935 matches found
CVE-2002-1741
Directory traversal vulnerability in WorldClient.cgi in WorldClient for Alt-N Technologies MDaemon 5.0.5.0 and earlier allows local users to delete arbitrary files via a ".." dot dot in the Attachments parameter...
CVE-2005-0120
helvis 1.8h21 and earlier allows local users to delete arbitrary files via the elvprsv setuid program...
CVE-2005-0332
Directory traversal vulnerability in DeskNow Mail and Collaboration Server 2.5.12 allows remote attackers to 1 upload and possibly execute files outside the directory via the AttachmentsKey parameter to attachment.do, as demonstrated using JSP pages, or 2 delete arbitrary files via the selectfile...
CVE-2005-1201
Multiple directory traversal vulnerabilities in AZ Bulletin board AZbb before 1.0.08 allow 1 remote authenticated users with administrative privileges to delete arbitrary files via a .. dot dot in the URL to adminavatar.php or adminattachment.php or 2 remote attackers to enumerate files via a...
DEBIAN-CVE-2005-0536
Directory traversal vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to delete arbitrary files or determine file existence via a parameter related to image deletion...
CVE-2005-0332
The CVE-2005-0332 entry concerns DeskNow Mail and Collaboration Server (v2.5.12) with two directory traversal flaws. The first allows remote upload (and possible JSP-based execution) through the AttachmentsKey parameter to attachment.do, enabling files to be placed outside the intended directory....
CVE-2004-2225
Mozilla Firefox before 0.10.1 allows remote attackers to delete arbitrary files in the download directory via a crafted data: URI that is not properly handled when the user clicks the Save button...
DEBIAN-CVE-2004-0452
Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack...
DEBIAN-CVE-2004-1000
lintian 1.23 and earlier removes the working directory even if it was not created by lintian, which may allow local users to delete arbitrary files or directories via a symlink attack...
CVE-2002-1422
admbrowse.php in FUDforum before 2.2.0 allows remote attackers to create or delete files via URL-encoded pathnames in the cur and dest parameters...
CVE-2002-0974
Help and Support Center for Windows XP allows remote attackers to delete arbitrary files via a link to the hcp: protocol that accesses uplddrvinfo.htm...
CVE-2000-0911
CVE-2000-0911 affects IMP 2.2 and earlier. The vulnerability arises from modifying the hidden attachment_name form variable, enabling an attacker to read and delete arbitrary files by causing IMP to send the targeted file to the attacker as an attachment. The available sources confirm the affecte...
CVE-2000-0076
nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover...
CVE-1999-0732
The logging facility of the Debian smtp-refuser package allows local users to delete arbitrary files using symbolic links...
PT-1999-1310 · Debian · Smtp-Refuser
Name of the Vulnerable Software and Affected Versions: Debian smtp-refuser affected versions not specified Description: The issue affects the logging facility of the Debian smtp-refuser package, allowing local users to delete arbitrary files using symbolic links. Recommendations: At the moment,...