8761 matches found
gaim -- AIM/ICQ non-UTF-8 filename crash
The GAIM team reports: A remote user could cause Gaim to crash on some systems by sending the Gaim user a file whose filename contains certain invalid characters. It is unknown what combination of systems are affected, but it is suspected that Windows users and systems with older versions of GTK+...
MDaemon 8.0 - Content Filter Directory Traversal
source: https://www.securityfocus.com/bid/14400/info MDaemon server is prone to a directory traversal vulnerability due to improper sanitization of user input. Failure to sanitize the filename and path may result in compromise of the file system outside of the application's quarantine directory...
CVE-2004-2284
The readlistfromfile function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument...
CVE-2005-2195
Apple Darwin Streaming Server 5.5 and earlier allows remote attackers to cause a denial of service application crash via a URL with a filename containing a .cgi extension and an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1, a different vulnerability than CVE-2003-0421 and CVE-2003-0502...
CVE-2004-2255
Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename...
CVE-2001-1562
Format string vulnerability in nvi before 1.79 allows local users to gain privileges via format string specifiers in a filename...
CVE-2002-2047
The file preview functionality in Sketch 0.6.12 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an encapsulated Postscript EPS file...
CVE-2001-1562
Format string vulnerability in nvi before 1.79 allows local users to gain privileges via format string specifiers in a filename...
FreeBSD : portupgrade -- insecure temporary file handling vulnerability (22f00553-a09d-11d9-a788-0001020eed82)
Simon L. Nielsen discovered that portupgrade handles temporary files in an insecure manner. This could allow an unprivileged local attacker to execute arbitrary commands or overwrite arbitrary files with the permissions of the user running portupgrade, typically root, by way of a symlink attack...
CVE-2004-2187
Technical details are not publicly available in the provided documents for CVE-2004-2187; the description remains generic (MediaWiki 1.3.5 and filename validation) with unknown impact vectors. Monitor for updates as more information becomes available.
CVE-2004-2187
Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to "filename validation," has unknown impact and attack vectors...
CVE-2004-2187
Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to "filename validation," has unknown impact and attack vectors...
CVE-2005-2075
PHP-Fusion 5.0 and 6.0 stores the database file with a predictable filename under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the filename in the administration/dbbackups directory in PHP-Fusion 6.0 ...
CVE-2002-1812
Buffer overflow in gdam123 0.933 and 0.942 allows local users to execute arbitrary code via a long filename parameter...
CVE-2002-1692
Buffer overflow in backup utility of Microsoft Windows 95 allows attackers to execute arbitrary code by causing a filename with a long extension to be placed in a folder to be backed up...
CVE-2005-1994
Finjan SurfinGate 7.0SP2 and SP3 allows remote attackers to download blocked files via hex-encoded characters in a filename, as demonstrated using "%2e"...
gmc, mc, mcserv security update
CentOS Errata and Security Advisory CESA-2005:512-01 Updated mc packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Midnight Commander is a visual shell...
Moderate: Red Hat Security Advisory: mc security update
Updated mc packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Midnight Commander is a visual shell much like a file manager. Several denial of service bu...
security flaw
Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service application crash via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email...
security flaw
Buffer overflow in mikmod 3.1.6 and earlier allows remote attackers to execute arbitrary code via an archive file that contains a file with a long filename...