CVE-2005-0967

Gaim 1.2.0 is affected by CVE-2005-0967. The issue occurs when handling a malformed file transfer request to a Jabber user, which leads to an out-of-bounds read and causes the application to crash (denial of service). The vulnerability focuses on Jabber message/file transfer parsing; no exploit d...

Gaim: Denial of Service issues

Background Gaim is a full featured instant messaging client which handles a variety of instant messaging protocols. Description Multiple vulnerabilities have been addressed in the latest release of Gaim: A buffer overread in the gaimmarkupstriphtml function, which is used when logging conversatio...

gaim -- jabber remote crash

The GAIM team reports: A remote jabber user can cause Gaim to crash by sending a specific file transfer request...

CVE-2005-0573

Gaim 1.1.3 on Windows systems allows remote attackers to cause a denial of service client crash via a file transfer in which the filename contains "" or "" parenthesis characters...

CVE-2005-0573

CVE-2005-0573 (Gaim 1.1.3 on Windows) is a remote-denial-of-service issue where a file transfer containing a filename with parentheses ("(" or ")") crashes the client. The vulnerability is documented in CVE/NVD with a base score of 5.0 (Medium) and a network attack vector with low complexity; no ...

DEBIAN-CVE-2005-0467

Multiple integer overflows in the 1 sftppktgetstring and 2 fxpreaddirrecv functions in the PSFTP and PSCP clients for PuTTY 0.56, and possibly earlier versions, allow remote malicious web sites to execute arbitrary code via SFTP responses that corrupt the heap after insufficient memory has been...

[VulnWatch] Secunia Research: Yahoo! Messenger File Transfer Filename Spoofing

====================================================================== Secunia Research 18/02/2005 - Yahoo! Messenger File Transfer Filename Spoofing - ====================================================================== Table of Contents Affected...

[ GLSA 200502-27 ] gFTP: Directory traversal vulnerability

Gentoo Linux Security Advisory GLSA 200502-27 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

security flaw

Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline "%0a" before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command...

CVE-2004-1233

Integer overflow in Gadu-Gadu allows remote attackers to cause a denial of service disk consumption via a user packet to the DCC file transfer capability with an invalid file length...

libxml2 various overflows

Multiple buffer overflows in libXML 2.6.12 and 2.6.13 libxml2, and possibly other versions, may allow remote attackers to execute arbitrary code via 1 a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, 2 a long proxy URL containing FTP data that is not properly handled...

CVE-2004-1233

Integer overflow in Gadu-Gadu allows remote attackers to cause a denial of service disk consumption via a user packet to the DCC file transfer capability with an invalid file length...

rssh and scponly arbitrary command execution

Vulnerable applications: rssh All versions All operating systems scponly All versions All operating systems Not vulnerable: Discussion: rssh and scponly are restricted shells that are designed to allow execution only of certain preset programs. Both are used to grant a user the ability to transfe...

libxml2 various overflows

Multiple buffer overflows in libXML 2.6.12 and 2.6.13 libxml2, and possibly other versions, may allow remote attackers to execute arbitrary code via 1 a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, 2 a long proxy URL containing FTP data that is not properly handled...

Debian DSA-499-2 : rsync - directory traversal

A vulnerability was discovered in rsync, a file transfer program, whereby a remote user could cause an rsync daemon to write files outside of the intended directory tree. This vulnerability is not exploitable when the daemon is configured with the 'chroot' option. %NASLMINLEVEL 70300 C Tenable...

PT-2004-2549 · Ipswitch · Ws Ftp

Name of the Vulnerable Software and Affected Versions: WS FTP version 5.0.2 Description: The issue allows remote authenticated users to cause a denial of service, specifically CPU consumption, by sending a CD command with an invalid path containing a "../" sequence. Recommendations: For WS FTP...

AOL Instant Messenger Active File Transfer Hijacking

Binary data 1250.prm...

AOL Instant Messenger File Transfer Path Disclosure

Binary data 1255.prm...

FTP Client File Download Detection

Binary data 5056.prm...

rsync: Potential information leakage

Background rsync is a utility that provides fast incremental file transfers. It is used to efficiently synchronize files between hosts and is used by emerge to fetch Gentoo's Portage tree. rsyncd is the rsync daemon, which listens to connections from rsync clients. Description The paths sent by t...