CVE-2006-0922

CubeCart 3.0 through 3.6 does not properly check authorization for an administration session because of a missing auth.inc.php include, which results in an absolute path traversal vulnerability in FileUpload in connector.php aka upload.php that allows remote attackers to upload arbitrary files vi...

CVE-2006-0922

CubeCart 3.0 through 3.6 does not properly check authorization for an administration session because of a missing auth.inc.php include, which results in an absolute path traversal vulnerability in FileUpload in connector.php aka upload.php that allows remote attackers to upload arbitrary files vi...

Path traversal

Absolute path traversal vulnerability in docs/showdocs.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via the f parameter, and possibly remote files using UNC share pathnames...

CVE-2006-0873

CVE-2006-0873 affects Coppermine Photo Gallery (docs/showdoc.php, f parameter). It is an absolute path traversal / local file inclusion vulnerability allowing arbitrary file inclusion, potentially from Windows UNC shares. Affected: Coppermine Photo Gallery 1.4.3 and earlier. Root cause: unsanitiz...

CVE-2006-0795

CVE-2006-0795 affects Quirex convert.cgi (versions 2.0.2 and earlier). The vulnerability is an absolute path traversal via the quiz_head, quiz_foot, and template variables, allowing remote attackers to read arbitrary files and, per sources, possibly execute code. Exploit is reported as available,...

Path traversal

Absolute path traversal vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier allows remote attackers to include and execute arbitrary local files via a direct request with a path parameter with a null character and beginning with 1 '/' slash for an absolute pathname or 2 a drive...

CVE-2006-0785

Absolute path traversal vulnerability in include.php of PHPKIT

CVE-2005-4068

Unspecified "absolute path vulnerability" in umountall in IBM AIX 5.1 through 5.3 allows local users to cause unknown impact via unknown vectors...

CVE-2005-4068

Unspecified "absolute path vulnerability" in umountall in IBM AIX 5.1 through 5.3 allows local users to cause unknown impact via unknown vectors...

CVE-2005-4068

The CVE-2005-4068 entry concerns an unspecified absolute path vulnerability in the AIX utility umountall, affecting IBM AIX 5.1–5.3 with local-access implications (exact impact and vectors not disclosed in the provided documents). Connected sources identify vendor patches related to bos.rte.files...

CVE-2004-2595

Absolute path traversal vulnerability in Quake II server before R1Q2 on Linux, as used in multiple products, allows remote attackers to cause a denial of service application crash via a download command with a full pathname for a directory in the argument, which causes the server to crash when it...

CVE-2005-3749

CVE-2005-3749 concerns IBM AIX 5.2/5.3 diagela (diagela.sh) with unspecified absolute path vulnerabilities. Connected documents indicate remediation via AIX security patches for bos.diag.rte: U477539 (AIX 5.2 TL 8) and U800632 (AIX 5.3 TL 4). These patches address the security of the diag.rte pac...

CVE-2005-3749

Unspecified "absolute path vulnerabilities" in the diagela command diagela.sh in IBM AIX 5.2 and 5.3 have unknown impact and attack vectors...

VulnCheck KEV: CVE-2005-3738

globals.php in Mambo Site Server 4.0.14 and earlier, when registerglobals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfigabsolutepath parameter to content.html.php for remote PHP file inclusion...

CVE-2005-3431

CVE-2005-3431 describes an absolute path traversal vulnerability in Rockliffe MailSite Express prior to 6.1.22. The issue allows remote attackers to read arbitrary files by supplying a full pathname in the AttachPath field of a mail message under composition. The provided sources confirm the affe...

CVE-2004-2507

The CVE-2004-2507 entry concerns the Linksys WVC11B Wireless-B Internet Video Camera. Affected software: main.cgi. Vulnerability type: absolute path traversal, exploitable via an absolute pathname provided in the next_file parameter. Root cause: improper handling of file paths in main.cgi allows ...

CVE-2004-2507

Absolute path traversal vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to read arbitrary files via an absolute pathname in the nextfile parameter...

CVE-2005-2378

Directory traversal vulnerability in Oracle Reports allows remote attackers to read arbitrary files via an absolute or relative path to the 1 CUSTOMIZE or 2 desformat parameters to rwservlet. NOTE: vector 2 is probably the same as CVE-2006-0289, and fixed in Jan 2006 CPU...

CVE-2005-2371

Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows remote attackers to overwrite arbitrary files via 1 "..", 2 Windows drive letter C:, and 3 absolute path sequences in the desname parameter. NOTE: this issue was probably fixed by REP06 in CPU Jan 2006, in which case ...

CVE-2005-1485

Golden FTP Server Pro 2.52 allows remote attackers to obtain sensitive information via a GET request for a file that does not exist, which reveals the absolute path of the FTP server in the resulting FTP error message...