DEBIAN-CVE-2008-1687

The 1 maketemp and 2 mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename...

CVE-2008-1687

The 1 maketemp and 2 mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename...

CVE-2008-1688

Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. NOTE: it is not clear when this issue crosses privilege boundaries...

CVE-2008-1687

The 1 maketemp and 2 mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename...

CVE-2008-1688

Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. NOTE: it is not clear when this issue crosses privilege boundaries...

CVE-2008-1687

The 1 maketemp and 2 mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename...

CVE-2008-1687

The 1 maketemp and 2 mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename...

Windows GDI EMF filename buffer overflow

Added: 04/09/2008 CVE: CVE-2008-1087 BID: 28570 OSVDB: 44215 Background The Windows Graphics Device Interface GDI interacts with graphics device drivers on behalf of applications. Problem A buffer overflow in Windows GDI allows command execution when a user opens a specially crafted EMF file...

CVE-2008-1620

CVE-2008-1620 affects the 2X TFTP service (TFTPd.exe) up to version 3.2.0.0 and 2X ThinClientServer up to 5.0_sp1-r3497. This is a directory traversal vulnerability that lets remote attackers read or overwrite arbitrary files by using a file name with a dot-dot (“..”) path. The NVD entry indicate...

Stack overflow

Stack-based buffer overflow in TFTP Server SP 1.4 for Windows allows remote attackers to cause a denial of service or execute arbitrary code via a long filename in a read or write request...

CVE-2008-1611

Stack-based buffer overflow in TFTP Server SP 1.4 for Windows allows remote attackers to cause a denial of service or execute arbitrary code via a long filename in a read or write request...

CVE-2008-1568

comix 3.6.4 allows attackers to execute arbitrary commands via a filename containing shell metacharacters that are not properly sanitized when executing the rar, unrar, or jpegtran programs...

Command injection

comix 3.6.4 allows attackers to execute arbitrary commands via a filename containing shell metacharacters that are not properly sanitized when executing the rar, unrar, or jpegtran programs...

CVE-2008-1568

Removed by vendor...

CVE-2008-1488

Stack-based buffer overflow in apc.c in Alternative PHP Cache APC 3.0.11 through 3.0.16 allows remote attackers to execute arbitrary code via a long filename...

Buffer overflow

Buffer overflow in XnView 1.92.1 allows user-assisted remote attackers to execute arbitrary code via a long filename argument on the command line. NOTE: it is unclear whether there are common handler configurations in which this argument is controlled by an attacker...

CVE-2008-1461

Buffer overflow in XnView 1.92.1 allows user-assisted remote attackers to execute arbitrary code via a long filename argument on the command line. NOTE: it is unclear whether there are common handler configurations in which this argument is controlled by an attacker...

CVE-2008-1461

CVE-2008-1461 affects XnView 1.92.1. It is a buffer-overflow vulnerability in the command-line filename argument, allowing a user-assisted remote attacker to potentially execute arbitrary code in the context of the running user. Exploit details in public writeups describe an attack condition wher...

Apple Safari for Windows buffer overflow and content spoofing

Buffer overflow on oversized download filename...

Stack overflow

Stack-based buffer overflow in the TFTP server in BootManage TFTPD 1.99 and earlier in BootManage Administrator 7.1 and earlier allows remote attackers to execute arbitrary code via a request with a long filename...