Lucene search
K

6516 matches found

Prion
Prion
added 2007/03/03 7:19 p.m.17 views

Directory traversal

Directory traversal vulnerability in SQLiteManager 1.2.0 allows remote attackers to read arbitrary files via a .. dot dot in a SQLiteManagercurrentTheme cookie...

5.1CVSS7.1AI score0.37526EPSS
Exploits2References6Affected Software1
CVE
CVE
added 2007/02/12 7:0 p.m.48 views

CVE-2006-7001

CVE-2006-7001 describes a directory traversal in PhpMyChat Plus 1.9 and earlier. The vulnerable component is the avatar.php handler, where an attacker can supply a "L" parameter containing ".." to read arbitrary files on the server. This mirrors the established issue family in PhpMyChat Plus 1.9 ...

7.1CVSS6.4AI score0.01602EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2007/01/23 12:0 a.m.22 views

CVE-2007-0412

BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP7, and 8.1 through 8.1 SP5 allows remote attackers to read arbitrary files inside the class-path property via .ear or exploded .ear files that use the manifest class-path property to point to utility jar files...

6.8AI score0.01881EPSS
Exploits0References6
CVE
CVE
added 2007/01/19 11:0 p.m.39 views

CVE-2007-0389

The CVE-2007-0389 issue affects ArsDigita Community System (ACS) 3.4.10 and earlier and ArsDigita Community Education Solution (ACES) 1.1. It is a directory traversal vulnerability that lets an attacker read arbitrary files by sending URIs containing double-encoded sequences like .%252e/. The pro...

7.8CVSS6.7AI score0.02829EPSS
Exploits1References5Affected Software2
CVE
CVE
added 2007/01/04 10:0 p.m.53 views

CVE-2007-0055

CVE-2007-0055 describes a directory traversal vulnerability in Formbankserver 1.9, specifically in the formbankcgi.exe/AbfrageForm component. The underlying issue is that an attacker can cause the application to read arbitrary files by supplying directory traversal sequences in the Name parameter...

5CVSS6.5AI score0.02853EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2006/11/27 3:42 p.m.3 views

security flaw

Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server jbossas 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager...

7.5CVSS6.1AI score0.13513EPSS
Exploits2References4
seebug.org
seebug.org
added 2006/11/26 12:0 a.m.44 views

Links ELinks SMBClient远程命令执行漏洞

Links ELinks是一款web浏览器。 Links ELinks存在一个缺陷,允许恶意web站点在目标机器上执行smbclient命令,此缺陷可能导致从目标系统上读取任意文件或者上传恶意文件到目标系统并执行。 具体问题代码如下: smbfunc in smb.c: ... 143 if share 144 if !dir || dirstrlendir - 1 == '/' || dirstrlendir - 1 == '\' 145 if dir 146 vn++ = "-D"; 147 vn++ = dir; 148 149 vn++ = "-c"; 150 vn++ =...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2006/11/24 12:0 a.m.6 views

PT-2006-6729 · Abitwhizzy · Abitwhizzy

Name of the Vulnerable Software and Affected Versions: aBitWhizzy affected versions not specified Description: The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the abitwhizzy.php file. This is achieved by including a .. dot dot in the f...

5CVSS6.3AI score0.03886EPSS
Exploits1References11
CVE
CVE
added 2006/11/21 11:0 p.m.39 views

CVE-2006-6033

CVE-2006-6033 affects Simple PHP Blog (SPHPBlog), likely version 0.4.8. It enables directory traversal via a .. sequence in the blog_theme parameter in multiple PHP scripts (index.php, add_cgi.php, add_link.php, login.php, template.php, contact.php), allowing remote attackers to read arbitrary fi...

7.5CVSS7.6AI score0.01586EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2006/11/21 12:0 a.m.6 views

PT-2006-6675 · Dosepa · Dosepa

Name of the Vulnerable Software and Affected Versions: DoSePa version 1.0.4 Description: A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a .. dot dot sequence or absolute file path in the file parameter. Recommendations: For version...

