Design/Logic Flaw

Microsoft Internet Information Services IIS, when used in conjunction with unspecified third-party upload applications, allows remote attackers to create empty files with arbitrary extensions via a filename containing an initial extension followed by a : colon and a safe extension, as demonstrate...

CVE-2009-4445

Microsoft Internet Information Services IIS, when used in conjunction with unspecified third-party upload applications, allows remote attackers to create empty files with arbitrary extensions via a filename containing an initial extension followed by a : colon and a safe extension, as demonstrate...

CVE-2009-4445

Microsoft IIS, when used with unspecified third‑party upload applications, is vulnerable to remote file creation via a filename containing an initial extension, a colon, and a safe extension. For example, uploading a file named ".asp:.jpg" can result in an empty ".asp" file being created, related...

Microsoft IIS Filename Extension Parsing Security Bypass (CVE-2009-4444)

A security bypass vulnerability has been discovered in Microsoft Internet Information Services IIS. The vulnerability is due to an error in the IIS service that incorrectly parses filenames that contain a semicolon character when determining the MIME type based on the filename extension. An...

Picpuz 2.1.1 - Buffer Overflow (Denial of Service) (PoC)

Picpuz 2.1.1 - Buffer Overflow Denial of Service PoC Exploit Title: Picpuz Buffer Overflow DoS/PoC , http://kornelix.squarespace.com/storage/downloads/picpuz-2.1.1.tar.gz Version: = 2.1.1 Tested on: Fedora 12 CVE: None Code: Description: "from website" Picpuz is a free Linux "jigsaw puzzle"...

Microsoft Internet Explorer image download spoofing

Microsoft Internet Explorer is a popular Web browser that supports image rendering within an HTML page. Internet Explorer also supports the saving of image resources to the local filesystem for offline viewing. A displayed image can be saved to local filesystem by selecting "Save Picture As" in t...

Printoxx Local Buffer Overflow

Exploit for unknown platform in category local exploits ============================== Printoxx Local Buffer Overflow ============================== Title: Printoxx Local Buffer Overflow CVE-ID: OSVDB-ID: Author: sandman Published: 2009-12-23 Verified: no view source print? Exploit Title: Printox...

Yahoo! Messenger File Transfer Filename Spoofing (CVE-2005-0243)

Yahoo Messenger is a service providing instant messages, similar to MSN Messenger and ICQ. Yahoo! Messenger allows users to see when their friends come online, send instant messages, join chat rooms, and exchange files. There exists a vulnerability in the way Yahoo! Messenger displays file names ...

Allied Telesyn TFTP Server 1.9 Long Filename Overflow

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Allied Teles...

XMPlay 3.3.0.4 (ASX Filename) Buffer Overflow

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'XMPlay 3.3.0...

PHP MultiPart Form-Data Denial of Service PoC

No description provided by source. !/usr/bin/python PHP MultiPart Form-Data Denial of Service proof of concept, 23-10-2009 Bogdan Calin [email protected] import httplib, urllib, sys, string, threading from string import replace from urlparse import urlparse def usage: print "" print " PHP...

PHP MultiPart Form-Data Denial of Service PoC

Exploit for unknown platform in category web applications ============================================= PHP MultiPart Form-Data Denial of Service PoC ============================================= !/usr/bin/python PHP MultiPart Form-Data Denial of Service proof of concept, 23-10-2009 Bogdan Calin...

DEBIAN-CVE-2009-3890

Unrestricted file upload vulnerability in the wpcheckfiletype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the modmime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an...

CVE-2009-3890

Unrestricted file upload vulnerability in the wpcheckfiletype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the modmime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an...

EUVD-2009-3861

Unrestricted file upload vulnerability in the wpcheckfiletype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the modmime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an...

Adobe Acrobat Reader (Unix) Shell Metacharacter Code Execution (CVE-2004-0630)

Portable Document Format PDF is a file format for documents based on the PostScript description language. One of the products that is widely used to read PDF files is Adobe Acrobat Reader. This product is available on different platforms, including many versions of UNIX and Linux. There is a...

CVE-2009-3631

The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2, when the DAM extension or ftp upload is enabled, allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename...

Code injection

Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override aka RLO or U+202E Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displayin...

SeaMonkey < 2.0 Multiple Vulnerabilities

The installed version of SeaMonkey is earlier than 2.0. Such versions are potentially affected by the following security issues : - Provided the browser is configured to use Proxy Auto-configuration it may be possible for an attacker to crash the browser or execute arbitrary code. MFSA 2009-55 -...

CVE-2009-3376

Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override aka RLO or U+202E Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displayin...