DEBIAN-CVE-2012-0808

as31 2.3.1-4 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack...

CVE-2012-0808

as31 2.3.1-4 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack...

Code injection

as31 2.3.1-4 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack...

CVE-2012-0808

as31 2.3.1-4 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack...

CVE-2012-0808

as31 2.3.1-4 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack...

Internet Explorer vulnerable to cross-site scripting

Overview Internet Explorer contains a cross-site scripting vulnerability. Internet Explorer contains a cross-site scripting vulnerability due to the processing of malformed file names. Keigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer und...

JVN#26408023: Internet Explorer vulnerable to cross-site scripting

Internet Explorer contains a cross-site scripting vulnerability due to the processing of malformed file names. Impact An arbitrary script may be executed on the user's web browser when the setting for "Use folder view for FTP sites" is turned off. Note that this setting is turned on by default...

logwatch: Privilege escalation due improper sanitization of special characters in log file names

logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in a log file name, as demonstrated via a crafted username to a Samba server...

Debian Security Advisory DSA 2147-1 (pimd)

The remote host is missing an update to pimd announced via advisory DSA 2147-1. OpenVAS Vulnerability Test $Id: deb21471.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2147-1 pimd Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...

OllyDbg 2.01 Alpha 2 Tool New Version Download !

"OllyDbg is a 32-bit assembler level analysing debugger for Microsoft® Windows®. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable." Version 2.01 alpha 2 is an intermediate functional release with many new useful features. The most important novelt...

CVE-2010-3764

Affected software/versions: Bugzilla 2.12–3.2.8, 3.4.8, 3.6.2, 3.7.3, 4.1.** Root cause / vulnerability:** Old Charts implementation creates graph files in graphs/ with predictable names, enabling remote attackers to retrieve sensitive information via a modified URL.** Impact:** Unauthorized disc...

FTPGetter FTP Client Directory Traversal Vulnerability

This host is installed with FTPGetter FTP Client and is prone to directory traversal vulnerability. OpenVAS Vulnerability Test $Id: secpodftpgetterftpclientdirtraversalvuln.nasl 5394 2017-02-22 09:22:42Z teissa $ FTPGetter FTP Client Directory Traversal Vulnerability Authors: Antu Sanadi Copyrigh...

[SECURITY] [DSA 2088-1] New wget packages fix potential code execution

------------------------------------------------------------------------ Debian Security Advisory DSA-2088-1 [email protected] http://www.debian.org/security/ Florian Weimer August 05, 2010 http://www.debian.org/security/faq -...

DEBIAN-CVE-2010-2539

Buffer overflow in the msTmpFile function in maputil.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 allows local users to cause a denial of service via vectors involving names of temporary files...

Stack overflow

Stack-based buffer overflow in 2BrightSparks SyncBack Freeware 3.2.20.0, and possibly other versions before 3.2.21, allows user-assisted remote attackers to execute arbitrary code via a long filename in a 1 .sps or 2 zip profile...

Trojan Disguised as Facebook Toolbar Email

A fake Facebook toolbar email hides a piece of Trojan Horse malware. Researchers warn to look at the file names for suspicious activity. Read the full article. Help Net Security...

WinMount buffer overflow

Buffer overflow on oversized file names inside archive...

Debian DSA-1979-1 : lintian - multiple vulnerabilities

Multiple vulnerabilities have been discovered in lintian, a Debian package checker. The following Common Vulnerabilities and Exposures project ids have been assigned to identify them : - CVE-2009-4013: missing control files sanitation Control field names and values were not sanitised before using...

Debian DSA-1967-1 : transmission - directory traversal

Dan Rosenberg discovered that Transmission, a lightwight client for the Bittorrent filesharing protocol, performs insufficient sanitising of file names specified in .torrent files. This could lead to the overwrite of local files with the privileges of the user running Transmission if the user is...

[Backports-security-announce] Security update for transmission

Leo Costela and Josselin Mouette uploaded new packages for transmission which fixed the following security problem: CVE-2010-0012 DSA-1967-1 Dan Rosenberg discovered that Transmission, a lightweight client for the Bittorrent filesharing protocol performs insufficient sanitizing of file names...