CVE-2026-7748

A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by this issue is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument FileName can lead to buffer overflow. The attack can be launched...

OESA-2026-1717 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

CVE-2019-25607

CVE-2019-25607 affects Axessh 4.2. The vulnerability is a stack-based buffer overflow in the log file name field, allowing a local attacker to overflow a buffer at offset 214 bytes and overwrite the instruction pointer to execute shellcode with system privileges. Public metrics indicate a high se...

ALPINE-CVE-2024-46953

An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string for the output filename results in path truncation, and possible path traversal and code execution...

AZL-61795 CVE-2023-45853 affecting package optipng 0.7.8-5

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...

AZL-44985 CVE-2023-45853 affecting package libkml 1.3.0-41

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...

CVE-2020-23574

When uploading a file in Sysax Multi Server 6.90, an authenticated user can modify the filename="" parameter in the uploadfilename1.htm form to a length of 368 or more bytes. This will create a buffer overflow condition, causing the application to crash...

RarCrack 0.2 - Filename init() .bss (PoC)

RarCrack 0.2 - Filename init .bss PoC The software can be downloaded here: http://rarcrack.sourceforge.net/ Author: stoke Date: 2010-09-20 Download: http://rarcrack.sourceforge.net/ Tested on: Backtrack 4 Site: http://devilcode.it | http://hack2web.altervista.org Special greetz to: nex, for...

IP Messenger for Win Filename Buffer Overflow Vulnerability

Overview IP Messenger for Win suffers buffer overflow when the user saves an attached file with a long name sent with the message. Impact An attacker could execute arbitrary code with the privileges of the user running IP Messenger. Solution Please refer to the 'Vendor Information' section for...

XNview 1.92.1 Long Filename Overflow

-------- XNview -------- Informations : Version : 1.92.1 Website : http://www.xnview.com/ Problem : Long Filename Overflow Description: XnView is an efficient multimedia viewer, browser, and converter. It supports more than 400 graphic file formats PNG, JPEG, TARGA, TIFF, GIF, BMP, and more...

Allied Telesyn TFTP Server 1.9 Long Filename Overflow

This module exploits a stack buffer overflow in AT-TFTP v1.9, by sending a request get/write for an overly long file name. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Allied Telesyn TFTP...

PHP 5.2.3 glob() Denial of Service Exploit

No description provided by source. ?php //PHP 5.2.3 glob Remote DoS Exploit //author: shinnai //mail: shinnaiatautisticidotorg //site: http://shinnai.altervista.org //Tested on xp sp2, worked both from the cli EIP overwrite and on apache Denial of Service...

Low: Red Hat Bug Fix Advisory: unzip bug fix update

Updated unzip packages that address various bugs are now available. The unzip utility is used to list, test, or extract files from a zip archive. This update addresses the following issues: a TOCTOU bug that could be exploited to change file permissions CVE-2005-2475 a long filename buffer overfl...

Qualcomm Eudora Attachment Filename Handling Overflow (deprecated)

Binary data 1324.prm...

Yahoo! Messenger Download Feature Long Filename Overflow

Binary data 1271.prm...

Microsoft Windows - 'RPC DCOM' Long Filename Overflow (MS03-026)

include include include include include include pragma commentlib,"ws232" unsigned char bindstr= 0x05,0x00,0x0B,0x03,0x10,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x7F,0x00,0x00,0x00, 0xD0,0x16,0xD0,0x16,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x01,0x00,0x01,0x00,...

MS Windows (RPC DCOM) Long Filename Overflow Exploit (MS03-026)

Exploit for unknown platform in category remote exploits =============================================================== MS Windows RPC DCOM Long Filename Overflow Exploit MS03-026 =============================================================== include include include include include include prag...

Microsoft Windows - RPC DCOM Long Filename Overflow (MS03-026)

Microsoft Windows - RPC DCOM Long Filename Overflow MS03-026 include include include include include include pragma commentlib,"ws232" unsigned char bindstr= 0x05,0x00,0x0B,0x03,0x10,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x7F,0x00,0x00,0x00,...

CVE-2001-0506

Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes SSI directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability...