Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8761 matches found

CVE
CVEadded 2005/02/27 5:0 a.m.75 views

CVE-2005-0578

CVE-2005-0578 affects Firefox up to 1.0.0 and Mozilla Suite up to 1.7.5, where a predictable plugin temporary directory filename enables local users to delete arbitrary files via a symlink attack on plugtmp. Root cause: insecure naming of the plugtmp directory. Impact: local privilege/unauthorize...

2.1CVSS6.2AI score0.00292EPSS
Exploits0References7Affected Software2
securityvulns
securityvulnsadded 2005/02/20 12:0 a.m.26 views

Yahoo messenger multiple security vulnerabilities

Filename spoofing, local privilege escalation with Audio Setup Wizard...

2.1AI score
Exploits0References2Affected Software1
securityvulns
securityvulnsadded 2005/02/20 12:0 a.m.37 views

[VulnWatch] Secunia Research: Yahoo! Messenger File Transfer Filename Spoofing

====================================================================== Secunia Research 18/02/2005 - Yahoo! Messenger File Transfer Filename Spoofing - ====================================================================== Table of Contents Affected...

5CVSS6.3AI score0.01041EPSS
Exploits0
Cvelist
Cvelistadded 2005/02/18 5:0 a.m.21 views

CVE-2005-0243

Yahoo! Messenger 6.0.0.1750, and possibly other versions before 6.0.0.1921, does not properly display long filenames in file dialog boxes, which could allow remote attackers to trick users into downloading and executing programs via file names containing a large number of spaces and multiple file...

6.6AI score0.01041EPSS
Exploits0References2
NVD
NVDadded 2005/02/17 5:0 a.m.24 views

CVE-2005-0243

Yahoo! Messenger 6.0.0.1750, and possibly other versions before 6.0.0.1921, does not properly display long filenames in file dialog boxes, which could allow remote attackers to trick users into downloading and executing programs via file names containing a large number of spaces and multiple file...

5CVSS6.6AI score0.01041EPSS
Exploits0References2
Cvelist
Cvelistadded 2005/02/13 5:0 a.m.18 views

CVE-2004-1442

Cross-site scripting XSS vulnerability in db2www CGI interpreter in IBM Net.Data 7 and 7.2 allows remote attackers to inject arbitrary web script or HTML via a macro filename, which is not properly handled by error messages such as "DTWP001E."...

5.5AI score0.04252EPSS
Exploits1References9
CVE
CVEadded 2005/02/12 5:0 a.m.43 views

CVE-2004-1411

Gadu-Gadu client (build 155 and earlier) is affected. A remote attacker can cause a denial of service (infinite loop) by sending a message containing an image whose filename does not start with restricted characters. Root cause: insufficient validation of image filename in message handling leads ...

2.6CVSS7AI score0.01333EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2005/02/12 5:0 a.m.19 views

CVE-2004-1411

Gadu-Gadu build 155 and earlier allows remote attackers to cause a denial of service infinite loop via a message that contains an image whose filename does not start with restricted characters...

6.6AI score0.01333EPSS
Exploits0References3
FreeBSD
FreeBSDadded 2005/02/02 12:0 a.m.26 views

enscript -- multiple vulnerabilities

Erik Sjölund discovered several issues in enscript: it suffers from several buffer overflows, quotes and shell escape characters are insufficiently sanitized in filenames, and it supported taking input from an arbitrary command pipe, with unwanted side effects...

7.5CVSS3.5AI score0.04476EPSS
Exploits0References1
RedHat Linux
RedHat Linuxadded 2005/02/01 2:43 p.m.0 views

security flaw

Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames...

7.5CVSS6.2AI score0.04476EPSS
Exploits0References4
OSV
OSVadded 2005/01/27 5:0 a.m.5 views

CVE-2004-0916

Directory traversal vulnerability in cabextract before 1.1 allows remote attackers to overwrite arbitrary files via a cabinet file containing .. dot dot sequences in a filename...

6.5AI score
Exploits0References7
CVE
CVEadded 2005/01/22 5:0 a.m.63 views

CVE-2004-1175

CVE-2004-1175 affects Midnight Commander (mc); the fish protocol handler allows remote code execution via insecure filename quoting, potentially with shell metacharacters. Public advisories (e.g., Debian DSA-639-1, Red Hat RHSA-2005:512, CentOS advisory) describe the issue and list the affected M...

7.5CVSS7.2AI score0.01625EPSS
Exploits0References5Affected Software1
Cvelist
Cvelistadded 2005/01/22 5:0 a.m.25 views

CVE-2004-1175

fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters...

7.2AI score0.01625EPSS
Exploits0References5
Debian CVE
Debian CVEadded 2005/01/22 5:0 a.m.25 views

CVE-2004-1175

fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters...

7.5CVSS7.2AI score0.01625EPSS
Exploits0
UbuntuCve
UbuntuCveadded 2005/01/21 5:0 a.m.27 views

CVE-2004-1185

Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames...

7.5CVSS6.2AI score0.04476EPSS
Exploits0References2
NVD
NVDadded 2005/01/21 5:0 a.m.19 views

CVE-2004-1185

Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames...

7.5CVSS7.8AI score0.04476EPSS
Exploits0References16
OSV
OSVadded 2005/01/21 5:0 a.m.1 views

DEBIAN-CVE-2004-1185

Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames...

7.5CVSS7.5AI score0.04476EPSS
Exploits0References1
OSV
OSVadded 2005/01/21 5:0 a.m.7 views

CVE-2004-1185

Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames...

7.2AI score
Exploits0References17
Gentoo Linux
Gentoo Linuxadded 2005/01/14 12:0 a.m.22 views

tnftp: Arbitrary file overwriting

Background tnftp is a NetBSD FTP client with several advanced features. Description The 'mget' function in cmds.c lacks validation of the filenames that are supplied by the server. Impact An attacker running an FTP server could supply clients with malicious filenames, potentially allowing the...

5CVSS2.9AI score0.00999EPSS
Exploits1
Tenable Nessus
Tenable Nessusadded 2005/01/14 12:0 a.m.32 views

Debian DSA-639-1 : mc - several vulnerabilities

Andrew V. Samoilov has noticed that several bugfixes which were applied to the source by upstream developers of mc, the midnight commander, a file browser and manager, were not backported to the current version of mc that Debian ships in their stable release. The Common Vulnerabilities and...

7.5CVSS5.7AI score0.03103EPSS
Exploits0References11
Rows per page
Query Builder