164 matches found
ISAA-2006-001.txt
============================================= INTERNET SECURITY AUDITORS ALERT 2006-001 - Original release date: January 09, 2006 - Last revised: January 13, 2006 - Discovered by: Jesus Olmos Gonzalez - Severity: 4/5 ============================================= I. VULNERABILITY...
[ISecAuditors Advisories] Arbitrary remote file creation in 123flashchat server
============================================= INTERNET SECURITY AUDITORS ALERT 2006-001 - Original release date: January 09, 2006 - Last revised: January 13, 2006 - Discovered by: Jesus Olmos Gonzalez - Severity: 4/5 ============================================= I. VULNERABILITY...
CVE-2005-1874
CVE-2005-1874 describes a directory-traversal vulnerability in the Dzip tool prior to version 2.9, allowing remote attackers to create arbitrary files by supplying a filename containing a “..” in a .dz archive. The issue affects Dzip’s archive extraction logic and could enable arbitrary file writ...
CVE-2004-1673
accountsettingsadd.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allow remote attackers to create text files with arbitrary content via the accountid parameter...
CVE-2004-1679
Directory traversal vulnerability in TwinFTP 1.0.3 R2 allows remote attackers to create arbitrary files via a .../ triple dot in the 1 CWD, 2 STOR, or 3 RETR commands...
CVE-2005-0331
Directory traversal vulnerability in WinRAR 3.42 and earlier, when the user clicks on the ZIP file to extract it, allows remote attackers to create arbitrary files via a ... triple dot in the filename of the ZIP file...
CVE-2004-1673
accountsettingsadd.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allow remote attackers to create text files with arbitrary content via the accountid parameter...
Debian DSA-065-1 : samba - remote file append/creation
Michal Zalewski discovered that Samba does not properly validate NetBIOS names from remote machines. By itself that is not a problem, except if Samba is configured to write log-files to a file that includes the NetBIOS name of the remote side by using the %m' macro in the log file' command. In th...
CVE-2002-1425
CVE-2002-1425 describes a directory traversal vulnerability in the munpack utility (part of mpack) versions 1.5 and earlier. The issue allows remote attackers to create new files in the parent directory by supplying a filename containing a ../ sequence during extraction. Debian DSAs and OpenVAS e...
CVE-2002-1425
Directory traversal vulnerability in munpack in mpack 1.5 and earlier allows remote attackers to create new files in the parent directory via a ../ dot-dot sequence in the filename to be extracted...
CVE-2002-1425
Directory traversal vulnerability in munpack in mpack 1.5 and earlier allows remote attackers to create new files in the parent directory via a ../ dot-dot sequence in the filename to be extracted...
SuSE-SA:2003:014: kdelibs/kdelibs3
The remote host is missing the patch for the advisory SuSE-SA:2003:014 kdelibs/kdelibs3. The kdelibs3 kdelibs for SLES7 based products package is a core package for the K desktop environment KDE. The URI handler of the kdelibs3 and kdelibs class library contains a flaw which allows remote attacke...
Fedora Core 1 : cvs-1.11.15-1 (2004-110)
The client for CVS before 1.11.15 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates. Updated packages were made available in April 2004 however the original update notification email did not make it ...
CVE-2004-0180
The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405...
CVE-2004-0180
The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405...
[Full-Disclosure] iDEFENSE Security Advisory 05.12.04: Opera Telnet URI Handler File Creation/Truncation Vulnerability
Opera Telnet URI Handler File Creation/Truncation Vulnerability iDEFENSE Security Advisory 05.12.04 www.idefense.com/application/poi/display?id=104&type=vulnerabilities May 12, 2004 I. BACKGROUND Opera is a cross-platform web browser. More information is available from http://www.opera.com/ II...
CVE-2002-1422
admbrowse.php in FUDforum before 2.2.0 allows remote attackers to create or delete files via URL-encoded pathnames in the cur and dest parameters...
DEBIAN-CVE-2002-1425
Directory traversal vulnerability in munpack in mpack 1.5 and earlier allows remote attackers to create new files in the parent directory via a ../ dot-dot sequence in the filename to be extracted...
CVE-2002-1716
The Host function in the Microsoft spreadsheet component on Microsoft Office XP allows remote attackers to create arbitrary files using the SaveAs capability...
PT-2002-2438 · Microsoft · Office Xp
Name of the Vulnerable Software and Affected Versions: Microsoft Office XP Description: The issue concerns the Host function in the Microsoft spreadsheet component, which allows remote attackers to create arbitrary files using the SaveAs capability. Recommendations: For Microsoft Office XP,...