8764 matches found
CVE-2011-2646
Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a crafted filename in the list of testdrive modified files...
Security feature bypass
Unspecified vulnerability in the file browser in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a crafted filename...
Code injection
Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a crafted filename in the list of testdrive modified files...
Code injection
Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a crafted filename for a custom RPM...
CVE-2011-2645
Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a crafted filename for a custom RPM...
CVE-2011-2711
Cross-site scripting XSS vulnerability in the printfileinfo function in ui-diff.c in cgit 0.9.0.2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the filename associated with the rename hint...
Cross site scripting
Cross-site scripting XSS vulnerability in the printfileinfo function in ui-diff.c in cgit 0.9.0.2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the filename associated with the rename hint...
Ciscokits TFTP Server 1.0 Long Filename DoS Vulnerability - Active Check
Ciscokits TFTP Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ciscokits 1.0 - TFTP Server File Name Denial of Service
Ciscokits 1.0 - TFTP Server File Name Denial of Service !/usr/bin/python Title: Ciscokits 1.0 TFTP Long Filename DoS Author: Craig Freyman @cd1zz Date: July 22, 2011 Software Link: http://www.certificationkits.com/tftpserver/tftpserver.zip Tested on: Windows XP SP3 Vendor notified: July 22, 2010 ...
Ciscokits 1.0 TFTP Denial Of Service
!/usr/bin/python Title: Ciscokits 1.0 TFTP Long Filename DoS Author: Craig Freyman @cd1zz Date: July 22, 2011 Software Link: http://www.certificationkits.com/tftpserver/tftpserver.zip Tested on: Windows XP SP3 Vendor notified: July 22, 2010 - Vendor approved release of PoC on July 23, 2010. Notes...
CVE-2011-2757
Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the FILENAME parameter. NOTE: this might overlap the US-CERT VU543310 issue...
Directory traversal
Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the FILENAME parameter. NOTE: this might overlap the US-CERT VU543310 issue...
ManageEngine ServiceDesk Plus FileDownload.jsp FILENAME Parameter Traversal Arbitrary File Access
The installed version of ManageEngine ServiceDesk Plus fails to sanitize user-supplied input to the 'FILENAME' parameter of the 'workorder/FileDownload.jsp' script of directory traversal sequences when 'module' is set to 'agent' before using it to return the contents of a file. An unauthenticated...
Gadu-Gadu crossite scripting
Crossite scripting via filename...
kernel: CAN info leak
The bcmconnect function in net/can/bcm.c aka the Broadcast Manager in the Controller Area Network CAN implementation in the Linux kernel 2.6.36 and earlier creates a publicly accessible file with a filename containing a kernel memory address, which allows local users to obtain potentially sensiti...
Fedora 14 : sssd-1.5.7-1.fc14 (2011-5815)
Fri Apr 29 2011 Stephen Gallagher - 1.5.7-1 - Resolves: rhbz700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename - Wed Apr 20 2011 Stephen Gallagher - 1.5.6.1-1 - Re-add manpage translations - Wed Apr 20 2011 Stephen Gallagher - 1.5.6-1 - New...
HP Data Protector Backup Client Service GET_FILE Directory Traversal Vulnerability
This vulnerability allows remote attackers directory traversal on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service OmniInet.exe. The Backup Client Service listens on TCP por...
CVE-2010-4790
Directory traversal vulnerability in FilterFTP 2.0.3, 2.0.5, and probably earlier versions, allows remote FTP servers to write arbitrary files via a ".." dot dot backslash in a filename. NOTE: some of these details are obtained from third party information...
KDE KGet directory traversal
Directory traversal via filename...
CVE-2011-1426
The OpenURLInDefaultBrowser method in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, launches a default handler for the filename specified in the first argument, which allows remote attackers to execute arbitrary code via a .rnx filename...