Debian: Security Advisory (DSA-141)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-814-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2007-6610

unp 1.0.12, and other versions before 1.0.14, does not properly escape file names, which might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument. NOTE: this might only be a vulnerability when unp is invoked by a third party product...

CVE-2007-6610

CVE-2007-6610 affects unp up to 1.0.12 and older than 1.0.14. The vulnerability arises because unp does not properly escape file names before passing them to shell calls, enabling a context-dependent attacker to execute arbitrary shell commands via crafted filenames (potentially when invoked by a...

Debian DSA-1440-1 : inotify-tools - buffer overflow

It was discovered that a buffer overflow in the filename processing of the inotify-tools, a command-line interface to inotify, may lead to the execution of arbitrary code. This only affects the internal library and none of the frontend tools shipped in Debian. The old stable distribution sarge do...

Stack overflow

Multiple stack-based buffer overflows in PDFLib allow user-assisted remote attackers to execute arbitrary code via a long filename argument to the PDFloadimage function that results in an overflow in the pdcfsearchfopen function, and possibly other vectors...

CVE-2007-6563

Heap-based buffer overflow in WinAce 2.65 and earlier, and possibly other versions before 2.69, allows user-assisted remote attackers to execute arbitrary code via a long filename in a compressed UUE archive...

DSA-1440-1 inotify-tools

Bulletin has no description...

Stack overflow

Stack-based buffer overflow in the zfilegunzip function in zfile.c in WinUAE 1.4.4 and earlier allows user-assisted remote attackers to execute arbitrary code via a long filename in a gzipped archive, such as a 1 gz, 2 adz, 3 roz, or 4 hdz archive in a compressed floppy disk image...

CVE-2007-6537

Stack-based buffer overflow in the zfilegunzip function in zfile.c in WinUAE 1.4.4 and earlier allows user-assisted remote attackers to execute arbitrary code via a long filename in a gzipped archive, such as a 1 gz, 2 adz, 3 roz, or 4 hdz archive in a compressed floppy disk image...

CVE-2007-6516

Buffer overflow in RavWare Software MAS Flic ActiveX Control masflc.ocx 1.0.0.1 allows remote attackers to execute arbitrary code via a long FileName property...

smbfs and apache+php source code disclosure

Because of different filename handling in Posix and Windows there is an issue with resolving filenames with a backslash "" character appended on a windows share. Consider you have a windows share mounted on a linux box with a php script on it - let's say info.php. Executing find info.php and find...

Directory traversal

Directory traversal vulnerability in downloadfile.php in PolDoc CMS aka PDDMS 0.96 allows remote attackers to read arbitrary files via a .. dot dot or absolute pathname in the filename parameter...

CVE-2007-6378

Directory traversal vulnerability in upload.dll in BadBlue 2.72b and earlier allows remote attackers to create or overwrite arbitrary files via a .. dot dot in the filename parameter...

cygwin-overflow.txt

============================================= INTERNET SECURITY AUDITORS ALERT 2007-005 - Original release date: May 23rd, 2007 - Last revised: November 24th, 2007 - Discovered by: Jesus Olmos Gonzalez - Severity: 5/5 ============================================= I. VULNERABILITY...

Cygwin Windows POSIX emulation libraries buffer overflow

Buffer overflow on oversized filename...

[ISecAuditors Security Advisories] Cygwin buffer overflow due incorrect filename length check

============================================= INTERNET SECURITY AUDITORS ALERT 2007-005 - Original release date: May 23rd, 2007 - Last revised: November 24th, 2007 - Discovered by: Jesus Olmos Gonzalez - Severity: 5/5 ============================================= I. VULNERABILITY...

GLSA-200711-17 : Ruby on Rails: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200711-17 Ruby on Rails: Multiple vulnerabilities candlerb found that ActiveResource, when processing responses using the Hash.fromxml function, does not properly sanitize filenames CVE-2007-5380. The session management...

Ubuntu 5.10 / 6.06 LTS / 6.10 : geoip vulnerability (USN-412-1)

Dean Gaudet discovered that the GeoIP update tool did not validate the filename responses from the update server. A malicious server, or man-in-the-middle system posing as a server, could write to arbitrary files with user privileges. Note that Tenable Network Security has extracted the preceding...

Directory traversal

Multiple directory traversal vulnerabilities in download.php in ISPworker 1.21 allow remote attackers to read arbitrary files via a .. dot dot in the 1 ticketid and 2 filename parameters...