CVE-2006-1736

Technical details (affected product/version/root cause/impact) are not publicly provided in the connected documents. Monitor for updates.

CVE-2005-4526

Clearswift MIMEsweeper For Web a.k.a. WEBsweeper 4.0 through 5.1 allows remote attackers to bypass filtering via a URL that does not include a .exe extension but returns an executable file...

CVE-2005-4526

Clearswift MIMEsweeper For Web a.k.a. WEBsweeper 4.0 through 5.1 allows remote attackers to bypass filtering via a URL that does not include a .exe extension but returns an executable file...

CVE-2005-4526

CVE-2005-4526 affects Clearswift MIMEsweeper For Web (WEBsweeper) versions 4.0–5.1. The vulnerability allows remote attackers to bypass content filtering by using a URL that does not contain a ".exe" extension but returns an executable file. The connected PT-Security entry notes the affected vers...

CVE-2005-3400

Multiple interpretation error in Fortinet 2.48.0.0 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a...

CVE-2005-3380

CVE-2005-3380 affects Panda Titanium 2005 4.02.01. A multiple interpretation error lets a file such as BAT, HTML, or EML containing an MZ magic byte sequence (normally associated with EXE) be treated as a safe type, yet could still be executed as a dangerous file type by end-system applications. ...

Web Trojan of conventional production methods-vulnerability warning-the black bar safety net

Today in the morning just to school, you have a classmate said to me his QQ is others stolen! （This terrible? Bully to my buddy to head to La.） I then said to him:“rest assured., I'm sure to give you back!” In fact, my heart also not the end, the other when I can steal OICQ, then how much will a...

Low: Red Hat Security Advisory: gdb security update

An updated gdb package that fixes minor security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. GDB, the GNU debugger, allows debugging of programs written in C, C++, and other languages by executing them in a controlled...

CVE-2004-2289

Microsoft Windows XP Explorer allows local users to execute arbitrary code via a system folder with a Desktop.ini file containing a .ShellClassInfo specifier with a CLSID value that is associated with an executable file...

Yaws Webserver source code leak

00 at the end of executable file allows to see it's content...

TFTP Backdoor Detection

A TFTP server is running on this port. However, while trying to fetch a random file, we got an executable file. Many worms are known to propagate through TFTP. This is probably a backdoor. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid18263; scriptversion "$Revision:...

DoKuWiki file-upload vulnerabilities

ADZ Security Team =================== Info Program: DoKuWiki Version: 2005-02-18 Module: media.php Bug type: File Upload bug Vendor site: http://wiki.splitbrain.org/ Vendor Informed: Yes =================== Bug Info Remote user with file-upload privileges can upload anyone file with any...

Apple Mac OSX 10.3.8 - CF_CHARSET_PATH Local Buffer Overflow Local Privilege Escalation

Apple Mac OSX 10.3.8 - CFCHARSETPATH Local Buffer Overflow Local Privilege Escalation / MacOS XCFCHARSETPATH: local root exploit. by: [email protected] fakehalo/realhalo found by: iDefense anon finder saw the advisory on bugtraq and figured i'd slap this together, so simple i had to. exploits via th...

Download dialog spoofing using Content-Disposition header — Mozilla

Andreas Sandblad of Secunia Research demonstrated a method to spoof the download dialog for saving files by supplying a Content-Disposition header with a different extension than the extension visible in the link and download dialog. Users could be tricked into downloading a safe-looking file suc...

CVE-2005-0230

Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execute arbitrary commands via malformed GIF files...

CVE-2004-2700

Unrestricted file upload vulnerability in AspDotNetStorefront 3.3 allows remote authenticated administrators to upload arbitrary files with executable extensions via admin/images.aspx...

Microsoft Internet Explorer execCommand() method SaveAs command uses misleading "Save HTML Document" dialog

Overview Microsoft Internet Explorer contains a vulnerability in the way that it presents a Save As dialog. By invoking the SaveAs command with execCommand, an attacker could display a dialog that could trick a user into saving arbitrary content. Description Microsoft Internet Explorer IE support...

Linux Kernel (<= 2.4.27 , 2.6.8) binfmt_elf Executable File Read Exploit

Exploit for linux platform in category local exploits ======================================================================== Linux Kernel include include include include include include include include define BADNAME "/tmp/elfdump" void usagechar s printf"\nUsage: %s executable\n\n", s; exit0; ...

Linux Kernel 2.4.27/2.6.8 - &#039;binfmt_elf&#039; Executable File Read

/ binfmtelf executable file read vulnerability gcc -O3 -fomit-frame-pointer elfdump.c -o elfdump Copyright c 2004 iSEC Security Research. All Rights Reserved. THIS PROGRAM IS FOR EDUCATIONAL PURPOSES ONLY IT IS PROVIDED "AS IS" AND WITHOUT ANY WARRANTY. COPYING, PRINTING, DISTRIBUTION, MODIFICATI...

Linux Kernel (&lt;= 2.4.27 2.6.8) binfmt_elf Executable File Read Exploit

No description provided by source. / binfmtelf executable file read vulnerability gcc -O3 -fomit-frame-pointer elfdump.c -o elfdump Copyright c 2004 iSEC Security Research. All Rights Reserved. THIS PROGRAM IS FOR EDUCATIONAL PURPOSES ONLY IT IS PROVIDED "AS IS" AND WITHOUT ANY WARRANTY. COPYING,...