security flaw

zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script...

CVE-2005-1874

Directory traversal vulnerability in Dzip before 2.9 allows remote attackers to create arbitrary files via a filename containing a .. dot dot in a .dz archive...

CVE-2005-1809

Sony Ericsson P900 Beamer allows remote attackers to cause a denial of service panic via an obexftp session with a long filename in an OBEX File Transfer or OBEX Object Push...

Gedit 2.x - Filename Format String

Gedit 2.x - Filename Format String source: https://www.securityfocus.com/bid/13699/info gEdit is prone to a format-string vulnerability. Exploitation may occur when the program is invoked with a filename that includes malicious format specifiers. Attackers could exploit this issue to corrupt...

ClamAV antivirus MacOS X shell characters problem

Shell characters are not filtered in filename than external 'ditto' command in executed with system...

CVE-2004-2111

Stack-based buffer overflow in the site chmod command in Serv-U FTP Server before 4.2 allows remote attackers to execute arbitrary code via a long filename...

CVE-2005-1795

The filecopy function in misc.c in Clam AntiVirus ClamAV before 0.85, on Mac OS, allows remote attackers to execute arbitrary code via a virus in a filename that contains shell metacharacters, which are not properly handled when HFS permissions prevent the file from being deleted and ditto is...

DEBIAN-CVE-2005-1686

Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service application crash via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email...

gedit -- format string vulnerability

Yan Feng reports a format string vulnerability in gedit. This vulnerability could cause a denial of service with a binary file that contains format string characters within the filename. It had been reported that web browsers and email clients can be configured to provide a filename as an argumen...

CVE-2005-1636

mysqlinstalldb in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysqlinstalldb.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents...

CVE-2005-1636

mysqlinstalldb in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysqlinstalldb.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents...

CVE-2005-1575

The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows allows remote attackers to hide the real file types of downloaded files via the Content-Type HTTP header and a filename containing whitespace, dots, or ASCII byte 160...

CVE-2004-2034

Buffer overflow in the 1 WTHoster and 2 WebDriver modules in WildTangent Web Driver 4.0 allows remote attackers to execute arbitrary code via a long filename...

gzip: Multiple vulnerabilities

Background gzip GNU zip is a popular compression program. The included zgrep utility allows you to grep gzipped files in place. Description The gzip and gunzip programs are vulnerable to a race condition when setting file permissions CAN-2005-0988, as well as improper handling of filename...

CVE-2005-0918

The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, when running on Internet Explorer, allows remote attackers to determine the existence of arbitrary files by setting the src property to the target filename and using Javascript to determine if the web page immediately stops...

CVE-2005-1435

Open WebMail OWM before 2.51 20050430 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename...

CVE-2005-0578

Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable filename for the plugin temporary directory, which allows local users to delete arbitrary files of other users via a symlink attack on the plugtmp directory...

CVE-2005-1120

Multiple cross-site scripting XSS vulnerabilities in IlohaMail 0.8.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the e-mail 1 body, 2 filename, or 3 MIME type...

CVE-2005-0578

Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable filename for the plugin temporary directory, which allows local users to delete arbitrary files of other users via a symlink attack on the plugtmp directory...

CVE-2005-0826

OllyDbg 1.10 and earlier allows remote attackers to cause a denial of service application crash via a dynamic link library DLL with a long filename...