Path traversal

Absolute path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action...

CVE-2012-4878

FlatnuX CMS 2011 08.09.2 is affected by an absolute path traversal in controlcenter.php, allowing remote administrators to read arbitrary files via a full pathname supplied in the dir parameter of a contents/Files action. The underlying issue is a path traversal vulnerability that enables access ...

CVE-2012-2421

Absolute path traversal vulnerability in the intu-help-qb aka Intuit Help System Async Pluggable Protocol handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, might allow remote attackers to read arbitrary files in ZIP archives via a...

Path traversal

Absolute path traversal vulnerability in the intu-help-qb aka Intuit Help System Async Pluggable Protocol handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, might allow remote attackers to read arbitrary files in ZIP archives via a...

CVE-2012-2421

CVE-2012-2421 describes an absolute path traversal vulnerability in the Intuit QuickBooks Help System (HelpAsyncPluggableProtocol.dll) used by the intu-help-qb handlers. Affected products are QuickBooks 2009–2012 when Internet Explorer is used. The issue could allow an attacker to read arbitrary ...

CVE-2012-1790

CVE-2012-1790 affects Webgrind 1.0 and 1.0.2, enabling absolute path traversal via the file parameter to index.php. Exploitation allows reading arbitrary files; multiple sources (NVD, Veracode, PRION, CVE lists) corroborate the path traversal description. No vendor-specific patch/version is provi...

Path traversal

Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter...

CVE-2012-0896

CVE-2012-0896 affects the WordPress Count Per Day plugin, via download.php the f parameter allows absolute path traversal to read arbitrary files. The issue is in Count Per Day

php: file path injection vulnerability in RFC1867 file upload filename

The rfc1867posthandler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request...

Path traversal

Absolute path traversal vulnerability in the web interface on HP StorageWorks P2000 G3 MSA array systems allows remote attackers to read arbitrary files via a pathname in the URI...

CVE-2011-4788

CVE-2011-4788 is an absolute path traversal vulnerability in the web interface of HP StorageWorks P2000 G3 MSA array systems. The issue allows a remote attacker to read arbitrary files by supplying a pathname in the URI. Connected sources confirm impact on HP P2000 G3 MSA devices and identify the...

CVE-2011-4532

Absolute path traversal vulnerability in the ALMListView.ALMListCtrl ActiveX control in almaxcx.dll in the graphical user interface in Siemens Automation License Manager ALM 2.0 through 5.1+SP1+Upd2 allows remote attackers to overwrite arbitrary files via the Save method...

CVE-2011-4675

The pathname canonicalization functionality in io/filesystem/filesystem.cc in Widelands before 15.1 expands leading tilde characters to home-directory pathnames but does not restrict use of these characters in strings received from the network, which might allow remote attackers to conduct absolu...

CVE-2011-4675

The pathname canonicalization functionality in io/filesystem/filesystem.cc in Widelands before 15.1 expands leading tilde characters to home-directory pathnames but does not restrict use of these characters in strings received from the network, which might allow remote attackers to conduct absolu...

Path traversal

The pathname canonicalization functionality in io/filesystem/filesystem.cc in Widelands before 15.1 expands leading tilde characters to home-directory pathnames but does not restrict use of these characters in strings received from the network, which might allow remote attackers to conduct absolu...

Ubuntu Update for php5 USN-1231-1

Ubuntu Update for Linux kernel vulnerabilities USN-1231-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN12311.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for php5 USN-1231-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This...

Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : php5 vulnerabilities (USN-1231-1)

Mateusz Kocielski, Marek Kroemeke and Filip Palian discovered that a stack-based buffer overflow existed in the socketconnect function's handling of long pathnames for AFUNIX sockets. A remote attacker might be able to exploit this to execute arbitrary code; however, the default compiler options...

CVE-2011-0203

Absolute path traversal vulnerability in xftpd in the FTP Server component in Apple Mac OS X before 10.6.8 allows remote attackers to list arbitrary directories by using the root directory as the starting point of a recursive listing...

Path traversal

Absolute path traversal vulnerability in xftpd in the FTP Server component in Apple Mac OS X before 10.6.8 allows remote attackers to list arbitrary directories by using the root directory as the starting point of a recursive listing...

CVE-2011-0203

CVE-2011-0203 describes an absolute path traversal in Apple Mac OS X’s xftpd FTP Server (Mac OS X Server) before 10.6.8. An FTP user could trigger a recursive listing starting from the root, revealing directories not shared for FTP. The vulnerability’s impact is limited to directory listing expos...