Lucene search
K

40 matches found

Prion
Prion
added 2008/05/21 1:24 p.m.15 views

Code injection

Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe 1 ExecuteAsync and 2 Execute methods, which allows remote attackers to execute arbitrary code via an absolute pathname in the first argument...

6.8CVSS8.2AI score0.06861EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2008/05/21 10:0 a.m.24 views

CVE-2008-2390

Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe 1 ExecuteAsync and 2 Execute methods, which allows remote attackers to execute arbitrary code via an absolute pathname in the first argument...

7.7AI score0.06861EPSS
Exploits0References2
NVD
NVD
added 2008/03/10 5:44 p.m.17 views

CVE-2008-1221

Absolute path traversal vulnerability in the FTP server in MicroWorld eScan Corporate Edition 9.0.742.98 and eScan Management Console aka eScan Server 9.0.742.1 allows remote attackers to read arbitrary files via an absolute pathname in the RETR get command...

5CVSS6.7AI score0.03122EPSS
Exploits1References6
Prion
Prion
added 2007/10/26 6:46 p.m.17 views

Directory traversal

Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in 1 errorhandlerfile and 2 localphp parameters to a tiki-index.php, or 3 encoded "..%2F" sequences in the implanguage parameter to...

7.5CVSS7.7AI score0.03024EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2007/10/26 6:46 p.m.18 views

CVE-2007-5684

Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in 1 errorhandlerfile and 2 localphp parameters to a tiki-index.php, or 3 encoded "..%2F" sequences in the implanguage parameter to...

7.5CVSS7.3AI score0.03024EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2007/10/26 6:46 p.m.24 views

CVE-2007-5684

Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in 1 errorhandlerfile and 2 localphp parameters to a tiki-index.php, or 3 encoded "..%2F" sequences in the implanguage parameter to...

7.5CVSS6.2AI score0.03024EPSS
Exploits0References1
Cvelist
Cvelist
added 2007/10/26 6:0 p.m.22 views

CVE-2007-5684

Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in 1 errorhandlerfile and 2 localphp parameters to a tiki-index.php, or 3 encoded "..%2F" sequences in the implanguage parameter to...

7.3AI score0.03024EPSS
Exploits0References2
Prion
Prion
added 2007/03/02 9:18 p.m.14 views

Path traversal

Absolute path traversal vulnerability in listmainpages.php in Cromosoft Simple Plantilla PHP SPP allows remote attackers to list arbitrary directories, and read arbitrary files, via an absolute pathname in the nfolder parameter...

5CVSS7.3AI score0.02526EPSS
Exploits1References4
Cvelist
Cvelist
added 2007/02/27 6:0 p.m.27 views

CVE-2007-1138

Absolute path traversal vulnerability in listmainpages.php in Cromosoft Simple Plantilla PHP SPP allows remote attackers to list arbitrary directories, and read arbitrary files, via an absolute pathname in the nfolder parameter...

6.8AI score0.02526EPSS
Exploits1References4
Prion
Prion
added 2007/01/09 2:28 a.m.16 views

Path traversal

Multiple absolute path traversal vulnerabilities in EditTag 1.2 allow remote attackers to read arbitrary files via an absolute pathname in the file parameter to 1 edittag.cgi, 2 edittag.pl, 3 edittagmp.cgi, or 4 edittagmp.pl...

4.3CVSS7.4AI score0.02789EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2006/11/28 2:0 a.m.18 views

CVE-2006-6138

Directory traversal vulnerability in download.php in Sisfo Kampus 0.8 allows remote attackers to list arbitrary directories via an absolute pathname in the dir parameter...

6.8AI score0.02676EPSS
Exploits1References2
Cvelist
Cvelist
added 2005/07/26 4:0 a.m.22 views

CVE-2005-2372

Oracle Forms 4.5 through 10g starts form executables from arbitrary directories and executes them as the Oracle or System user, which allows attackers to execute arbitrary code by uploading a malicious .fmx file and referencing it using an absolute pathname argument in the 1 form or 2 module...

7.2AI score0.02864EPSS
Exploits1References2
NVD
NVD
added 2004/08/18 4:0 a.m.17 views

CVE-2004-0235

Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with 1 .. sequences or 2 absolute pathnames with double leading slashes "//absolute/path"...

6.4CVSS6.6AI score0.04122EPSS
Exploits3References13
Cvelist
Cvelist
added 2004/04/16 4:0 a.m.28 views

CVE-2004-0180

The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405...

6.4AI score0.01832EPSS
Exploits0References23
CVE
CVE
added 2003/03/18 5:0 a.m.42 views

CVE-2002-1423

The CVE-2002-1423 issue concerns FUDforum, where tmp_view.php before version 2.2.0 allows remote attackers to read arbitrary files through an absolute pathname supplied in the file parameter. The underlying vulnerability is a path traversal/unsafe file inclusion in the tmp_view.php handler, enabl...

5CVSS7.1AI score0.03452EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2003/03/18 5:0 a.m.16 views

CVE-2002-1423

tmpview.php in FUDforum before 2.2.0 allows remote attackers to read arbitrary files via an absolute pathname in the file parameter...

6.7AI score0.03452EPSS
Exploits1References4
CVE
CVE
added 2003/03/18 5:0 a.m.40 views

CVE-2002-1525

CVE-2002-1525 concerns a directory traversal vulnerability in the ASTAware SearchDisk engine of Sun ONE Starter Kit 2.0. The flaw allows remote attackers to read arbitrary files via a .. (dot dot) path traversal on ports 6015 or 6016, or through an absolute pathname to port 6017. The available re...

5CVSS7.1AI score0.08052EPSS
Exploits1References3Affected Software2
Cvelist
Cvelist
added 2003/03/18 5:0 a.m.15 views

CVE-2002-1545

CooolSoft Personal FTP Server 2.24 allows remote attackers to obtain the absolute pathname of the FTP root via a PWD command, which includes the full path in the response...

6.5AI score0.01324EPSS
Exploits0References1
CVE
CVE
added 2002/08/31 4:0 a.m.52 views

CVE-2002-1034

CVE-2002-1034 affects SunPS iRunbook 2.5.2. The vulnerability is triggered through none.php by supplying an absolute pathname as an argument, enabling remote attackers to read arbitrary files and potentially compromise confidentiality (and integrity per CVSS). The available connected documents pr...

10CVSS7.1AI score0.04349EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2001/03/09 5:0 a.m.49 views

CVE-2001-0224

CVE-2001-0224 affects the Muscat Empower CGI program. A remote attacker can cause disclosure of the server’s absolute pathname via an invalid request in the DB parameter. The issue is demonstrated by a misleading DB parameter in a GET request to the CGI (e.g., GET /cgi-bin/empower?DB=whatever), w...

5CVSS6.6AI score0.07315EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder