CVE-2008-4360

moduserdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a...

Pritlog 0.4 - Filename Remote File Disclosure

Pritlog 0.4 - Filename Remote File Disclosure -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Printlog eNYe-Sec - www.enye-sec.org -- Description by the author's page -- PRITLOG is an extremely simple, small and powerful blog system. It does not use or need a MYSQL database and fully works bas...

Gentoo Security Advisory GLSA 200701-17 (libgtop)

The remote host is missing updates announced in advisory GLSA 200701-17. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200501-02 (a2ps)

The remote host is missing updates announced in advisory GLSA 200501-02. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

CYASK 3.x (collect.php neturl) Local File Disclosure Vulnerability

No description provided by source. This vulnerability leads to that the attacker can read any file on your webserver when it installs cyask. The $neturl variable in collect.php is short of enough check. When the attacker registers a new user, he can pass the user check and then submit any filenam...

Google Chrome畸形附件文件名拒绝服务漏洞

BUGTRAQ ID: 31031 CNCAN ID：CNCAN-2008090603 Google Chrome是一款谷歌公司新开发的WEB浏览器。 Google Chrome处理特殊构建附件文件名时存在问题，远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 Google Chrome 0.2.149 27 目前没有解决方案提供： http://www.google.com/chrome ?php / Google Chrome 0.2.149.27 1583 Silent Crash PoC WHK - elhacker.net / $nombre =...

CVE-2008-3916

Heap-based buffer overflow in the stripescapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege...

DEBIAN-CVE-2008-3916

Heap-based buffer overflow in the stripescapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege...

CVE-2008-3916

Heap-based buffer overflow in the stripescapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege...

CVE-2008-3904

src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop Environment LXDE allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename...

CVE-2008-3577

Buffer overflow in src/openttd.cpp in OpenTTD before 0.6.2 allows local users to execute arbitrary code via a large filename supplied to the "-g" parameter in the ttdmain function. NOTE: it is unlikely that this issue would cross privilege boundaries in typical environments...

Buffer overflow

Buffer overflow in src/openttd.cpp in OpenTTD before 0.6.2 allows local users to execute arbitrary code via a large filename supplied to the "-g" parameter in the ttdmain function. NOTE: it is unlikely that this issue would cross privilege boundaries in typical environments...

CVE-2008-3577

Buffer overflow in src/openttd.cpp in OpenTTD before 0.6.2 allows local users to execute arbitrary code via a large filename supplied to the "-g" parameter in the ttdmain function. NOTE: it is unlikely that this issue would cross privilege boundaries in typical environments...

CVE-2008-3577

Buffer overflow in src/openttd.cpp in OpenTTD before 0.6.2 allows local users to execute arbitrary code via a large filename supplied to the "-g" parameter in the ttdmain function. NOTE: it is unlikely that this issue would cross privilege boundaries in typical environments...

Outpost Security Suite Pro 2009 - Filename Parsing Security Bypass

source: https://www.securityfocus.com/bid/30347/info Outpost Security Suite Pro is prone to a vulnerability that allows an unauthorized attacker to bypass antivirus and firewall rules. This issue occurs because the application fails to adequately sanitize user-supplied input. Successful exploits...

CVE-2008-3024

Stack-based buffer overflow in phgrafx in QNX Momentics aka RTOS 6.3.2 and earlier allows local users to gain privileges via a long .pal filename in palette/...

CVE-2008-3024

Stack-based buffer overflow in phgrafx in QNX Momentics aka RTOS 6.3.2 and earlier allows local users to gain privileges via a long .pal filename in palette/...

Firefox file location escaping flaw

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting XSS attacks or have unspecified other impact via a crafted filename...

CVE-2008-2955

Pidgin 2.4.1 allows remote attackers to cause a denial of service crash via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msnslplinkprocessmsg function...

Code injection

Pidgin 2.4.1 allows remote attackers to cause a denial of service crash via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msnslplinkprocessmsg function...