Lucene search
K

407 matches found

CVE
CVE
added 2005/07/28 4:0 a.m.55 views

CVE-2005-2405

Opera 8.01 is affected when Arial Unicode MS (ARIALUNI.TTF) is installed: extended ASCII in the file-download dialog can be spoofed, potentially leading users to execute arbitrary code. The issue is documented in CVE-2005-2405; OpenVAS notes vulnerability in Opera

5CVSS6.9AI score0.02779EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2005/06/21 4:0 a.m.21 views

CVE-2002-1745

Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files...

7.5AI score0.17663EPSS
Exploits0References3
CVE
CVE
added 2005/06/14 4:0 a.m.52 views

CVE-2005-1723

CVE-2005-1723 affects Apple Mac OS X 10.4.x up to 10.4.1, specifically the LaunchServices component. The flaw is that file extensions and MIME types are not marked as unsafe when an Apple Uniform Type Identifier (UTI) is not created for a type added to the unsafe types database, which could allow...

7.5CVSS6.2AI score0.01091EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2005/06/08 4:0 a.m.17 views

CVE-2005-1723

LaunchServices in Apple Mac OS X 10.4.x up to 10.4.1 does not properly mark file extensions and MIME types as unsafe if an Apple Uniform Type Identifier UTI is not created when the type is added to the database of unsafe types, which could allow attackers to bypass intended restrictions...

7.5CVSS6.2AI score0.01091EPSS
Exploits0References2
Cvelist
Cvelist
added 2005/05/25 4:0 a.m.29 views

CVE-2005-1678

Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 does not properly display file extensions on attached or embedded files in a compound document, which may allow remote attackers to trick users into executing malicious code...

6.6AI score0.01639EPSS
Exploits0References3
NVD
NVD
added 2005/05/20 4:0 a.m.22 views

CVE-2005-1678

Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 does not properly display file extensions on attached or embedded files in a compound document, which may allow remote attackers to trick users into executing malicious code...

2.6CVSS6.6AI score0.01639EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2005/05/02 4:0 a.m.27 views

CVE-2005-0586

Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content...

2.6CVSS5.9AI score0.00985EPSS
Exploits0References2
NVD
NVD
added 2005/05/02 4:0 a.m.17 views

CVE-2005-0743

The custom avatar uploading feature uploader.php for XOOPS 2.0.9.2 and earlier allows remote attackers to upload arbitrary PHP scripts, whose file extensions are not filtered...

7.5CVSS7AI score0.01549EPSS
Exploits0References5
CVE
CVE
added 2005/02/28 5:0 a.m.85 views

CVE-2005-0586

CVE-2005-0586 affects Firefox < 1.0.1 and Mozilla

2.6CVSS6.2AI score0.00985EPSS
Exploits0References8Affected Software2
Tenable Nessus
Tenable Nessus
added 2005/02/16 12:0 a.m.27 views

GLSA-200502-21 : lighttpd: Script source disclosure

The remote host is affected by the vulnerability described in GLSA-200502-21 lighttpd: Script source disclosure lighttpd uses file extensions to determine which elements are programs that should be executed and which are static pages that should be sent as-is. By appending %00 to the filename, yo...

5CVSS5.6AI score0.01716EPSS
Exploits0References3
NVD
NVD
added 2004/12/31 5:0 a.m.16 views

CVE-2004-1405

MediaWiki 1.3.8 and earlier, when used with Apache modmime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code...

7.5CVSS7.4AI score0.05154EPSS
Exploits1References4
securityvulns
securityvulns
added 2004/12/27 12:0 a.m.39 views

[SA13657] e107 Image Manager File Upload Vulnerability

TITLE: e107 Image Manager File Upload Vulnerability SECUNIA ADVISORY ID: SA13657 VERIFY ADVISORY: http://secunia.com/advisories/13657/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: e107 0.x http://secunia.com/product/1927/ DESCRIPTION: sysbug has reported a...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2004/12/21 12:0 a.m.48 views

Crystal FTP Pro buffer overflow

Buffer overflow on oversized file extension in directory listing...

4AI score
Exploits0References1Affected Software1
FreeBSD
FreeBSD
added 2004/08/02 12:0 a.m.7 views

popfile file disclosure

John Graham-Cumming reports that certain configurations of POPFile may allow the retrieval of any files with the extensions .gif, .png, .ico, .css, as well as some files with the extension .html...

1.8AI score
Exploits0References1
securityvulns
securityvulns
added 2002/04/16 12:0 a.m.32 views

Possible vulnerabilities of ICQ files opened in IE or OE

Hello everybody, Sorry for my lingo, but I had to learn it in a huge pain. However, if you don't like or cannot understand it, try to learn polish instead gotcha =o Maybe it's an old topic, but maybe not. While playing with ICQ i have found that the program registers for its own use files with .u...

7.2AI score
Exploits0
Exploit DB
Exploit DB
added 2001/11/26 12:0 a.m.21 views

Microsoft Internet Explorer 5.5/6.0 - Spoofable File Extensions

source: https://www.securityfocus.com/bid/3597/info It is possible for a malicious webmaster, hosting files on an website, to spoof file extensions for users of Internet Explorer. For example, an .exe file can be made to look like a .txt or other seemingly harmless file type file in the Download...

7AI score
Exploits0
exploitpack
exploitpack
added 2001/11/26 12:0 a.m.12 views

Microsoft Internet Explorer 5.56.0 - Spoofable File Extensions

Microsoft Internet Explorer 5.56.0 - Spoofable File Extensions source: https://www.securityfocus.com/bid/3597/info It is possible for a malicious webmaster, hosting files on an website, to spoof file extensions for users of Internet Explorer. For example, an .exe file can be made to look like a...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2001/04/17 12:0 a.m.22 views

clsidext.txt

[email protected] Georgi Guninski security advisory 42, 2001 Double clicking on innocent looking files may be dangerous Systems affected: Windows Explorer, Internet Explorer - Windows 98, 2000 - when browsing directories or shares Risk: High Date: 16 April 2001 Legal Notice: This Advisory is...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2000/07/13 12:0 a.m.29 views

bb-14h2.txt

versions affected: bb14h2 current and older exploit: bbd listens for incoming connections on port 1984. Using telnet or the bb client, it is possible to connect and create a filename with an arbitrary extension, as the extension is not rigorously checked. As this file is droped into a directory...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2000/06/02 4:0 a.m.34 views

CVE-1999-0874

Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions...

6.9AI score0.78099EPSS
Exploits5References5
Rows per page
Query Builder