DEBIAN-CVE-2006-4675

Unrestricted file upload vulnerability in lib/exe/media.php in DokuWiki before 2006-03-09c allows remote attackers to upload executable files into the data/media folder via unspecified vectors...

CVE-2006-4675

The CVE-2006-4675 entry corresponds to an Unrestricted file upload vulnerability in DokuWiki (lib/exe/media.php) prior to 2006-03-09c, allowing remote attackers to upload executable files into the data/media folder via unspecified vectors. Several connected sources (NVD, OSV, Gentoo GLSA, FreeBSD...

CVE-2006-4675

Unrestricted file upload vulnerability in lib/exe/media.php in DokuWiki before 2006-03-09c allows remote attackers to upload executable files into the data/media folder via unspecified vectors...

CVE-2006-4617

Unrestricted file upload vulnerability in fileupload.html in vtiger CRM 4.2.4, and possibly earlier versions, allows remote attackers to upload and execute arbitrary files with executable extensions in the /cashe/mails folder...

twiki -- multiple file extensions file upload vulnerability

A TWiki Security Alert reports: The TWiki upload filter already prevents executable scripts such as .php, .php1, .phps, .pl from potentially getting executed by appending a .txt suffix to the uploaded filename. However, PHP and some other types allows additional file suffixes, such as .php.en,...

IIS Unicode Directory Traversal

Added: 07/03/2006 CVE: CVE-2000-0884 BID: 1806 OSVDB: 436 Background Microsoft IIS is a web server for Windows platforms. Problem Microsoft IIS 4.0 and 5.0 allow path validation checks to be bypassed by encoding invalid characters in Unicode. For example, a slash character is represented as %c0%a...

Multiple Firebird vulnerabilities

Few executable files are installed suid firebird, one of them has buffer overflow...

clamav -- possible heap overflow in the UPX code

The Zero Day Initiative reports: This vulnerability allows remote attackers to execute arbitrary code on vulnerable Clam AntiVirus installations. Authentication is not required to exploit this vulnerability. This specific flaw exists within libclamav/upx.c during the unpacking of executable files...

CVE-2005-3288

Mailsite Express is affected by CVE-2005-3288. Remote attackers can upload and execute files with executable extensions (e.g., ASP) by attaching the file via the compose page and then accessing it from the cache directory before saving or sending the message. The vulnerability is documented acros...

CVE-2005-3291

Removed by vendor...

Adobe Version Cue multiple vulnerabilities

Executable files are writable. It's possible to attach user's library to suid executable. Symbolic links problem...

DSX Raritan Console Servers weak permissions

Executable files are writable by unprivileged users...

SilverCity: Insecure file permissions

Background SilverCity provides lexical analysis for over 20 programming and markup languages. Description The SilverCity package installs three executable files with insecure permissions. Impact A local attacker could modify the executable files, causing arbitrary code to be executed with the...

CVE-2005-0230

Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execute arbitrary commands via malformed GIF files...

PT-2005-2067 · Phpbb · Phpbb

Name of the Vulnerable Software and Affected Versions: phpBB versions 2.0.x Description: The issue concerns a file upload script, specifically the mod for phpBB, which fails to properly restrict the types of files that can be uploaded. This allows remote authenticated users to execute arbitrary...

Insecure file permissions in the Firefox browser for Linux >= v0.9

after installing firefox many of the permissions are set to 777, allowing anyone on the system to change the contents of the executable files. this first occured in the 0.9 release in the tar.gz release as well as in the installer. the problem or is it called a feature now? still exists in the...

Mozilla Firefox weak permissions

Weak permissions for executable files...

Gadu-Gadu 6.0 - File Download Filename Obfuscation

Gadu-Gadu 6.0 - File Download Filename Obfuscation source: https://www.securityfocus.com/bid/11017/info Gadu-Gadu is a Polish instant messaging application for Microsoft Windows operating systems. It is reported that the Gadu-Gadu instant messenger application contains a weakness allowing attacke...

Symantec Norton AntiVirus 2002 - Nested File Manual Scan Bypass

Symantec Norton AntiVirus 2002 - Nested File Manual Scan Bypass source: https://www.securityfocus.com/bid/10164/info A vulnerability has been reported in Symantec Norton AntiVirus 2002 that may potentially cause deeply nested files with specific names to bypass manual scanning. This could permit...

Caché weak permissions

Weak permissions for executable files and directories...