WebRoot SpySweeper protection bypass

Content is blocked only by filename. Multiple archive formats are not supported...

makeindex buffer overflows

Buffer overflow on oversized filename...

Format string

Format string vulnerability in the SCP module in Ipswitch WSFTP 2007 Professional might allow remote attackers to execute arbitrary commands via format string specifiers in the filename, related to the SHELL WSFTP script command...

CVE-2007-0665

Format string vulnerability in the SCP module in Ipswitch WSFTP 2007 Professional might allow remote attackers to execute arbitrary commands via format string specifiers in the filename, related to the SHELL WSFTP script command...

Heap overflow

Buffer overflow in the opensty function in mkind.c for makeindex 2.14 in teTeX might allow user-assisted remote attackers to overwrite files and possibly execute arbitrary code via a long filename. NOTE: other overflows exist but might not be exploitable, such as a heap-based overflow in the...

Format string

Format string vulnerability in Help Viewer 3.0.0 allows remote user-assisted attackers to cause a denial of service crash via format string specifiers in a filename, which is not properly handled when calling the NSBeginAlertSheet Apple AppKit function...

Format string

Format string vulnerability in iPhoto 6.0.5 allows remote user-assisted attackers to cause a denial of service crash via format string specifiers in a filename, which is not properly handled when calling certain Apple AppKit functions...

CVE-2007-0645

Format string vulnerability in iPhoto 6.0.5 allows remote user-assisted attackers to cause a denial of service crash via format string specifiers in a filename, which is not properly handled when calling certain Apple AppKit functions...

CVE-2007-0465

Format string vulnerability in Apple Installer 2.1.5 on Mac OS X 10.4.8 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a 1 PKG, 2 DISTZ, or 3 MPKG package filename...

Apple Mac OS X Software Update / Apple Installer format string security vulnerability

Format string vulnerability on parsing filename of application/x-apple.sucatalog+xml files .sucatalog и .swutmp. Format string vulnerability in .pkg file name...

clipboard bug.txt

The clipboard in QNX is world readable and writable. Although the folder containing the file is not readable for normal users the filename convention is predictable, see "clipboard bug.jpg" bash-2.05a$ ls -l /var/clipboard/muh/00000000/TTSHEOAA552983 -rw-rw-rw- 1 root root 78 Jan 04 16:27...

Improper access control

The projectissueaccess function in the Project issue tracking 4.7.0 through 5.x before 20070123 module for Drupal allows remote authenticated users to bypass other access control modules and obtain attached files by guessing the filename, and obtain issue information via direct requests...

CVE-2007-0486

Multiple PHP remote file inclusion vulnerabilities in Openads aka phpAdsNew 2.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the 1 phpAdsgeoPlugin parameter to libraries/lib-remotehost.inc, the 2 filename parameter to admin/report-index, or the 3 phpAdsconfigmyfooter...

Microsoft Visual Studio buffer overflow

Buffer overflows on oversized filename in different paramters...

CVE-2006-6950

Directory traversal vulnerability in Conti FTPServer 1.0 Build 2.8 allows remote attackers to read arbitrary files and list arbitrary directories via a .. dot dot in a filename argument...

libgtop: Privilege escalation

Background libgtop facilitates the libgtopdaemon, which is used by GNOME to obtain information about remote systems. Description Liu Qishuai discovered that glibtopgetprocmaps in sysdeps/linux/procmap.c does not properly allocate memory for storing a filename, allowing certain filenames to cause...

CVE-2006-5964

choShilA.bpl in PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221 allows local users, and user-assisted remote attackers to cause a denial of service system crash by right clicking on a file with a long filename...

CVE-2006-5964

choShilA.bpl in PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221 allows local users, and user-assisted remote attackers to cause a denial of service system crash by right clicking on a file with a long filename...

CVE-2007-0235

Stack-based buffer overflow in the glibtopgetprocmaps function in libgtop before 2.14.6 libgtop2 allows local users to cause a denial of service crash and possibly execute arbitrary code via a process with a long filename that is mapped in its address space, which triggers the overflow in...

Stack overflow

Stack-based buffer overflow in EF Commander 5.75 allows user-assisted attackers to execute arbitrary code via a crafted ISO file containing a file within several nested directories, which produces a large filename that triggers the overflow...