security flaw

Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long...

CVE-2007-2190

PHP remote file inclusion vulnerability in admin/public/webpages.php in Eba News 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter...

CVE-2007-2182

The CVE concerns an unrestricted file upload vulnerability in Maran PHP Forum’s forum_write.php. The issue arises from allowing a trailing %00 in a filename in the page parameter, enabling remote attackers to upload and execute arbitrary PHP files. The documented impact is partial confidentiality...

PT-2007-3531 · Eba News · Eba News

Name of the Vulnerable Software and Affected Versions: Eba News version 1.1 Description: A remote file inclusion issue in the admin/public/webpages.php file allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter. Recommendations: For Eba News version 1.1, avoid...

Buffer overflow

Buffer overflow in the On-Access Scanner in McAfee VirusScan Enterprise before 8.0i Patch 12 allows user-assisted remote attackers to execute arbitrary code via a long filename containing multi-byte Unicode characters...

CVE-2007-2152

Buffer overflow in the On-Access Scanner in McAfee VirusScan Enterprise before 8.0i Patch 12 allows user-assisted remote attackers to execute arbitrary code via a long filename containing multi-byte Unicode characters...

CVE-2007-2152

Buffer overflow in the On-Access Scanner in McAfee VirusScan Enterprise before 8.0i Patch 12 allows user-assisted remote attackers to execute arbitrary code via a long filename containing multi-byte Unicode characters...

McAffee VirusScan antivirus buffer overflow

Buffer overflow on oversized Unicode filename...

PT-2007-3204 · 2Bgal · 2Bgal

Name of the Vulnerable Software and Affected Versions: 2BGal version 3.1.1 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the lang filename parameter to 1 "index.php" or 2 "backupdb.inc.php" in admin/, or other unspecified files. Recommendations: For 2BG...

CVE-2007-1832

web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to upload certain files 1 via a crafted filename or 2 by "using percent encoding in forms."...

DEBIAN-CVE-2007-1799

Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.3 only checks for the ".." string, which allows remote attackers to overwrite arbitrary files via modified ".." sequences in a torrent filename, as demonstrated by "../" sequences, due to an incomplete fix for CVE-2007-1384...

ZZIPlib / zzcat buffer overflow

Stack buffer overflow stack overrun on oversized filename...

PHP FTP commans injection

Unchecked CRLF in filename allows to inject FTP commands...

CVE-2007-1614

Stack-based buffer overflow in the zzipopensharedio function in zzip/file.c in ZZIPlib Library before 0.13.49 allows user-assisted remote attackers to cause a denial of service application crash or execute arbitrary code via a long filename...

CVE-2007-1614

Stack-based buffer overflow in the zzipopensharedio function in zzip/file.c in ZZIPlib Library before 0.13.49 allows user-assisted remote attackers to cause a denial of service application crash or execute arbitrary code via a long filename...

Stack overflow

Stack-based buffer overflow in NewsBin Pro 4.32 allows remote attackers to cause a denial of service or execute arbitrary code via a yEnc yEncode encoded article with a long filename, as demonstrated using a .nzb file. NOTE: some of these details are obtained from third party information...

Stack overflow

Stack-based buffer overflow in DaanSystems NewsReactor 20070220.21 allows remote attackers to execute arbitrary code via a yEnc yEncode encoded article with a long filename...

CVE-2007-1568

Stack-based buffer overflow in DaanSystems NewsReactor 20070220.21 allows remote attackers to execute arbitrary code via a yEnc yEncode encoded article with a long filename...

CVE-2007-1568

Stack-based buffer overflow in DaanSystems NewsReactor 20070220.21 allows remote attackers to execute arbitrary code via a yEnc yEncode encoded article with a long filename...

LSAT: Insecure temporary file creation

Background The Linux Security Auditing Tool LSAT is a post install security auditor which checks many system configurations and local network settings on the system for common security or configuration errors and for packages that are not needed. Description LSAT insecurely writes in /tmp with a...