CVE-2005-2140

Directory traversal vulnerability in default.asp for FSboard 2.0 allows remote attackers to read arbitrary files via ".." sequences in the filename parameter...

CVE-2006-0543

Cerulean Trillian 3.1.0.120 allows remote attackers to cause a denial of service client crash via an AIM message containing the Mac encoded Rich Text Format RTF escape sequences 1 'd1, 2 'd2, 3 'd3, 4 'd4, and 5 'd5. NOTE: the provenance of this information is unknown; the details are obtained...

CVE-2005-4712

CRLF injection vulnerability in processsignup.php in PHP Handicapper allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the login parameter. NOTE: the vendor has disputed CVE-2005-3497, and it is possible that the dispute was intended to include this issue as well...

CVE-2002-2167

Directory traversal vulnerability in functionfoot1.inc.php for Thorsten Korner 123tkShop before 0.3.1 allows remote attackers to read arbitrary files via .. dot dot sequences terminated by a null character in the $designNo variable, which is part of an "include" function call...

CVE-2002-2154

Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4 allows remote attackers to read arbitrary files via .. dot dot sequences...

CVE-2002-2128

editform.php in w-Agora 4.1.5 allows local users to execute arbitrary PHP code via .. dot dot sequences in the file parameter...

CVE-2002-1761

Directory traversal vulnerability in PHProjekt 2.0 through 3.1 allows remote attackers to read arbitrary files via .. dot dot sequences...

CVE-2005-1691

Directory traversal vulnerability in Internet Graphics Server in SAP before 6.40 Patch 11 allows remote attackers to read arbitrary files via ".." sequences in an HTTP GET request...

CVE-2002-1718

Microsoft Internet Information Server IIS 5.1 may allow remote attackers to view the contents of a Frontpage Server Extension FPSE file, as claimed using an HTTP request for colegal.htm that contains .. dot dot sequences...

CVE-2008-3685

Directory traversal vulnerability in awstmxn.exe in the Admin Agent service in the server in EMC Documentum ApplicationXtender Workflow, possibly 5.40 SP1 and earlier, allows remote attackers to upload arbitrary files, and execute arbitrary code, via directory traversal sequences in requests to T...

CVE-2009-3693

Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control XUpload.ocx in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via \.. backwards slash dot dot sequences in the third argument to the MakeHttpRequest method...

CVE-2005-0574

Directory traversal vulnerability in CIS WebServer 3.5.13 allows remote attackers to read arbitrary files via .. dot dot sequences in the URL...

CVE-2000-1229

Directory traversal vulnerability in Phorum 3.0.7 allows remote Phorum administrators to read arbitrary files via ".." dot dot sequences in the default .langfile name field in the Master Settings administrative function, which causes the file to be displayed in admin.php3...

CVE-2006-2105

Directory traversal vulnerability in index.php in Jupiter CMS 1.1.4 and 1.1.5 allows remote attackers to read arbitrary files via ".." sequences terminated by a %00 null character in the n parameter...

CVE-1999-1590

Directory traversal vulnerability in Muhammad A. Muquit wwwcount Count.cgi 2.3 allows remote attackers to read arbitrary GIF files via ".." sequences in the image parameter, a different vulnerability than CVE-1999-0021...

Security Bulletin: IBM Integration Bus for z/OS is vulnerable to Incomplete Cleanup and Improper Encoding or Escaping of Output due to Apache Tomcat (CVE-2025-31650 & CVE-2025-31651)

Summary IBM Integration Bus for z/OS is vulnerable to Incomplete Cleanup and Improper Encoding or Escaping of Output due to Apache Tomcat. Vulnerability Details CVEID:CVE-2025-31650 DESCRIPTION: Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HT...

Improper Neutralization of Escape, Meta, or Control Sequences

Overview Affected versions of this package are vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences via the Hubble CLI terminal output processing. An attacker can manipulate the output to conceal log entries, rewrite output, or make the terminal temporarily unusable by...

K000151397: Apache Tomcat vulnerabilities CVE-2025-31650, CVE-2025-31651

Security Advisory Description CVE-2025-31650 Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger a...

Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2025-1575)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2025-1496)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...