Lucene search
K

6481 matches found

Exploit DB
Exploit DB
added 2007/05/10 12:0 a.m.23 views

Sun Microsystems Solaris SRSEXEC 3.2.x - Arbitrary File Read Local Information Disclosure

source: https://www.securityfocus.com/bid/23915/info Sun Microsystems Solaris is prone to a local information-disclosure vulnerability due to a design error. A local attacker may exploit this issue to access sensitive information, including superuser password information, that may lead to further...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2007/05/04 1:0 a.m.24 views

CVE-2007-2507

Directory traversal vulnerability in includes/download.php in Treble Designs 1024 CMS 0.7 allows remote attackers to read arbitrary files via a .. dot dot in the item parameter...

6.7AI score0.03476EPSS
Exploits1References7
CVE
CVE
added 2007/05/03 5:0 p.m.43 views

CVE-2007-2486

The CVE-2007-2486 entry describes a directory traversal vulnerability in Motobit (aka PStruh-CZ) using the file parameter of download.asp. Affected versions are Motobit 1.3 and 1.5 . The root cause is improper handling of the File parameter, enabling an attacker to read arbitrary files via a “..”...

5CVSS6.7AI score0.06643EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2007/04/30 11:0 p.m.46 views

CVE-2007-2368

WebSPELL 4.01.02 (and earlier) is affected in picture.php where the file parameter can be abused to read arbitrary files. Root cause: improper handling of the file parameter allows remote attackers to access files, with no authentication and network-based access. The issue has a NVD CVSS v2 base ...

5CVSS6.7AI score0.02286EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2007/03/16 9:0 p.m.64 views

CVE-2007-1478

CVE-2007-1478 affects McGallery 0.5b where download.php can be abused to read arbitrary files and reveal script source code via the filename parameter. This is a remote-access risk (attack surface via web requests) that enables partial confidentiality loss. The available documents describe the vu...

5CVSS6.9AI score0.02496EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2007/03/03 7:19 p.m.16 views

Directory traversal

Directory traversal vulnerability in SQLiteManager 1.2.0 allows remote attackers to read arbitrary files via a .. dot dot in a SQLiteManagercurrentTheme cookie...

5.1CVSS7.1AI score0.37526EPSS
Exploits2References6Affected Software1
CVE
CVE
added 2007/02/12 7:0 p.m.47 views

CVE-2006-7001

CVE-2006-7001 describes a directory traversal in PhpMyChat Plus 1.9 and earlier. The vulnerable component is the avatar.php handler, where an attacker can supply a "L" parameter containing ".." to read arbitrary files on the server. This mirrors the established issue family in PhpMyChat Plus 1.9 ...

7.1CVSS6.4AI score0.01602EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2007/01/23 12:0 a.m.22 views

CVE-2007-0412

BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP7, and 8.1 through 8.1 SP5 allows remote attackers to read arbitrary files inside the class-path property via .ear or exploded .ear files that use the manifest class-path property to point to utility jar files...

6.8AI score0.01881EPSS
Exploits0References6
CVE
CVE
added 2007/01/19 11:0 p.m.38 views

CVE-2007-0389

The CVE-2007-0389 issue affects ArsDigita Community System (ACS) 3.4.10 and earlier and ArsDigita Community Education Solution (ACES) 1.1. It is a directory traversal vulnerability that lets an attacker read arbitrary files by sending URIs containing double-encoded sequences like .%252e/. The pro...

7.8CVSS6.7AI score0.02829EPSS
Exploits1References5Affected Software2
CVE
CVE
added 2007/01/04 10:0 p.m.51 views

CVE-2007-0055

CVE-2007-0055 describes a directory traversal vulnerability in Formbankserver 1.9, specifically in the formbankcgi.exe/AbfrageForm component. The underlying issue is that an attacker can cause the application to read arbitrary files by supplying directory traversal sequences in the Name parameter...

