache modmime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code...

CVE-2004-1405

MediaWiki 1.3.8 and earlier, when used with Apache modmime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code...

CVE-2004-1545

UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache modmime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code...

Microsoft Internet Explorer execCommand() method SaveAs command uses misleading "Save HTML Document" dialog

Overview Microsoft Internet Explorer contains a vulnerability in the way that it presents a Save As dialog. By invoking the SaveAs command with execCommand, an attacker could display a dialog that could trick a user into saving arbitrary content. Description Microsoft Internet Explorer IE support...

Gadu-Gadu 6.0 - File Download Filename Obfuscation

Gadu-Gadu 6.0 - File Download Filename Obfuscation source: https://www.securityfocus.com/bid/11017/info Gadu-Gadu is a Polish instant messaging application for Microsoft Windows operating systems. It is reported that the Gadu-Gadu instant messenger application contains a weakness allowing attacke...

CVE-2004-0632

Adobe Reader 6.0 does not properly handle null characters when splitting a filename path into components, which allows remote attackers to execute arbitrary code via a file with a long extension that is not normally handled by Reader, triggering a buffer overflow...

[Full-Disclosure] iDEFENSE Security Advisory 07.12.04: Adobe Reader 6.0 Filename Handler Buffer Overflow Vulnerability

Adobe Reader 6.0 Filename Handler Buffer Overflow Vulnerability iDEFENSE Security Advisory 07.12.04 www.idefense.com/application/poi/display?id=116&type=vulnerabilities July 12, 2004 I. BACKGROUND Adobe Reader is a program used to display Portable Document Format PDF documents. II. DESCRIPTION...

Sun ONE Application Server 7.0 - Source Disclosure

source: https://www.securityfocus.com/bid/7709/info Sun ONE Application Server is prone to a source code disclosure vulnerability. This issue is due to handling of case in requests for resources. By changing the case of a file extension, the server may fail to interpret the script and instead ser...

WinRAR 2.90/3.0/3.10 - Archive File Extension Buffer Overrun

source: https://www.securityfocus.com/bid/6664/info A vulnerability has been discovered in WinRAR. The problem occurs when the affected application opens an archive containing a file with an overly long file extension. It has been reported that it is possible for an attacker to exploit this issue...