Lucene search
K

130 matches found

OSV
OSV
added 2009/03/03 4:30 p.m.8 views

CVE-2009-0753

Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7 allows remote attackers to read arbitrary files via a leading "//" double slash in the filename...

6.4AI score
Exploits0References12
CVE
CVE
added 2008/04/02 5:0 p.m.48 views

CVE-2008-1620

CVE-2008-1620 affects the 2X TFTP service (TFTPd.exe) up to version 3.2.0.0 and 2X ThinClientServer up to 5.0_sp1-r3497. This is a directory traversal vulnerability that lets remote attackers read or overwrite arbitrary files by using a file name with a dot-dot (“..”) path. The NVD entry indicate...

7.5CVSS6.7AI score0.03028EPSS
Exploits1References7Affected Software1
Prion
Prion
added 2007/09/18 10:17 p.m.18 views

Directory traversal

Visual truncation vulnerability in WinImage 8.10 and earlier allows remote attackers to spoof a destination filename via a long sequence of space characters in a filename within a 1 .IMG or 2 .ISO file. NOTE: this can be leveraged with a separate directory traversal vulnerability to trick a caref...

9.3CVSS7.2AI score0.01989EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2007/09/18 10:0 p.m.21 views

CVE-2007-4963

Visual truncation vulnerability in WinImage 8.10 and earlier allows remote attackers to spoof a destination filename via a long sequence of space characters in a filename within a 1 .IMG or 2 .ISO file. NOTE: this can be leveraged with a separate directory traversal vulnerability to trick a caref...

6.7AI score0.01989EPSS
Exploits0References4
NVD
NVD
added 2006/04/26 8:6 p.m.11 views

CVE-2006-2060

Directory traversal vulnerability in actionadmin/paysubscriptions.php in Invision Power Board IPB 2.1.x and 2.0.x before 20060425 allows remote authenticated administrators to include and execute arbitrary local PHP files via a .. dot dot in the name parameter, preceded by enough backspace %08...

6.4CVSS6.8AI score0.02182EPSS
Exploits0References9
NVD
NVD
added 2006/02/18 2:2 a.m.15 views

CVE-2006-0766

ICQ Inc. formerly Mirabilis ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions and bypass Windows security warnings via a filename that ends in an assumed-safe extension such as JPG, and possibly...

5.1CVSS6.9AI score0.01159EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2006/01/25 11:0 a.m.46 views

CVE-2006-0225

scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice...

4.6CVSS7.1AI score0.00474EPSS
Exploits1
NVD
NVD
added 2005/02/17 5:0 a.m.26 views

CVE-2005-0243

Yahoo! Messenger 6.0.0.1750, and possibly other versions before 6.0.0.1921, does not properly display long filenames in file dialog boxes, which could allow remote attackers to trick users into downloading and executing programs via file names containing a large number of spaces and multiple file...

5CVSS6.6AI score0.01041EPSS
Exploits0References2
securityvulns
securityvulns
added 2004/01/20 12:0 a.m.38 views

GoAhead script source leak

It's possible to obtain content of .asp or cgi-bin file by adding special characters to filename...

2.3AI score
Exploits0References2Affected Software1
NVD
NVD
added 2001/06/12 4:0 a.m.9 views

CVE-2001-1344

WSSecurity.pl in WebStore allows remote attackers to bypass authentication by providing the program with a filename that exists, which is made easier by 1 inserting a null character or 2 .. dot dot...

7.5CVSS6.9AI score0.02915EPSS
Exploits1References3
Rows per page
Query Builder