CVE-2006-1269

Removed by vendor...

CVE-2006-1251

Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command...

CVE-2006-1251

Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command...

Dwarf HTTP Server < 1.3.3 Multiple Remote Vulnerabilities (XSS, Disc)

The remote host is running Dwarf HTTP Server, a full-featured, Java-based web server. According to its banner, the version of Dwarf HTTP Server on the remote host reportedly fails to properly validate filename extensions in URLs. A remote attacker may be able to leverage this issue to disclose th...

CVE-2006-0950

unalz 0.53 allows user-assisted attackers to overwrite arbitrary files via an ALZ archive with ".." dot dot sequences in a filename...

CVE-2006-0950

unalz 0.53 allows user-assisted attackers to overwrite arbitrary files via an ALZ archive with ".." dot dot sequences in a filename...

NetworkActiv < 3.5.16 Crafted Filename Request Source Code Disclosure

Binary data 3451.prm...

Design/Logic Flaw

GUI display truncation vulnerability in ICQ Inc. formerly Mirabilis ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions, bypass Windows security warnings via a filename that is all uppercase and of a...

CVE-2006-0766

ICQ Inc. formerly Mirabilis ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions and bypass Windows security warnings via a filename that ends in an assumed-safe extension such as JPG, and possibly...

CVE-2006-0765

CVE-2006-0765 describes a GUI display truncation in ICQ 2003a/2003b and ICQ Lite 4.0/4.1 on Windows, where a filename that is all uppercase and of a specific length causes the malicious file extension to be truncated in the UI, allowing user-assisted remote attackers to bypass security warnings a...

SSH SFTP client / server format string vulnerability

Format string bug on filename logging...

SSH Tectia Server SFTP Filename Logging Format String

Binary data 3432.prm...

CVE-2005-2618

Multiple stack-based buffer overflows in Autonomy formerly Verity KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allow remote attackers to execute arbitrary code via 1 a UUE file containing an encoded file with a long filename handled by uudrdr.dll, 2 a compressed ZIP file with a...

ImageMagick security update

CentOS Errata and Security Advisory CESA-2006:178 Updated ImageMagick packages that fix two security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagickTM is an image display and manipulation tool for the X...

CVE-2006-0663

Multiple cross-site scripting XSS vulnerabilities in Lotus Domino iNotes Client 6.5.4 and 7.0 allow remote attackers to inject arbitrary web script or HTML via 1 an email subject; 2 an encoded javascript URI, as demonstrated using "javascript:"; or 3 when the Domino Web Access ActiveX control is...

ImageMagick: Format string vulnerability

Background ImageMagick is an application suite to manipulate and convert images. It is often used as a utility backend by web applications like forums, content management systems or picture galleries. Description The SetImageInfo function was found vulnerable to a format string mishandling. Danie...

GLSA-200601-14 : LibAST: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-200601-14 LibAST: Privilege escalation Michael Jennings discovered an exploitable buffer overflow in the configuration engine of LibAST. Impact : The vulnerability can be exploited to gain escalated privileges if the application...

Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2006:021)

GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-complicit attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an...

CVE-2005-4667

Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long...

CVE-2005-4667

Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long...