SUSE CVE-2005-1686

Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service application crash via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email...

SUSE CVE-2005-2102

The AIM/ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service application crash via a filename that contains invalid UTF-8 characters...

SUSE CVE-2005-3006

The mail client in Opera before 8.50 opens attached files from the user's cache directory without warning the user, which might allow remote attackers to inject arbitrary web script and spoof attachment filenames...

SUSE CVE-2005-3007

Opera before 8.50 allows remote attackers to spoof the content type of files via a filename with a trailing "." dot, which might allow remote attackers to trick users into processing dangerous content...

SUSE CVE-2005-4601

The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command...

SUSE CVE-2005-4667

Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long...

SUSE CVE-2006-0236

GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-assisted attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an...

SUSE CVE-2006-2230

Multiple format string vulnerabilities in xiTK xitk/main.c in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack...

SUSE CVE-2006-2440

Heap-based buffer overflow in the libMagick component of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function...

SUSE CVE-2006-2480

Format string vulnerability in Dia 0.94 allows user-assisted attackers to cause a denial of service crash and possibly execute arbitrary code by triggering errors or warnings, as demonstrated via format string specifiers in a .bmp filename. NOTE: the original exploit was demonstrated through a...

SUSE CVE-2006-2656

Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line...

SUSE CVE-2007-0650

Buffer overflow in the opensty function in mkind.c for makeindex 2.14 in teTeX might allow user-assisted remote attackers to overwrite files and possibly execute arbitrary code via a long filename. NOTE: other overflows exist but might not be exploitable, such as a heap-based overflow in the...

SUSE CVE-2007-1614

Stack-based buffer overflow in the zzipopensharedio function in zzip/file.c in ZZIPlib Library before 0.13.49 allows user-assisted remote attackers to cause a denial of service application crash or execute arbitrary code via a long filename...

SUSE CVE-2007-1799

Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.3 only checks for the ".." string, which allows remote attackers to overwrite arbitrary files via modified ".." sequences in a torrent filename, as demonstrated by "../" sequences, due to an incomplete fix for CVE-2007-1384...

SUSE CVE-2007-4033

Buffer overflow in the intT1EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. NOTE: this issue was originally reported to be in the imagepsloadfont function in phpgd2.dll in the gd PHPGD2...

SUSE CVE-2007-4727

Buffer overflow in the fcgienvadd function in modproxybackendfastcgi.c in the modfastcgi extension in lighttpd before 1.4.18 allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length, as demonstrated by overwriting the...

SUSE CVE-2007-6613

Stack-based buffer overflow in the printiso9660recurse function in iso-info src/iso-info.c in GNU Compact Disc Input and Control Library libcdio 0.79 and earlier allows context-dependent attackers to cause a denial of service core dump and possibly execute arbitrary code via a disk or image that...

SUSE CVE-2008-0456

CRLF injection vulnerability in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP respons...

SUSE CVE-2008-1688

Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. NOTE: it is not clear when this issue crosses privilege boundaries...

SUSE CVE-2008-1687

The 1 maketemp and 2 mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename...