CVE-2004-0180

The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405...

CVE-2004-0180

The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405...

lha -- numerous vulnerabilities when extracting archives

Source code reviews of lha by Lukasz Wojtow, Thomas Biege, and others uncovered a number of vulnerabilities affecting lha: Buffer overflows when handling archives and filenames. CVE-2004-0694 Possible command execution via shell meta-characters when built with NOMKDIR. CVE-2004-0745 Buffer overfl...

CVE-2004-0180

The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405...

Moderate: Red Hat Security Advisory: : : : Updated CVS packages fix security issue

Updated cvs packages that fix a client vulnerability that could be exploited by a malicious server are now available. Updated Apr 19 2004 The description text has been updated to include CAN-2004-0405 which was also fixed but not mentioned when this advisory was first released. There has been no...

Moderate: Red Hat Security Advisory: cvs security update

Updated cvs packages that fix a client vulnerability that could be exploited by a malicious server are now available. Updated Apr 19 2004 The description text has been updated to include CAN-2004-0405 which was also fixed but not mentioned when this advisory was first released. There has been no...

security flaw

The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405...

CVE-2004-0303

Summary: OWLS 1.0 in OWL's Workshop is vulnerable to a remote file disclosure. An attacker can cause the application to disclose arbitrary files by supplying absolute pathnames through specific parameters: the file parameter in /glossaries/index.php, the filename parameter in /readings/index.php,...

CVE-2003-1327

Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAILADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow wh...

CVE-2003-0628

PeopleSoft Gateway Administration servlet gateway.administration in PeopleTools 8.43 and earlier allows remote attackers to obtain the full pathnames for server-side include SSI files via an HTTP request with an invalid value...

DEBIAN-CVE-2003-0833

Stack-based buffer overflow in webfs before 1.20 allows attackers to execute arbitrary code by creating directories that result in a long pathname...

CVE-2002-1041

Unknown vulnerability in DCE 1 SMIT panels and 2 configuration commands, possibly related to relative pathnames...

CVE-2002-1040

Unknown vulnerability in the WebSecure DFSWeb configuration utilities in AIX 4.x, possibly related to relative pathnames...

CVE-2002-1041

Technical details for CVE-2002-1041 are not publicly provided in the supplied documents; no explicit affected products, versions, impact, or fixes are disclosed here. Monitor authoritative sources for updates.

CVE-2002-1040

The CVE-2002-1040 entry identifies an unknown vulnerability in the WebSecure (DFSWeb) configuration utilities for AIX 4.x, with the potential involvement of relative pathnames. The NVD entry confirms a NETWORK attack vector with LOW complexity and no authentication required, resulting in partial ...

CVE-2002-1041

Unknown vulnerability in DCE 1 SMIT panels and 2 configuration commands, possibly related to relative pathnames...

CVE-2002-0456

Eudora 5.1 and earlier versions stores attachments in a directory with a fixed name, which could make it easier for attackers to exploit vulnerabilities in other software that rely on installing and reading files from directories with known pathnames...

CVE-2001-0759

Buffer overflow in bctool in Jetico BestCrypt 0.8.1 and earlier allows local users to execute arbitrary code via a file or directory with a long pathname, which is processed during an unmount...

CVE-2001-0248

Buffer overflow in FTP server in HPUX 11 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the STAT command, which uses glob to generate long strings...

PT-2001-1478 · Oracle · Solaris

Name of the Vulnerable Software and Affected Versions: Solaris 8 Description: The issue is related to a heap overflow in the FTP daemon, which allows remote attackers to execute arbitrary commands. This is achieved by creating a long pathname and calling the LIST command, which utilizes glob to...