[Forgot Password]
Login  Register Subscribe

23631

 
 

115083

 
 

97389

 
 

909

 
 

78730

 
 

109

 
 
Paid content will be excluded from the download.

Filter
Matches : 909 Download | Alert*

The software, when opening a file or directory, does not sufficiently handle when the file is a Windows shortcut (.LNK) whose target is outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.

The software, when opening a file or directory, does not sufficiently handle when the name is associated with a hard link to a target that is outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.

The product does not handle or incorrectly handles a file name that identifies a "virtual" resource that is not directly specified within the directory that is associated with the file name, causing the product to perform file-based operations on a resource that is not a file.

The software constructs pathnames from user input, but it does not handle or incorrectly handles a pathname containing a Windows device name such as AUX or CON. This typically leads to denial of service or an information exposure when the application attempts to process the pathname as a regular file.

The software does not properly prevent access to, or detect usage of, alternate data streams (ADS).

Software operating in a MAC OS environment, where .DS_Store is in effect, must carefully manage hard links, otherwise an attacker may be able to leverage a hard link from .DS_Store to overwrite arbitrary files and gain privileges.

The software does not properly handle special paths that may identify the data or resource fork of a file on the HFS+ file system.

The software allows user input to control or influence paths or file names that are used in filesystem operations.

The software does not adequately filter user-controlled input for special elements with control implications.

The software properly neutralizes certain special elements, but it improperly neutralizes equivalent special elements.


Pages:      Start    6    7    8    9    10    11    12    13    14    15    16    17    18    19    ..   90

© 2013 SecPod Technologies