Lucene search
K

2205 matches found

CERT
CERT
added 2001/11/28 12:0 a.m.59 views

WU-FTPD does not properly handle file name globbing

Overview SecurityFocus and CORE Security Technologies have reported a vulnerability in WU-FTPD. WU-FTPD does not handle file name globbing properly and may allow an attacker to execute arbitrary code. WU-FTPD is a widely-used FTP daemon that is included in many UNIX and Linux distributions. This...

7.5CVSS9.9AI score0.74762EPSS
Exploits3References7
NVD
NVD
added 2001/11/26 5:0 a.m.20 views

CVE-2001-0875

Internet Explorer 5.5 and 6.0 allows remote attackers to cause the File Download dialogue box to misrepresent the name of the file in the dialogue in a way that could fool users into thinking that the file type is safe to download...

7.5CVSS6.5AI score0.2806EPSS
Exploits1References5
NVD
NVD
added 2001/06/27 4:0 a.m.15 views

CVE-2001-0449

Buffer overflow in WinZip 8.0 allows attackers to execute arbitrary commands via a long file name that is processed by the /zipandemail command line option...

4.6CVSS7.7AI score0.00419EPSS
Exploits0References2
securityvulns
securityvulns
added 2001/03/22 12:0 a.m.36 views

Дырка в fcheck (input validation)

При вызове внешней программы с именем файла не проверяется наличией shell-символов в имени файла...

1AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2001/03/03 12:0 a.m.96 views

Дырка в WinZip (zipandemail)

Переполнение буфера при длинном имени файла при исопльзовании опции /zipandemail...

0.6AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2000/11/29 12:0 a.m.31 views

Дырка в 24Link Webserver (avoid password protection )

Добавление спец символов к имени файла позволяет обойти защиту файла паролем...

1.5AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2000/11/24 12:0 a.m.83 views

[Update] NSFOCUS SA2000-07: Microsoft IIS 4.0/5.0 CGI File Name Inspection Vulnerability

NSFOCUS Security AdvisorySA2000-07 Topic: Microsoft IIS 4.0/5.0 CGI File Name Inspection Vulnerability Release DateЈє Nov 7th, 2000 Update DateЈє Nov 23rd, 2000 CVE Candidate Numbers: CAN-2000-0886 BUGTRAQ ID : 1912 Affected system: ================ - Microsoft IIS 4.0 - Microsoft IIS 5.0 Impact:...

7.5CVSS0.2AI score0.68742EPSS
Exploits0
NVD
NVD
added 2000/10/20 4:0 a.m.19 views

CVE-2000-0750

Buffer overflow in mopd Maintenance Operations Protocol loader daemon allows remote attackers to execute arbitrary commands via a long file name...

7.5CVSS7.8AI score0.02331EPSS
Exploits0References6
CVE
CVE
added 2000/10/13 4:0 a.m.63 views

CVE-2000-0481

CVE-2000-0481 describes a buffer overflow in KDE Kmail triggered by an attachment with a long file name, allowing a remote attacker to cause a denial of service. The NVD entry lists a Network-attack vector, low complexity, no authentication, with Availability impact described as Partial. The CVSS...

5CVSS7.2AI score0.01876EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2000/10/13 4:0 a.m.19 views

CVE-2000-0587

The privpath directive in glftpd 1.18 allows remote attackers to bypass access restrictions for directories by using the file name completion capability...

6.7AI score0.04162EPSS
Exploits0References3
CVE
CVE
added 2000/10/13 4:0 a.m.53 views

CVE-2000-0587

The CVE-2000-0587 entry concerns glftpd 1.18, where the privpath directive permits remote attackers to bypass directory access restrictions by abusing filename completion. This constitutes a vulnerability in the directory traversal/access-control mechanism, allowing authorized-appearing access to...

10CVSS7.1AI score0.04162EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2000/10/13 4:0 a.m.24 views

CVE-2000-0481

Buffer overflow in KDE Kmail allows a remote attacker to cause a denial of service via an attachment with a long file name...

6.8AI score0.01876EPSS
Exploits0References3
securityvulns
securityvulns
added 2000/08/08 12:0 a.m.20 views

Переполнение буфера в mopd

Переполнение буфера при длинном имени файла, несколько ошибок форматной строки...

0.5AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2000/07/27 12:0 a.m.32 views

Дырка в AnalogX Simple Server

Запрос к длинному имени файла в каталоге cgi-bin приводит к краху сервера...

0.8AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2000/07/14 12:0 a.m.35 views

Еще одна дырка в BigBrother

В отдельных случаев на проверяется наличие shell-символов в имени файла, что позволяет выполнить приложение...

0.6AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2000/07/11 12:0 a.m.24 views

Дырка в tnef

При извлечении данных из MS-TNEF-файлов не проверяется наличие служебных символов в имени файла, что позволяет переписать любой файл, принадлежащий пользователю...

0.6AI score
Exploits0References1
Packet Storm
Packet Storm
added 2000/06/21 12:0 a.m.35 views

fbi-aim-dos.txt

FROM THE OFFICES OF: | | | \ | | | | | | | | | |/ / | | | | | | | | / \ / | / | '| | || ' | / \ | | |/ |/ \ ' \ / / \ | || | | |/ / | | | | || | | | || / | | | | | / | | | | / | / // ,|| /| ||\||||, ||| ||\| / | |/ AOL Instant Messenger DoS Denial of Service exploit. Website:...

7.4AI score
Exploits0
CVE
CVE
added 2000/06/15 4:0 a.m.53 views

CVE-2000-0415

Outlook Express 4.x is affected by a buffer overflow triggered by mail/news messages with a .jpg or .bmp attachment having a long filename. The vulnerability is reported to allow denial of service. The connected documents corroborate the issue as described for Outlook Express 4.x; no specific exp...

5CVSS7.1AI score0.06057EPSS
Exploits0References2Affected Software2
NVD
NVD
added 2000/05/12 4:0 a.m.18 views

CVE-2000-0415

Buffer overflow in Outlook Express 4.x allows attackers to cause a denial of service via a mail or news message that has a .jpg or .bmp attachment with a long file name...

5CVSS6.8AI score0.06057EPSS
Exploits0References2
Cvelist
Cvelist
added 2000/04/25 4:0 a.m.37 views

CVE-1999-0997

wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress...

6.6AI score0.06224EPSS
Exploits0References1
Rows per page
Query Builder