130 matches found
CVE-2009-0753
Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7 allows remote attackers to read arbitrary files via a leading "//" double slash in the filename...
CVE-2008-1620
CVE-2008-1620 affects the 2X TFTP service (TFTPd.exe) up to version 3.2.0.0 and 2X ThinClientServer up to 5.0_sp1-r3497. This is a directory traversal vulnerability that lets remote attackers read or overwrite arbitrary files by using a file name with a dot-dot (“..”) path. The NVD entry indicate...
Directory traversal
Visual truncation vulnerability in WinImage 8.10 and earlier allows remote attackers to spoof a destination filename via a long sequence of space characters in a filename within a 1 .IMG or 2 .ISO file. NOTE: this can be leveraged with a separate directory traversal vulnerability to trick a caref...
CVE-2007-4963
Visual truncation vulnerability in WinImage 8.10 and earlier allows remote attackers to spoof a destination filename via a long sequence of space characters in a filename within a 1 .IMG or 2 .ISO file. NOTE: this can be leveraged with a separate directory traversal vulnerability to trick a caref...
CVE-2006-2060
Directory traversal vulnerability in actionadmin/paysubscriptions.php in Invision Power Board IPB 2.1.x and 2.0.x before 20060425 allows remote authenticated administrators to include and execute arbitrary local PHP files via a .. dot dot in the name parameter, preceded by enough backspace %08...
CVE-2006-0766
ICQ Inc. formerly Mirabilis ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions and bypass Windows security warnings via a filename that ends in an assumed-safe extension such as JPG, and possibly...
CVE-2006-0225
scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice...
CVE-2005-0243
Yahoo! Messenger 6.0.0.1750, and possibly other versions before 6.0.0.1921, does not properly display long filenames in file dialog boxes, which could allow remote attackers to trick users into downloading and executing programs via file names containing a large number of spaces and multiple file...
GoAhead script source leak
It's possible to obtain content of .asp or cgi-bin file by adding special characters to filename...
CVE-2001-1344
WSSecurity.pl in WebStore allows remote attackers to bypass authentication by providing the program with a filename that exists, which is made easier by 1 inserting a null character or 2 .. dot dot...