Lucene search
+L

35 matches found

CVE
CVE
added 2007/09/18 10:0 p.m.58 views

CVE-2007-4963

The CVE concerns WinImage 8.10 and earlier, which has a visual truncation vulnerability in filenames inside .IMG or .ISO files. A long sequence of space characters in a destination filename can be used to spoof the target name, and this can be combined with a separate directory traversal vulnerab...

9.3CVSS6.7AI score0.01989EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2007/09/18 10:0 p.m.36 views

CVE-2007-4962

The CVE-2007-4962 entry affects WinImage up to version 8.10. A directory traversal flaw lets an attacker place or overwrite files by crafting a filename containing .. within a .IMG or .ISO image, potentially enabling code execution by writing to a Startup folder. The NVD entry and related records...

9.3CVSS7.3AI score0.05989EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2007/09/18 10:0 p.m.26 views

CVE-2007-4964

WinImage 8.10 and earlier allows remote attackers to cause a denial of service infinite loop via an invalid BPBBytsPerSec field in the header of a .IMG file...

6.6AI score0.0281EPSS
Exploits1References5
Cvelist
Cvelist
added 2007/09/18 10:0 p.m.23 views

CVE-2007-4963

Visual truncation vulnerability in WinImage 8.10 and earlier allows remote attackers to spoof a destination filename via a long sequence of space characters in a filename within a 1 .IMG or 2 .ISO file. NOTE: this can be leveraged with a separate directory traversal vulnerability to trick a caref...

6.7AI score0.01989EPSS
Exploits0References4
Cvelist
Cvelist
added 2007/09/18 10:0 p.m.24 views

CVE-2007-4962

Directory traversal vulnerability in WinImage 8.10 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a .. dot dot in a filename within a 1 .IMG or 2 .ISO file. NOTE: this can be leveraged for code execution by writing to a Startup folder...

7.3AI score0.05989EPSS
Exploits1References6
Packet Storm
Packet Storm
added 2007/09/18 12:0 a.m.31 views

winimage-traverse.txt

Team Vexillium Security Advisory http://vexillium.org/ Name : WinImage 8.10 Multiple Vulnerabilities Class : Denial of Service and Directory Traversal Threat level : LOW DoS, MED Dir. traversal vuln Discovered : 2007-08-31 Published : 2007-09-15 Credit : j00ru//vx Vulnerable : WinImage 8.10,...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2007/09/18 12:0 a.m.12 views

WinImage映象文件拒绝服务和目录遍历漏洞

WinImage是一款可将文件或是文件夹制成镜像文件的程序。 WinImage不正确处理映象数据,远程攻击者可以利用漏洞对应用程序进行拒绝服务和目录遍历攻击。 问题一是FAT映象处理函数中存在问题,特殊构建一个特定的头字段修改过的.img文件,可导致进入无限循环而造成拒绝服务攻击。 问题二是.img和.iso映象文件处理不正确检查包含".."字符的文件名和目录名,可导致在文件展开时绕过目录限制,覆盖或建立任意文件。 WinImage WinImage 8.10 WinImage WinImage 8.0 目前没有解决方案提供:...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2007/09/17 12:0 a.m.14 views

WinImage 8.08.10 - .IMG File BPB_BytsPerSec Field Denial of Service

WinImage 8.08.10 - .IMG File BPBBytsPerSec Field Denial of Service source: https://www.securityfocus.com/bid/25687/info WinImage is prone to a denial-of-service vulnerability and a directory-traversal vulnerability because the application fails to adequately sanitize user-supplied input. Attacker...

7.3AI score
Exploits0
exploitpack
exploitpack
added 2007/09/17 12:0 a.m.9 views

WinImage 8.08.10 - File Handling Traversal Arbitrary File Overwrite

WinImage 8.08.10 - File Handling Traversal Arbitrary File Overwrite source: https://www.securityfocus.com/bid/25687/info WinImage is prone to a denial-of-service vulnerability and a directory-traversal vulnerability because the application fails to adequately sanitize user-supplied input. Attacke...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2007/09/17 12:0 a.m.22 views

WinImage 8.0/8.10 - '.IMG' File BPB_BytsPerSec Field Denial of Service

source: https://www.securityfocus.com/bid/25687/info WinImage is prone to a denial-of-service vulnerability and a directory-traversal vulnerability because the application fails to adequately sanitize user-supplied input. Attackers can exploit these issues to cause a denial of service or to write...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2007/09/17 12:0 a.m.19 views

WinImage 8.0/8.10 - File Handling Traversal Arbitrary File Overwrite

source: https://www.securityfocus.com/bid/25687/info WinImage is prone to a denial-of-service vulnerability and a directory-traversal vulnerability because the application fails to adequately sanitize user-supplied input. Attackers can exploit these issues to cause a denial of service or to write...

7AI score
Exploits0
Prion
Prion
added 2007/05/18 10:30 p.m.16 views

Heap overflow

Multiple buffer overflows in WinImage 8.0.8000 allow user-assisted remote attackers to execute arbitrary code via a FAT image that contains long directory names in a deeply nested directory structure, which triggers 1 a stack-based buffer overflow during extraction, or 2 a heap-based buffer...

9.3CVSS8.6AI score0.05724EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2007/05/18 10:30 p.m.16 views

CVE-2007-2758

Multiple buffer overflows in WinImage 8.0.8000 allow user-assisted remote attackers to execute arbitrary code via a FAT image that contains long directory names in a deeply nested directory structure, which triggers 1 a stack-based buffer overflow during extraction, or 2 a heap-based buffer...

9.3CVSS8AI score0.05724EPSS
Exploits0References8
CVE
CVE
added 2007/05/18 10:0 p.m.52 views

CVE-2007-2758

WinImage 8.0.8000 contains multiple buffer overflows that can be triggered by a FAT image with long directory names in deeply nested structures. The vulnerabilities can lead to user‑assisted remote code execution via (1) a stack‑based overflow during extraction or (2) a heap‑based overflow during...

9.3CVSS8AI score0.05724EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2007/05/18 10:0 p.m.19 views

CVE-2007-2758

Multiple buffer overflows in WinImage 8.0.8000 allow user-assisted remote attackers to execute arbitrary code via a FAT image that contains long directory names in a deeply nested directory structure, which triggers 1 a stack-based buffer overflow during extraction, or 2 a heap-based buffer...

8AI score0.05724EPSS
Exploits0References8
Rows per page
Query Builder