CVE-2006-6384

CVE-2006-6384 affects the aBitWhizzy web application component abitwhizzy.php, prior to version 20061204. The vulnerability is an absolute path traversal in the Filename field (f parameter) that allows remote attackers to read arbitrary files. The issue is a variant of CVE-2006-6084. Related entr...

CVE-2006-5971

CVE-2006-5971 describes an absolute path traversal vulnerability in Verity Ultraseek (admin/logfile.txt) prior to version 5.6.2. An attacker could read arbitrary files by supplying a crafted name variable, enabling partial confidentiality impact. The issue is rooted in improper validation of file...

IBM AIX UMOUNTALL命令绝对路径漏洞

IBM AIX是一款商业性质的UNIX操作系统。 IBM AIX的umountall命令在处理绝对路径时存在安全漏洞。 目前更多信息不详。 IBM AIX 5.3 IBM AIX 5.2 IBM AIX 5.1 厂商补丁： IBM --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： IBM APAR IY79485 http://www-1.ibm.com/support/docview.wss?uid=isg1IY79485 IBM APAR IY75283...

动网(DVBBS)存在泄露绝对路径漏洞

问题出在DvClsMain.asp的44行： CacheName = LcaseReplaceReplaceReplaceServer.MapPath"index.asp","index.asp","",":","","\\\\","" 和46行: Forumsn = ReplaceCacheName,"","" 这里把web绝对路径放进Forumsn，在以cookie的形式返回给客户，导致web绝对路径泄漏。 DVBBS 7.1.0 更新最新补丁。...

P-News 1.16 - Remote File Inclusion

============================================ P-News 1.16, 1.17 Remote File Inclusion Vulnerability ============================================ Discovered by vegas78 - feel82atweb.de ============================================ Greetz: scoper, corny, smaesch0r, Sascha Schmalz, ReFleCtion, BleX,...

PT-2006-5738 · Joomla · Bsq Sitestats

Name of the Vulnerable Software and Affected Versions: BSQ Sitestats bsq sitestats versions prior to 2.1.1 for Joomla! Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig absolute path parameter. This can be exploited by sending a malicious URL ...

PT-2006-5349 · Joomla +1 · Joomla! +1

Name of the Vulnerable Software and Affected Versions: Mambo and Joomla Description: A remote file inclusion issue allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig absolute path parameter in the JIM component. Recommendations: For Mambo and Joomla, as a temporary...

CVE-2006-4369

CVE-2006-4369 affects IntegraMOD Portal 2.x and earlier. The vulnerability resides in the PHP file includes/functions_portal.php and is exploitable when magic_quotes_gpc is disabled . An attacker can perform an absolute path traversal by supplying an absolute path to the phpbb_root_path parameter...

PT-2006-5183 · Joomla · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! com rssxt component versions prior to 2.0 Beta 1 Description: The issue concerns remote file inclusion vulnerabilities in the Rssxt component for Joomla!. Remote attackers may be able to execute arbitrary PHP code via a URL in the...

CVE-2006-4258

CVE-2006-4258 affects Anti-Spam SMTP Proxy (ASSP). The vulnerability is an absolute path traversal in the get functionality, allowing remote authenticated users to read arbitrary files via file parameter values such as C:\ or UNC paths. Documents confirm the affected component and the underlying ...

PT-2006-5074 · Mambo · Mambo

Name of the Vulnerable Software and Affected Versions: Mambo com lmtg myhomepage component affected versions not specified Description: The issue concerns multiple PHP remote file inclusion vulnerabilities in the com lmtg myhomepage component for Mambo. These vulnerabilities allow remote attacker...

WEBInsta MM <= 1.3e (absolute_path) Remote File Include Exploit

Exploit for unknown platform in category web applications =============================================================== WEBInsta MM WEBInsta Mailing List Manager function milw0rm if document.exploit.target.value=="" alert"Enter a Target"; return false; exploit.action=...

CVE-2006-3934

Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter...

CVE-2006-3934

Affected software : Alkacon OpenCms prior to 6.2.2. Vulnerability : Absolute path traversal in downloadTrigger.jsp via the filePath parameter, allowing remote authenticated users to download arbitrary files. Root cause : improper handling/validation of absolute pathnames in filePath. Impact : pot...

Joomla com_bayesiannaivefilter Component &lt;= 1.1 Inclusion Vulnerability

No description provided by source. Pablin77 - XTech Inc Group combayesiannaivefilter Mambo Component Remote File Inclusion mosConfigabsolutepath Discovered By Pablin77 contact: Pablin77 at Argentina dot com Lebanon-Israel...STOP! No War!!! peace, that's all This is a massive cyber-protest, we are...

mammoodle.txt

Mam - Moodle Remote File Include ------------------------------------------------------------------------------------ Bug Found by: jank0 greetz: hackbsd crew risk: dangerous this bug allows a remote atacker to execute commands via rfi path: ?mosConfigabsolutepath= xpl:...

Echo Security Advisory 2006.40

ECHO.OR.ID ECHOADV40$2006 --------------------------------------------------------------------------------------------------- ECHOADV40$2006 iManage CMS = 4.0.12 absolutepath Remote File Inclusion ---------------------------------------------------------------------------------------------------...

Calendar Mambo Module &lt;= 1.5.7 Remote File Include Vulnerabilities

--------------------------------------------------------------------------------- Calendar Mambo Module = 1.5.7 Remote File Include Vulnerabilities --------------------------------------------------------------------------------- Author : Matdhule Contact : [email protected] Web :...

New Article Mambo Component &lt;= 1.0 &#40;com_articles.php&#41; Remote File Include Vulnerabilities

--------------------------------------------------------------------------------- New Article Mambo Component = 1.0 comarticles.php Remote File Include Vulnerabilities --------------------------------------------------------------------------------- Author : Ahmad Maulana a.k.a Matdhule Date : Ju...

multibanners Mambo Component <= 1.0.1 Remote Inclusion Vulnerability

Exploit for unknown platform in category web applications ==================================================================== multibanners Mambo Component = 1.0.1 Remote Inclusion Vulnerability ==================================================================== SolpotCrew Community Com...