spaces software vulnerabilities
vulnerabilities.aspcode.net
Searching spaces software vulnerabilities
Win32 ICQ 98a 1.30, and possibly other versions
Win32
|
98a
|
ICQ
|
Win32 ICQ 98a 1.30, and possibly other versions, does not display the entire portion of long filenames, which could allow attackers to send an executable file with a long name that contains so many spaces that the .exe extension is not displayed, which could make the user believe that the file is safe to open from the client.
aaa_base in SuSE Linux 6.3, and cron.daily in e
incorrectly
|
interpreted
|
arbitrary
|
crondaily
|
directory
|
creating
|
versions
|
aaa_base
|
earlier
|
include
|
expired
|
deletes
|
delete
|
spaces
|
allow
|
local
|
users
|
Linux
|
files
|
whose
|
which
|
names
|
/tmp
|
then
|
SuSE
|
aaa_base in SuSE Linux 6.3, and cron.daily in earlier versions, allow local users to delete arbitrary files by creating files whose names include spaces, which are then incorrectly interpreted by aaa_base when it deletes expired files from the /tmp directory.
The BAT! mail client allows remote attackers to
misrepresent
|
attachment's
|
attachment
|
executable
|
arbitrary
|
attackers
|
different
|
contains
|
commands
|
warnings
|
execute
|
spaces
|
causes
|
client
|
allows
|
bypass
|
remote
|
which
|
whose
|
type
|
mail
|
icon
|
also
|
file
|
user
|
many
|
name
|
BAT
|
via
|
The BAT! mail client allows remote attackers to bypass user warnings of an executable attachment and execute arbitrary commands via an attachment whose file name contains many spaces, which also causes the BAT! to misrepresent the attachment's type with a different icon.
Lotus Domino server 5.0.9a and earlier allows r
restrictions
|
sensitive
|
attackers
|
security
|
possibly
|
template
|
database
|
earlier
|
bypass
|
server
|
Domino
|
remote
|
allows
|
files
|
Lotus
|
Notes
|
view
|
509a
|
Lotus Domino server 5.0.9a and earlier allows remote attackers to bypass security restrictions and view Notes database files and possibly sensitive Notes template files (.ntf) via an HTTP request with a large number of "+" characters before the .nsf file extension, which are converted to spaces by Domino.
Microsoft MSN Messenger Service 1.0 through 4.6
Messenger
|
attackers
|
Microsoft
|
through
|
Service
|
denial
|
remote
|
allows
|
cause
|
MSN
|
Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via an invite request that contains hex-encoded spaces (%20) in the Invitation-Cookie field.
Heap-based buffer overflow in smtp_in.c for Exi
Heap-based
|
smtp_inc
|
overflow
|
buffer
|
Exim
|
Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.
Opera 7.50 and earlier allows remote web sites
Opera
|
Opera 7.50 and earlier allows remote web sites to provide a "Shortcut Icon" (favicon) that is wider than expected, which could allow the web sites to spoof a trusted domain and facilitate phishing attacks using a wide icon and extra spaces.
Opera 7.54 and earlier allows remote attackers
Opera
|
Opera 7.54 and earlier allows remote attackers to spoof file types in the download dialog via dots and non-breaking spaces (ASCII character code 160) in the (1) Content-Disposition or (2) Content-Type headers.
Red-M Red-Alert 2.7.5 with software 3.1 build 2
Red-Alert
|
Red-M
|
Red-M Red-Alert 2.7.5 with software 3.1 build 24 converts multiple spaces in a Service Set Identifier (SSID) to a single space, which prevents Red-Alert from correctly identifying the SSID.
Visual truncation vulnerability in Gadu-Gadu al
vulnerability
|
transmitted
|
truncation
|
displayed
|
attackers
|
Gadu-Gadu
|
extension
|
followed
|
filename
|
number
|
spaces
|
allows
|
Visual
|
remote
|
dialog
|
which
|
files
|
spoof
|
large
|
file
|
real
|
box
|
via
|
not
|
Visual truncation vulnerability in Gadu-Gadu allows remote attackers to spoof the file extension on transmitted files via a filename with a large number of spaces followed by the real extension, which is not displayed in the dialog box.
Eudora 6.1.0.6 allows remote attackers to obfus
Eudora
|
Eudora 6.1.0.6 allows remote attackers to obfuscate URLs displayed in the status bar by inserting a large number of characters (e.g. spaces coded as " ") in the middle of the URL.
Yahoo! Messenger 6.0.0.1750, and possibly other
Messenger
|
Yahoo
|
Yahoo! Messenger 6.0.0.1750, and possibly other versions before 6.0.0.1921, does not properly display long filenames in file dialog boxes, which could allow remote attackers to trick users into downloading and executing programs via file names containing a large number of spaces and multiple file extensions.
Heap-based buffer overflow in Firefox before 1.
Heap-based
|
overflow
|
Firefox
|
before
|
buffer
|
Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag.
Internet Explorer 6.0, and possibly other versi
XMLHttpRequest
|
attackers
|
intended
|
security
|
versions
|
Explorer
|
Internet
|
requests
|
possibly
|
outside
|
calling
|
object
|
domain
|
bypass
|
remote
|
allows
|
policy
|
origin
|
other
|
make
|
same
|
open
|
Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks.
scp in OpenSSH 4.2p1 allows attackers to execut
metacharacters
|
attackers
|
arbitrary
|
filenames
|
expanded
|
commands
|
OpenSSH
|
contain
|
execute
|
spaces
|
allows
|
which
|
twice
|
shell
|
42p1
|
scp
|
via
|
scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.
GUI display truncation vulnerability in Mozilla
vulnerability
|
Thunderbird
|
truncation
|
Mozilla
|
display
|
GUI
|
GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-assisted attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an inconsistent Content-Type header, which could be used to trick a user into downloading dangerous content by dragging or saving the attachment.
The RtlDosPathNameToNtPathName_U API function i
RtlDosPathNameToNtPathName_U
|
Microsoft
|
NTDLLDLL
|
function
|
Windows
|
API
|
The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software.
Argument injection vulnerability in WinSCP 3.8.
vulnerability
|
injection
|
Argument
|
WinSCP
|
Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or download arbitrary files via encoded spaces and double-quote characters in a scp or sftp URI.
Visual truncation vulnerability in Microsoft In
vulnerability
|
non-breaking
|
containing
|
truncation
|
malicious
|
attackers
|
Microsoft
|
possibly
|
phishing
|
Internet
|
Explorer
|
conduct
|
attacks
|
address
|
allows
|
Visual
|
spaces
|
remote
|
spoof
|
bar
|
URL
|
via
|
Visual truncation vulnerability in Microsoft Internet Explorer 7 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a malicious URL containing non-breaking spaces (%A0), which causes the address bar to omit some characters from the URL.
rcp on Sun Solaris 8, 9, and 10 before 20070710
Solaris
|
before
|
rcp
|
Sun
|
rcp on Sun Solaris 8, 9, and 10 before Tuesday, July 10, 2007 does not properly call certain helper applications, which allows local users to gain privileges by creating files with certain names, possibly containing shell metacharacters or spaces, a similar issue to CVE-2006-0225.
Software vulnerabilities results 1 to 20 of 22
Page:
1
2
►