5638 matches found
Microsoft Internet Explorer 5/6 - XML Redirect File Disclosure
source: https://www.securityfocus.com/bid/5560/info A flaw in Microsoft Internet Explorer may reveal the entire contents of XML files and partial contents of other files to attackers. This vulnerability allows an attacker to read the entire contents of XML files, and fragments of other files,...
Ilia Alshanetsky FUDForum 1.2.81.9.82.0.2 - File Disclosure
Ilia Alshanetsky FUDForum 1.2.81.9.82.0.2 - File Disclosure source: https://www.securityfocus.com/bid/5501/info Reportedly, FUDForum may disclose contents of arbitrary files to attackers. The vulnerability is the result of FUDForum failing to check the path of the file that is being requested. By...
Ilia Alshanetsky FUDForum 1.2.8/1.9.8/2.0.2 - File Disclosure
source: https://www.securityfocus.com/bid/5501/info Reportedly, FUDForum may disclose contents of arbitrary files to attackers. The vulnerability is the result of FUDForum failing to check the path of the file that is being requested. By simply making malicious requests via URI parameters, an...
Microsoft Internet Explorer 456 - XML Datasource Applet File Disclosure
Microsoft Internet Explorer 456 - XML Datasource Applet File Disclosure source: https://www.securityfocus.com/bid/5490/info A problem in Microsoft Internet Explorer could lead to the disclosure of sensitive information. Due to the design of the datasource applet, it may be possible for a user to...
Microsoft Internet Explorer 4/5/6 - XML Datasource Applet File Disclosure
source: https://www.securityfocus.com/bid/5490/info A problem in Microsoft Internet Explorer could lead to the disclosure of sensitive information. Due to the design of the datasource applet, it may be possible for a user to view the contents of local files via a remote page. By building a...
Trend Micro OfficeScan ofcscan.ini Configuration File Disclosure
The remote Trend Micro OfficeScan Corporate Edition Japanese version: Virus Buster Corporate Edition web-based management console allows unauthenticated access to files under '/officescan/hotdownload'. Reading the configuration file 'ofcscan.ini' under that location will reveal information about...
[ADVISORY]: Arbitrary file disclosure vulnerability in Sympoll 1.2
Sympoll is a customizable voting booth system written in PHP. A missing variable integrity check allows arbitrary files to be viewed on a web server that hosts Sympoll version 1.2. Hosts that have disabled the registerglobals directive in their php.ini file are not at risk. This vulnerability was...
Opera 6.0.1 Microsoft Internet Explorer 56 - JavaScript Modifier Keypress Event Subversion
Opera 6.0.1 Microsoft Internet Explorer 56 - JavaScript Modifier Keypress Event Subversion source: https://www.securityfocus.com/bid/5290/info An issue has been reported with the JavaScript implementation of multiple web browsers, including Microsoft Internet Explorer and Opera. Malicious...
Opera 6.0.1 / Microsoft Internet Explorer 5/6 - JavaScript Modifier Keypress Event Subversion
source: https://www.securityfocus.com/bid/5290/info An issue has been reported with the JavaScript implementation of multiple web browsers, including Microsoft Internet Explorer and Opera. Malicious JavaScript may subvert some keypress events, with consequences including the disclosure of arbitra...
Three BadBlue Vulnerabilities
Advisory: Working Resources BadBlue Multiple Vulnerabilities Issue: Three vulnerabilities; a denial of service, an insecurity in password storage, and a file disclosure vulnerability that could allow viewing of the password file. Risk: Critical SecurityFocus: "Working Resources BadBlue Invalid Ge...
iPlanet Web Server 4.1 - Search Component File Disclosure
iPlanet Web Server 4.1 - Search Component File Disclosure source: https://www.securityfocus.com/bid/5191/info The iPlanet Web Server search engine is prone to a file disclosure vulnerability. It is possible for remote attackers to make requests to the search engine which will cause arbitrary...
iPlanet Web Server 4.1 - Search Component File Disclosure
source: https://www.securityfocus.com/bid/5191/info The iPlanet Web Server search engine is prone to a file disclosure vulnerability. It is possible for remote attackers to make requests to the search engine which will cause arbitrary readable files on the host running the vulnerable software to ...
Wolfram Research webMathematica 4.0 - File Disclosure
Wolfram Research webMathematica 4.0 - File Disclosure source: https://www.securityfocus.com/bid/5035/info Wolfram Research's webMathematica is a Java based product which allows the inclusion of Mathematica content in a web environment. It includes CGI programs which generate image content based o...
Wolfram Research webMathematica 4.0 - File Disclosure
source: https://www.securityfocus.com/bid/5035/info Wolfram Research's webMathematica is a Java based product which allows the inclusion of Mathematica content in a web environment. It includes CGI programs which generate image content based on user supplied input. A file disclosure vulnerability...
My Postcards 6.0 - MagicCard.cgi Arbitrary File Disclosure
My Postcards 6.0 - MagicCard.cgi Arbitrary File Disclosure source: https://www.securityfocus.com/bid/5029/info My Postcards is a commercial available eletronic postcard system. It is available for Unix and Linux Operating Systems. The magiccard.cgi script does not properly handle some types of...
My Postcards 6.0 - 'MagicCard.cgi' Arbitrary File Disclosure
source: https://www.securityfocus.com/bid/5029/info My Postcards is a commercial available eletronic postcard system. It is available for Unix and Linux Operating Systems. The magiccard.cgi script does not properly handle some types of input. As a result, it may be possible for a remote user to...
Working Resources 1.7.3 BadBlue - Null Byte File Disclosure
Working Resources 1.7.3 BadBlue - Null Byte File Disclosure source: https://www.securityfocus.com/bid/5226/info BadBlue is a P2P file sharing application distributed by Working Resources. It is available for Microsoft Windows operating systems. It has been discovered that a request passed to a...
Working Resources 1.7.3 BadBlue - Null Byte File Disclosure
source: https://www.securityfocus.com/bid/5226/info BadBlue is a P2P file sharing application distributed by Working Resources. It is available for Microsoft Windows operating systems. It has been discovered that a request passed to a BadBlue server containing a null byte at the end of a file nam...
CVE-2002-0410
CVE-2002-0410 (AeroMail) affects AeroMail before 1.45. The vulnerability is in send_message.php, allowing remote attackers to read arbitrary server files instead of only uploaded ones by crafting the attachment filename during upload. This is caused by improper handling of file path/filename duri...
Seanox DevWex Windows Binary 1.2002.520 - File Disclosure
Seanox DevWex Windows Binary 1.2002.520 - File Disclosure source: https://www.securityfocus.com/bid/4978/info The Seanox DevWex Windows binary version is prone to an issue which may cause arbitrary web-readable files to be disclosed to remote attackers. This problem occurs because DevWex does not...