33 matches found
CVE-2010-3460
Directory traversal vulnerability in the HTTP interface in AXIGEN Mail Server 7.4.1 for Windows allows remote attackers to read arbitrary files via a %5C encoded backslash in the URL...
Improve cookie parsing for tomcat5
Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle 1 double quote " characters or 2 %5C encoded backslash sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable...
ruby: webrick directory traversal
Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash \ path separators or case-insensitive file names, allows remote attackers to access arbitrary files via 1 "..%5c" encoded backslash...
CVE-2008-1145
CVE-2008-1145 is a directory traversal vulnerability in WEBrick for Ruby. Affected: Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, on systems with backslash path separators or case-insensitive filenames. Exploitation via encoded backslashes ("..\" sequences) or filenames matc...
Directory traversal
Directory traversal vulnerability in igallery.asp in Blue-Collar Productions i-Gallery 3.4 allows remote attackers to read arbitrary files via encoded backslash sequences in the d parameter, as demonstrated by a "%5c../../%5c" sequence...
Directory traversal
Directory traversal vulnerability in Microsoft Internet Explorer allows remote attackers to read arbitrary files via directory traversal sequences in a URI with a certain scheme, possibly related to "..%5C" encoded backslash sequences...
CVE-2007-3075
Directory traversal vulnerability in Microsoft Internet Explorer allows remote attackers to read arbitrary files via directory traversal sequences in a URI with a certain scheme, possibly related to "..%5C" encoded backslash sequences...
CVE-2007-3075
CVE-2007-3075: Directory traversal vulnerability in Microsoft Internet Explorer allows remote attackers to read arbitrary files via directory traversal sequences in a URI with a certain scheme (e.g., encoded backslash). The connected documents confirm the vulnerability description but do not spec...
tomcat directory traversal
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules modproxy, modrewrite, modjk, allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 "/" slash, 2 "" backslash, and...
tomcat directory traversal
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules modproxy, modrewrite, modjk, allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 "/" slash, 2 "" backslash, and...
CVE-2007-0450
CVE-2007-0450 is a directory traversal vulnerability affecting Apache Tomcat (and Tomcat behind certain Apache proxies) where a crafted URI containing a dot-dot sequence and mixed separators (/, , and %5C) can cause unauthorized disclosure of arbitrary files. Affected products/versions include To...
Abyss Web Server 1.0 - Encoded Backslash Directory Traversal
Abyss Web Server 1.0 - Encoded Backslash Directory Traversal source: https://www.securityfocus.com/bid/5547/info A directory traversal vulnerability has been reported for Abyss Web Server. The issue is related to the failure to properly process the backslash '', encoded as '%5c', character, which...
Apache 2.0 - Encoded Backslash Directory Traversal
Apache 2.0 - Encoded Backslash Directory Traversal source: https://www.securityfocus.com/bid/5434/info A directory traversal vulnerability exists in Apache versions 2.0.39 and earlier on non-Unix platforms potentially including Apache compiled with CYGWIN. Platforms that may be affected by this...