Searching path names software vulnerabilities

Eudora 4.1 allows remote attackers to perform a

attachments | attackers | perform | sending | service | denial | Eudora | allows | remote | names | file | long |

Eudora 4.1 allows remote attackers to perform a denial of service by sending attachments with long file names.


Buffer overflow in Linux autofs module through

directory | overflow | perform | through | service | allows | denial | Buffer | module | autofs | Linux | users | names | local | long |

Buffer overflow in Linux autofs module through long directory names allows local users to perform a denial of service.


Tnef program in Linux systems allows remote att

decompressed | attachments | compressed | attackers | overwrite | arbitrary | absolute | encoded | systems | specify | program | allows | remote | output | names | Linux | files | which | Tnef | path | via |

Tnef program in Linux systems allows remote attackers to overwrite arbitrary files via TNEF encoded compressed attachments which specify absolute path names for the decompressed output.


Netware Enterprise Web Server 5.1 running Group

Enterprise | WebAccess | GroupWise | Directory | Services | Netware | running | Novell | Server | Web |

Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with Novell Directory Services (NDS) enabled allows remote attackers to enumerate user names, group names and other system information by accessing ndsobj.nlm.


vWebServer 1.2.0 allows remote attackers to cau

vWebServer |

vWebServer 1.2.0 allows remote attackers to cause a denial of service via a URL that contains MS-DOS device names.


Vulnerability in autodns.pl for AutoDNS before

Vulnerability | autodnspl | AutoDNS | before |

Vulnerability in autodns.pl for AutoDNS before 0.0.4 related to domain names that are not fully qualified.


Jigsaw 2.2.1 on Windows systems allows remote a

Jigsaw |

Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS device names in HTTP requests to (1) cause a denial of service using the "con" device, or (2) obtain the physical path of the server using two requests to the "aux" device.


Caucho Technology Resin server 2.1.1 to 2.1.2 a

Technology | server | Caucho | Resin |

Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers to obtain server's root path via requests for MS-DOS device names such as lpt9.xtp.


CesarFTP 0.99g stores user names and passwords

settingsini | privileges | passwords | plaintext | CesarFTP | stores | could | local | allow | which | names | users | gain | 099g | user | file |

CesarFTP 0.99g stores user names and passwords in plaintext in the settings.ini file, which could allow local users to gain privileges.


index.php for Zorum 3.4 allows remote attackers

determine | attackers | parameter | indexphp | invalid | reveals | message | allows | remote | Zorum | names | error | which | path | root | full | PHP | via | web |

index.php for Zorum 3.4 allows remote attackers to determine the full path of the web root via invalid parameter names, which reveals the path in a PHP error message.


IBM Net.Data allows remote attackers to obtain

information | attackers | sensitive | passwords | possibly | causing | NetData | remote | server | allows | obtain | names | user | such | path | IBM |

IBM Net.Data allows remote attackers to obtain sensitive information such as path names, server names and possibly user names and passwords by causing the (1) $(DTW_CURRENT_FILENAME), (2) $(DATABASE), (3) $(LOGIN), (4) $(PASSWORD), and possibly other predefined variables that can be echoed back to the user via a web form.


Utempter allows device names that contain .. (d

Utempter | contain | device | allows | names |

Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.


Nettica Corporation INTELLIPEER Email Server 1.

INTELLIPEER | Corporation | Nettica | Server | Email |

Nettica Corporation INTELLIPEER Email Server 1.01 displays different error messages for valid and invalid account names, which allows remote attackers to determine valid account names.


Certain Perl scripts in Konversation 0.15 allow

Konversation | scripts | Certain | Perl |

Certain Perl scripts in Konversation 0.15 allow remote attackers to execute arbitrary commands via shell metacharacters in (1) channel names or (2) song names that are not properly quoted when the user runs IRC sripts.


Unknown vulnerability in "the function used to

vulnerability | Serendipity | path-names | uploading | function | validate | Unknown | impact | before | media" | used | "the | has |

Unknown vulnerability in "the function used to validate path-names for uploading media" in Serendipity before 0.8 has unknown impact.


Multiple directory traversal vulnerabilities in

vulnerabilities | FarsiNews | attackers | directory | traversal | Multiple | earlier | remote | allows |

Multiple directory traversal vulnerabilities in FarsiNews 2.5 and earlier allows remote attackers to (1) read arbitrary files or trigger an error message path disclosure via ".." or invalid names in the archive parameter to index.php, or (2) include arbitrary files via the template parameter to show_archives.php.


Heap-based buffer overflow in BOM BOMArchiveHel

BOMArchiveHelper | Heap-based | overflow | buffer | BOM |

Heap-based buffer overflow in BOM BOMArchiveHelper 10.4 (6.3) Build 312, as used in Mac OS X 10.4.6 and earlier, allows user-assisted attackers to execute arbitrary code via a crafted archive (such as ZIP) that contains long path names, which triggers an error in the BOMStackPop function.


client/cl_parse.c in the id3 Quake 3 Engine 1.3

client/cl_parsec | Icculus | Engine | Quake | 132c | id3 |

client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and earlier allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as cl_allowdownload for Automatic Downloading and fs_homepath for the quake3 path, via a string of cvar names and values sent from the server. NOTE: this can be combined with another vulnerability to overwrite arbitrary files.


The file manager in AlternC 0.9.5 and earlier,

AlternC | manager | file |

The file manager in AlternC 0.9.5 and earlier, when warnings are enabled in PHP, allows remote attackers to obtain sensitive information via certain folder names such as ones composed of JavaScript code, which reveal the path in a warning message.


slocate 3.1 does not properly manage database e

directories | protected | properly | database | entries | specify | slocate | private | allows | manage | obtain | users | local | names | files | which | does | not |

slocate 3.1 does not properly manage database entries that specify names of files in protected directories, which allows local users to obtain the names of private files. NOTE: another researcher reports that the issue is not present in slocate 2.7.


Software vulnerabilities results 1 to 20 of 1605     
Page: 12345...81