8905 matches found
NOD32 Antivirus ARJ Archive Filename Handling Overflow
The remote host is running NOD32 Antivirus, from eset. The installed version of NOD32 Antivirus is reportedly prone to a heap-based buffer overflow when processing ARJ archives with long filenames. An attacker may be able to exploit this issue to execute arbitrary code on the remote host. C Tenab...
CVE-2005-2856
Stack-based buffer overflow in the WinACE UNACEV2.DLL third-party compression utility before 2.6.0.0, as used in multiple products including 1 ALZip 5.51 through 6.11, 2 Servant Salamander 2.0 and 2.5 Beta 1, 3 WinHKI 1.66 and 1.67, 4 ExtractNow 3.x, 5 Total Commander 6.53, 6 Anti-Trojan 5.5.421,...
CVE-2005-2102
The AIM/ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service application crash via a filename that contains invalid UTF-8 characters...
CVE-2004-2384
NullSoft Winamp 5.02 allows remote attackers to cause a denial of service crash by creating a file with a long filename, which causes the victim's player to crash when the file is opened from the command line...
gaim -- AIM/ICQ non-UTF-8 filename crash
The GAIM team reports: A remote user could cause Gaim to crash on some systems by sending the Gaim user a file whose filename contains certain invalid characters. It is unknown what combination of systems are affected, but it is suspected that Windows users and systems with older versions of GTK+...
MDaemon 8.0 - Content Filter Directory Traversal
source: https://www.securityfocus.com/bid/14400/info MDaemon server is prone to a directory traversal vulnerability due to improper sanitization of user input. Failure to sanitize the filename and path may result in compromise of the file system outside of the application's quarantine directory...
CVE-2004-2284
The readlistfromfile function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument...
CVE-2004-2255
Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename...
CVE-2005-2195
Apple Darwin Streaming Server 5.5 and earlier allows remote attackers to cause a denial of service application crash via a URL with a filename containing a .cgi extension and an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1, a different vulnerability than CVE-2003-0421 and CVE-2003-0502...
CVE-2002-2047
The file preview functionality in Sketch 0.6.12 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an encapsulated Postscript EPS file...
CVE-2001-1562
Format string vulnerability in nvi before 1.79 allows local users to gain privileges via format string specifiers in a filename...
CVE-2001-1562
Format string vulnerability in nvi before 1.79 allows local users to gain privileges via format string specifiers in a filename...
FreeBSD : portupgrade -- insecure temporary file handling vulnerability (22f00553-a09d-11d9-a788-0001020eed82)
Simon L. Nielsen discovered that portupgrade handles temporary files in an insecure manner. This could allow an unprivileged local attacker to execute arbitrary commands or overwrite arbitrary files with the permissions of the user running portupgrade, typically root, by way of a symlink attack...
CVE-2004-2187
Technical details are not publicly available in the provided documents for CVE-2004-2187; the description remains generic (MediaWiki 1.3.5 and filename validation) with unknown impact vectors. Monitor for updates as more information becomes available.
CVE-2004-2187
Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to "filename validation," has unknown impact and attack vectors...
CVE-2004-2187
Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to "filename validation," has unknown impact and attack vectors...
CVE-2005-2075
PHP-Fusion 5.0 and 6.0 stores the database file with a predictable filename under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the filename in the administration/dbbackups directory in PHP-Fusion 6.0 ...
CVE-2002-1812
Buffer overflow in gdam123 0.933 and 0.942 allows local users to execute arbitrary code via a long filename parameter...
CVE-2002-1692
Buffer overflow in backup utility of Microsoft Windows 95 allows attackers to execute arbitrary code by causing a filename with a long extension to be placed in a folder to be backed up...
CVE-2005-1994
Finjan SurfinGate 7.0SP2 and SP3 allows remote attackers to download blocked files via hex-encoded characters in a filename, as demonstrated using "%2e"...