5CVSS6.5AI score0.02853EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2006/11/27 3:42 p.m.3 views

security flaw

Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server jbossas 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager...

7.5CVSS6.1AI score0.13513EPSS
Exploits2References4
seebug.org
seebug.org
added 2006/11/26 12:0 a.m.43 views

Links ELinks SMBClient远程命令执行漏洞

Links ELinks是一款web浏览器。 Links ELinks存在一个缺陷,允许恶意web站点在目标机器上执行smbclient命令,此缺陷可能导致从目标系统上读取任意文件或者上传恶意文件到目标系统并执行。 具体问题代码如下: smbfunc in smb.c: ... 143 if share 144 if !dir || dirstrlendir - 1 == '/' || dirstrlendir - 1 == '\' 145 if dir 146 vn++ = "-D"; 147 vn++ = dir; 148 149 vn++ = "-c"; 150 vn++ =...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2006/11/24 12:0 a.m.6 views

PT-2006-6729 · Abitwhizzy · Abitwhizzy

Name of the Vulnerable Software and Affected Versions: aBitWhizzy affected versions not specified Description: The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the abitwhizzy.php file. This is achieved by including a .. dot dot in the f...

5CVSS6.3AI score0.03886EPSS
Exploits1References11
CVE
CVE
added 2006/11/21 11:0 p.m.36 views

CVE-2006-6033

CVE-2006-6033 affects Simple PHP Blog (SPHPBlog), likely version 0.4.8. It enables directory traversal via a .. sequence in the blog_theme parameter in multiple PHP scripts (index.php, add_cgi.php, add_link.php, login.php, template.php, contact.php), allowing remote attackers to read arbitrary fi...

7.5CVSS7.6AI score0.01586EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2006/11/21 12:0 a.m.5 views

PT-2006-6675 · Dosepa · Dosepa

Name of the Vulnerable Software and Affected Versions: DoSePa version 1.0.4 Description: A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a .. dot dot sequence or absolute file path in the file parameter. Recommendations: For version...

5CVSS6.7AI score0.03315EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2006/10/20 12:0 a.m.4 views

PT-2006-6156 · Phpadsnew · Phpadsnew

Name of the Vulnerable Software and Affected Versions: phpAdsNew version 2.0.8 Description: A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a .. dot dot in the phpAds configlanguage parameter in the "upgrade.php" file...

5CVSS7.3AI score0.01554EPSS
Exploits0References5
OSV
OSV
added 2006/09/27 11:7 p.m.3 views

DEBIAN-CVE-2006-5031

Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. dot dot in the file parameter, followed by a filename ending with "%00" and a .js filename...

5CVSS6.9AI score0.07342EPSS
Exploits1References1
CVE
CVE
added 2006/09/09 12:0 a.m.48 views

CVE-2006-4294

The CVE-2006-4294 issue affects TWiki’s viewfile in TWiki versions 4.0.0 through 4.0.4, where a directory traversal via a .. sequence in the filename parameter allows remote attackers to read arbitrary files on the server subject to the web server user’s privileges. The available connected docume...

5CVSS6.7AI score0.03749EPSS
Exploits1References5Affected Software1
RedHat Linux
RedHat Linux
added 2006/08/02 6:39 p.m.4 views

security flaw

Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1729, which allows remote attackers to read arbitrary files by inserting the target filename into a text box, then turning that box into a file upload control...

4.3CVSS7.5AI score0.02234EPSS
Exploits0References4
CVE
CVE
added 2006/06/02 1:0 a.m.53 views

CVE-2006-2758

CVE-2006-2758 is a directory traversal vulnerability in Jetty 6.0.x (jetty6) beta16. A remote attacker can read arbitrary files by using an encoded path like %2e%2e%5c (../) in the URL, potentially impacting confidentiality. The issue is noted to possibly be the same as CVE-2005-3747. The connect...

5CVSS6.3AI score0.04013EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder