SUSE CVE-2008-2955

Pidgin 2.4.1 allows remote attackers to cause a denial of service crash via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msnslplinkprocessmsg function...

SUSE CVE-2008-3074

The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" exclamation point shell metacharacter in 1 the filename of a tar archive and possibly 2 the filename of the first file in a tar archive, which is not properly...

SUSE CVE-2008-3577

Buffer overflow in src/openttd.cpp in OpenTTD before 0.6.2 allows local users to execute arbitrary code via a large filename supplied to the "-g" parameter in the ttdmain function. NOTE: it is unlikely that this issue would cross privilege boundaries in typical environments...

SUSE CVE-2008-3823

Cross-site scripting XSS vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message...

SUSE CVE-2008-3916

Heap-based buffer overflow in the stripescapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege...

SUSE CVE-2008-4640

The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which 1 a final "z" character is replaced by a "t" character or 2 a final "t" character is replaced by a "z" character...

SUSE CVE-2008-5078

Multiple buffer overflows in the 1 recognizeepsfile function src/psgen.c and 2 tildesubst function src/util.c in GNU enscript 1.6.1, and possibly earlier, might allow remote attackers to execute arbitrary code via an epsf escape sequence with a long filename...

SUSE CVE-2009-1150

Multiple cross-site scripting XSS vulnerabilities in the export page displayexport.lib.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pmadbfilenametemplate cookie...

SUSE CVE-2009-1336

fs/nfs/client.c in the Linux kernel before 2.6.23 does not properly initialize a certain structure member that stores the maximum NFS filename length, which allows local users to cause a denial of service OOPS via a long filename, related to the encodelookup function...

SUSE CVE-2009-3999

Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter...

SUSE CVE-2010-2252

GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL wit...

SUSE CVE-2010-3436

fopenwrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass openbasedir restrictions via vectors related to the length of a filename...

SUSE CVE-2011-1155

The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service rotation outage via a 1 \n newline or 2 \ backslash character in a log filename, as demonstrated by a filename that is automatically constructed on the basis ...

SUSE CVE-2011-1154

The shredfile function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name...

SUSE CVE-2011-2645

Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a crafted filename for a custom RPM...

SUSE CVE-2011-2651

Unspecified vulnerability in the file browser in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a crafted filename...

SUSE CVE-2011-2711

Cross-site scripting XSS vulnerability in the printfileinfo function in ui-diff.c in cgit 0.9.0.2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the filename associated with the rename hint...

SUSE CVE-2011-3871

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files...

SUSE CVE-2012-2687

Multiple cross-site scripting XSS vulnerabilities in the makevariantlist function in modnegotiation.c in the modnegotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted...

SUSE CVE-2012-3410

Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix...