6483 matches found
CVE-2008-6960
download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database credentials from includes/constants.php...
DOMPDF Arbitrary File Read <= 0.5.1
================================= DOMPDF Arbitrary File Read = 0.5.1 ================================= Discovered by: Aung Khant, YGN Ethical Hacker Group, Myanmar http://yehg.net/ believe in full disclosure Advisory URL: http://yehg.net/lab/pr0js/view.php/Apache20Security20Bypass20Vul20DomPDF.pd...
CVE-2009-2557
The vulnerability CVE-2009-2557 affects Admin News Tools 2.5, with a directory traversal flaw in system/download.php that permits reading arbitrary files via a .. sequence in the fichier parameter. This is described across multiple sources (NVD entry for CVE-2009-2557 and OpenVAS detail for Admin...
CVE-2009-2398
CVE-2009-2398 : Affected software is PHP-Sugar 0.80, vulnerable in test/index.php. The vulnerability is a directory traversal via the t parameter using a ..// sequence, allowing a remote attacker to read arbitrary files. Connected sources corroborate the same description (NVD/NVD mirrors). No exp...
Fedora Core 11 FEDORA-2009-5769 (ocsinventory)
The remote host is missing an update to ocsinventory announced via advisory FEDORA-2009-5769. OpenVAS Vulnerability Test $Id: fcore20095769.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-5769 ocsinventory Authors: Thomas Reinke Copyright: Copyright...
Fedora 11 : ocsinventory-1.02.1-1.fc11 (2009-5769)
2 Security fixes - CVE-2009-1769 OCS Inventory NG: Authentication result varies for existent and non-existent users - SQL injection and Unauthenticated Arbitrary File Read Some Other minor bug fixes http://www.ocsinventory-ng. org/index.php?mact=News,cntnt01,detail,0&cntnt01articleid=140&cntnt01r...
Fedora 9 : ocsinventory-1.02.1-1.fc9 (2009-5764)
2 Security fixes - CVE-2009-1769 OCS Inventory NG: Authentication result varies for existent and non-existent users - SQL injection and Unauthenticated Arbitrary File Read Some Other minor bug fixes http://www.ocsinventory-ng. org/index.php?mact=News,cntnt01,detail,0&cntnt01articleid=140&cntnt01r...
Fedora 10 : ocsinventory-1.02.1-1.fc10 (2009-5773)
2 Security fixes - CVE-2009-1769 OCS Inventory NG: Authentication result varies for existent and non-existent users - SQL injection and Unauthenticated Arbitrary File Read Some Other minor bug fixes http://www.ocsinventory-ng. org/index.php?mact=News,cntnt01,detail,0&cntnt01articleid=140&cntnt01r...
Directory traversal
Directory traversal vulnerability in index.php in OpenCart 1.1.8 allows remote attackers to read arbitrary files via a .. dot dot in the route parameter...
Fedora Core 9 FEDORA-2009-3283 (moodle)
The remote host is missing an update to moodle announced via advisory FEDORA-2009-3283. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
Fedora 9 : moodle-1.9.4-6.fc9 (2009-3283)
CVE-2009-1171: The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a '$$' sequence, which causes LaTeX to include the contents of the file. Upstream bug and CVS commit:...
CVE-2009-1171
The vulnerability CVE-2009-1171 affects Moodle’s TeX filter in Moodle 1.6 (before 1.6.9+), 1.7 (before 1.7.7+), 1.8 (before 1.8.9), and 1.9 (before 1.9.5). A user-assisted attacker can cause LaTeX to read and include arbitrary files by crafting a input command within a "$${...}$" sequence. This l...
CVE-2009-1171
The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a "$$" sequence, which causes LaTeX to include the contents of the file...
pluck 4.6 read arbitrary files vulnerability!- Vulnerability warning-the black bar safety net
by:xhming data/modules/albums/pagesadmin/albumsgetimage.php .................................... $image = $GET'image'; if ! ereg dividing"thumb", $image if pregmatch". /A-Za-z0-9. 0,11", $image, $matches if $image != $matches0 unset$image; die"A hacking attempt has been detected. For security...
Directory traversal
Directory traversal vulnerability in login.php in OneOrZero Helpdesk 1.6.5.7 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the defaultlanguage parameter...
CVE-2008-6183
CVE-2008-6183 affects My PHP Indexer 1.0. The vulnerability is in index.php where the d and f parameters can be used to perform a directory traversal using .., allowing remote attackers to read arbitrary files. The CVSSv2 base score is 7.8 (HIGH) with network access and no authentication required...
CVE-2008-6139
CVE-2008-6139 describes a directory traversal vulnerability in WebBiscuits Modules Controller 1.1, where the download parameter in faqsupport/wce.download.php can be manipulated with .. to read arbitrary files. Supported by NVD/NIST records and multiple references; exploitation details are not de...
PT-2009-2988 · Ninja · Ninja Blog
Name of the Vulnerable Software and Affected Versions: Ninja Blog version 4.8 Description: The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the entries/index.php file when magic quotes gpc is disabled. This is achieved by using a .. dot dot i...
PT-2009-2954 · Tftputil · Tftputil Gui
Name of the Vulnerable Software and Affected Versions: TFTPUtil GUI versions 1.2.0 through 1.3.0 Description: A directory traversal issue allows remote attackers to read arbitrary files outside the TFTP root directory via directory traversal sequences in a GET request, such as "/../" or "/../../"...
RSS Simple News SQL Injection
!/usr/bin/perl Coded by Piker pikerdotther00tatgmaildotcom D.O.M Team piker,ka0x,an0de,xarnuz 2008 Security Researchers RSS Simple News Remote SQL Injection Exploit http://sourceforge.net/projects/rss-simple-news/ This exploit tries to read an arbitrary file. It needs magicquotesgpc=off...