5CVSS6.7AI score0.03315EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2006/10/20 12:0 a.m.6 views

PT-2006-6156 · Phpadsnew · Phpadsnew

Name of the Vulnerable Software and Affected Versions: phpAdsNew version 2.0.8 Description: A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a .. dot dot in the phpAds configlanguage parameter in the "upgrade.php" file...

5CVSS7.3AI score0.01554EPSS
Exploits0References5
OSV
OSV
added 2006/09/27 11:7 p.m.3 views

DEBIAN-CVE-2006-5031

Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. dot dot in the file parameter, followed by a filename ending with "%00" and a .js filename...

5CVSS6.9AI score0.07342EPSS
Exploits1References1
CVE
CVE
added 2006/09/09 12:0 a.m.49 views

CVE-2006-4294

The CVE-2006-4294 issue affects TWiki’s viewfile in TWiki versions 4.0.0 through 4.0.4, where a directory traversal via a .. sequence in the filename parameter allows remote attackers to read arbitrary files on the server subject to the web server user’s privileges. The available connected docume...

5CVSS6.7AI score0.03749EPSS
Exploits1References5Affected Software1
RedHat Linux
RedHat Linux
added 2006/08/02 6:39 p.m.5 views

security flaw

Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1729, which allows remote attackers to read arbitrary files by inserting the target filename into a text box, then turning that box into a file upload control...

4.3CVSS7.5AI score0.02234EPSS
Exploits0References4
CVE
CVE
added 2006/06/02 1:0 a.m.56 views

CVE-2006-2758

CVE-2006-2758 is a directory traversal vulnerability in Jetty 6.0.x (jetty6) beta16. A remote attacker can read arbitrary files by using an encoded path like %2e%2e%5c (../) in the URL, potentially impacting confidentiality. The issue is noted to possibly be the same as CVE-2005-3747. The connect...

5CVSS6.3AI score0.04013EPSS
Exploits1References1Affected Software1
Packet Storm
Packet Storm
added 2006/05/22 12:0 a.m.27 views

CYBSEC-SAPBC2.txt

The following advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSECSecurityAdvisoryArbitraryFileReadorDeleteinSAPBC.pdf CYBSEC S.A. www.cybsec.com Advisory Name: Arbitrary File Read/Delete in SAP BC Business Connector Vulnerability Class: Improper Input...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2006/05/16 12:0 a.m.53 views

CYBSEC - Security Advisory: Arbitrary File Read/Delete in SAP BC (Business Connector)

The following advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSECSecurityAdvisoryArbitraryFileReadorDeleteinSAPBC.pdf CYBSEC S.A. www.cybsec.com Advisory Name: Arbitrary File Read/Delete in SAP BC Business Connector Vulnerability Class: Improper Input...

0.1AI score
Exploits0
CVE
CVE
added 2006/04/29 10:0 a.m.44 views

CVE-2006-2105

CVE-2006-2105 affects Jupiter CMS versions 1.1.4 and 1.1.5. A directory traversal flaw in index.php allows remote attackers to read arbitrary files by supplying ".." sequences terminated by a null byte (%00) in the n parameter. The issue is a path traversal in user input handling that can access ...

5CVSS6.7AI score0.01275EPSS
Exploits1References2Affected Software1
securityvulns
securityvulns
added 2006/03/20 12:0 a.m.29 views

Path Disclosure and Arbitrary File Read Vulnerability in SLAB5000

Description SLAB500 is a complete, dynamic, modular web-system designed to your specifications, allowing you to quickly and conveniently update all your content, add new pages, upload images, sounds and video from any browser, via our front-end interface from any location that you have web access...

Exploits0
securityvulns
securityvulns
added 2006/02/16 12:0 a.m.43 views

CYBSEC - Security Pre-Advisory: Arbitrary File Read/Delete in SAP BC

The following advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSECSecurityPre-AdvisoryArbitraryFileReadorDeleteinSAPBC.pdf CYBSEC S.A. www.cybsec.com Pre-Advisory Name: Arbitrary File Read/Delete in SAP BC Business Connector Vulnerability Class: Improper Inp...

6.7AI score
Exploits0
Rows per page
Query Builder