CVE-2005-1120

Multiple cross-site scripting XSS vulnerabilities in IlohaMail 0.8.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the e-mail 1 body, 2 filename, or 3 MIME type...

CVE-2005-0578

Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable filename for the plugin temporary directory, which allows local users to delete arbitrary files of other users via a symlink attack on the plugtmp directory...

CVE-2004-1175

fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters...

CVE-2004-1175

fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters...

CVE-2004-1175

fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters...

DEBIAN-CVE-2004-1175

fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters...

CVE-2005-1105

Removed by vendor...

JavaMail directory traversal

Content-Disposition header filename is not checked...

CVE-2005-0484

Format string vulnerability in gprostats for GProFTPD before 8.1.9 may allow remote attackers to execute arbitrary code via an FTP transfer with a crafted filename that causes format string specifiers to be inserted into the ProFTPD transfer log...

security flaw

Format string vulnerability in the SetImageInfo function in image.c for ImageMagick before 6.0.2.5 may allow remote attackers to cause a denial of service application crash and possibly execute arbitrary code via format string specifiers in a filename argument to convert, which may be called by...

security flaw

Format string vulnerability in the SetImageInfo function in image.c for ImageMagick before 6.0.2.5 may allow remote attackers to cause a denial of service application crash and possibly execute arbitrary code via format string specifiers in a filename argument to convert, which may be called by...

CVE-2005-0826

OllyDbg 1.10 and earlier allows remote attackers to cause a denial of service application crash via a dynamic link library DLL with a long filename...

CVE-2001-1420

AOL Instant Messenger AIM 4.7 allows remote attackers to cause a denial of service application crash via a long filename, possibly caused by a buffer overflow...

[Full-disclosure] 3 XSS Vulnerabilities in Phorum <= 5.0.14

Author: Jon Oberheide [email protected] Date: Sat, March 12th, 2005 Summary ======= Application: Phorum Vendor Website: http://www.phorum.org Affected Versions: = 5.0.14 Type of Vulnerability: Cross Site Scripting XSS About Phorum ============ Phorum is a web based message board written in PHP...

CVE-2005-0397

Format string vulnerability in the SetImageInfo function in image.c for ImageMagick before 6.0.2.5 may allow remote attackers to cause a denial of service application crash and possibly execute arbitrary code via format string specifiers in a filename argument to convert, which may be called by...

GLSA-200503-11 : ImageMagick: Filename handling vulnerability

The remote host is affected by the vulnerability described in GLSA-200503-11 ImageMagick: Filename handling vulnerability Tavis Ormandy of the Gentoo Linux Security Audit Team has identified a flaw in the handling of filenames by the ImageMagick utilities. Impact : Successful exploitation may...

ImageMagick: Filename handling vulnerability

Background ImageMagick is a collection of tools and libraries for manipulating a wide variety of image formats. Description Tavis Ormandy of the Gentoo Linux Security Audit Team has identified a flaw in the handling of filenames by the ImageMagick utilities. Impact Successful exploitation may...

GLSA-200503-09 : xv: Filename handling vulnerability

The remote host is affected by the vulnerability described in GLSA-200503-09 xv: Filename handling vulnerability Tavis Ormandy of the Gentoo Linux Security Audit Team identified a flaw in the handling of image filenames by xv. Impact : Successful exploitation would require a victim to process a...

xv: Filename handling vulnerability

Background xv is an interactive image manipulation package for X11. Description Tavis Ormandy of the Gentoo Linux Security Audit Team identified a flaw in the handling of image filenames by xv. Impact Successful exploitation would require a victim to process a specially crafted image with a...

xv -- filename handling format string vulnerability

A Gentoo Linux Security Advisory reports: Tavis Ormandy of the Gentoo Linux Security Audit Team identified a flaw in the handling of image filenames by xv. Successful exploitation would require a victim to process a specially crafted image with a malformed filename, potentially resulting in the...