eXtreme-fusion 4.02 - 'Fusion_Forum_View.php' Local File Inclusion

source: https://www.securityfocus.com/bid/21621/info eXtreme-fusion is prone to a local file-include vulnerability because the application fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts. By combining thi...

Ubuntu 5.04 / 5.10 : tiff vulnerabilities (USN-277-1)

Tavis Ormandy and Andrey Kiselev discovered that libtiff did not sufficiently verify the validity of TIFF files. By tricking an user into opening a specially crafted TIFF file with any application that uses libtiff, an attacker could exploit this to crash the application or even execute arbitrary...

CVE-2006-2330

PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, a...

Update Protection against Oracle Reports Arbitrary File Reading Vulnerability

Oracle Reports is an enterprise reporting tool that extracts data from multiple sources and inserts it into a formatted report. Oracle Reports fails to validate URI parameters, possibly allowing a remote attacker to read arbitrary files on the Reports Server...

CVE-2005-2097

xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service disk consumption and hang via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information...

CVE-2005-0200

TikiWiki before 1.8.5 does not properly validate files that have been uploaded to the temp directory, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2004-1386...

Sun JavaMail 1.3.2 - MimeBodyPart.getFileName Directory Traversal

Sun JavaMail 1.3.2 - MimeBodyPart.getFileName Directory Traversal source: https://www.securityfocus.com/bid/13141/info Sun JavaMail is prone to a directory traversal vulnerability. This arises because the API fails to properly validate filenames in email attachments received by the applet. This...

PHP-Nuke 5.x6.x7.x - Direct Script Access Security Bypass

PHP-Nuke 5.x6.x7.x - Direct Script Access Security Bypass source: https://www.securityfocus.com/bid/10447/info PHP-Nuke is affected by a direct script access security vulnerability. This issue is due to a failure to properly validate the location and name of the file being accessed. This issue wi...

Sun KCMS library service daemon does not adequately validate location of KCMS profiles

Overview The Sun KCMS library service daemon, kcmsserver, does not adequately validate the location of KCMS profile files. This could allow a remote attacker to read arbitrary files on a vulnerable system. Description Sun Solaris contains support for the Kodak Color Management System KCMS, an...

VBZoom 1.0 - Arbitrary File Upload

VBZoom 1.0 - Arbitrary File Upload source: https://www.securityfocus.com/bid/5926/info It has been reported that VBZoom 1.01 may allow attackers to upload arbitrary files to a vulnerable system. The vulnerability is the result of VBZoom failing to properly validate the types of files that are...