237 matches found
DSA-811-2 common-lisp-controller - design error
Bulletin has no description...
CVE-2005-3288
Mailsite Express allows remote attackers to upload and execute files with executable extensions such as ASP by attaching the file using the "compose page" feature, then accessing the file from the cache directory before saving or sending the message...
CVE-2005-3287
Incomplete blacklist vulnerability in Mailsite Express allows remote attackers to upload and possibly execute files via attachments with executable extensions such as ASPX, which are not converted to .TXT like other dangerous extensions, and which can be directly requested from the cache director...
PT-2005-4099 · Ftgate · Mailsite Express
Name of the Vulnerable Software and Affected Versions: Mailsite Express affected versions not specified Description: The issue allows remote attackers to upload and execute files with executable extensions, such as ASP, by utilizing the compose page feature. Attackers can attach the file and then...
CVE-2005-2657
Unknown vulnerability in common-lisp-controller 4.18 and earlier allows local users to gain privileges by compiling arbitrary code in the cache directory, which is executed by another user if the user has not run Common Lisp before...
CVE-2005-2657
Unknown vulnerability in common-lisp-controller 4.18 and earlier allows local users to gain privileges by compiling arbitrary code in the cache directory, which is executed by another user if the user has not run Common Lisp before...
CVE-2005-2657
Unknown vulnerability in common-lisp-controller 4.18 and earlier allows local users to gain privileges by compiling arbitrary code in the cache directory, which is executed by another user if the user has not run Common Lisp before...
CVE-2005-2657
Removed by vendor...
RealPlayer Arbitrary File Deletion Vulnerability (#NISR19012005f)
NGSSoftware Insight Security Research Advisory Name: RealPlayer Arbitrary File Deletion Vulnerability Systems Affected: RealPlayer 10.5 6.0.12.1040 and older Severity: High Vendor URL: http://www.real.com/ Author: John Heasman [email protected] Date of Public Advisory: 19th January 2004 Adviso...
CVE-2003-1028
The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid1000...
CVE-2003-1028
The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid1000...
CVE-2003-1028
CVE-2003-1028 : The vulnerability lies in the download function of Internet Explorer 6 SP1, where an HTTP response with an invalid Content-Type and a .htm file can disclose the cache directory name. This information disclosure could allow remote attackers to bypass security measures that rely on ...
Note for "Invalid ContentType may disclose cache directory"
Note for "Invalid ContentType may disclose cache directory" This vulnerability"Invalid ContentType may disclose cache directory" doesn't work on all systems. "Invalid ContentType may disclose cache directory", at http://www.safecenter.net/UMBRELLAWEBV4/threadid10008/ Please note that execdror6 an...
Invalid ContentType may disclose cache directory
Invalid ContentType may disclose cache directory tested OS:WinXp, CN version Microsoft Internet Explorer v6.Sp1; up-to-date on 2003/11/16 overview The problem lies in the download function of Internet Explorer. This can be exploited by malicious web pages to get cache directory including random...
ibm informix Web Datablade 3.x/4.1 - Directory Traversal
source: https://www.securityfocus.com/bid/3575/info Informix is an enterprise database distributed and maintained by IBM. The Web Datablade Module for Informix SQL is used to provide wbBinaries for storing large binary resources such as images, sounds, etc. The Web Datablade Module for Informix S...
CVE-2001-0610
kfm as included with KDE 1.x can allow a local attacker to gain additional privileges via a symlink attack in the kfm cache directory in /tmp...
CVE-2001-0610
kfm as included with KDE 1.x can allow a local attacker to gain additional privileges via a symlink attack in the kfm cache directory in /tmp...