5637 matches found
QNX RTOS 4.25 - CRTTrap File Disclosure
QNX RTOS 4.25 - CRTTrap File Disclosure source: https://www.securityfocus.com/bid/4901/info The QNX RTOS crttrap binary includes a command-line option for specifying a configuration file. crttrap is installed setuid by default. crttrap Local attackers may specify an arbitrary system file in place...
QNX RTOS 4.25 - 'CRTTrap' File Disclosure
source: https://www.securityfocus.com/bid/4901/info The QNX RTOS crttrap binary includes a command-line option for specifying a configuration file. crttrap is installed setuid by default. crttrap Local attackers may specify an arbitrary system file in place of the configuration file and crttrap...
Gafware CFXImage 1.6.41.6.6 - ShowTemp File Disclosure
Gafware CFXImage 1.6.41.6.6 - ShowTemp File Disclosure source: https://www.securityfocus.com/bid/4882/info Gafware's CFXImage is a custom tag for ColdFusion. A program included with the CFXImage documentation doesn't properly filter its input. It is reported that a flaw exists in this program tha...
Gafware CFXImage 1.6.4/1.6.6 - ShowTemp File Disclosure
source: https://www.securityfocus.com/bid/4882/info Gafware's CFXImage is a custom tag for ColdFusion. A program included with the CFXImage documentation doesn't properly filter its input. It is reported that a flaw exists in this program that allows a malicious user to read files outside of the...
Opera 6.0.16.0.2 - Arbitrary File Disclosure
Opera 6.0.16.0.2 - Arbitrary File Disclosure source: https://www.securityfocus.com/bid/4834/info A vulnerability has been reported in Opera 6.01/6.02. The vulnerability is related to handling of the 'file' HTML input-type. It is possible for a server to set the file value, while fooling Opera int...
Opera 6.0.1/6.0.2 - Arbitrary File Disclosure
source: https://www.securityfocus.com/bid/4834/info A vulnerability has been reported in Opera 6.01/6.02. The vulnerability is related to handling of the 'file' HTML input-type. It is possible for a server to set the file value, while fooling Opera into thinking no file has been specified. This i...
[SecurityOffice] LocalWeb2000 Web Server Protected File Access Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---- LocalWeb2000 Web Server Protected File Access Vulnerability ---- - ---- Type File Disclosure - ---- Release Date May 24, 2002 - ---- Product / Vendor LocalWEB2000 is an HTTP server for the Windows suite of operating systems. LocalWEB2000 is...
LocalWEB2000 2.1.0 Standard - File Disclosure
LocalWEB2000 2.1.0 Standard - File Disclosure source: https://www.securityfocus.com/bid/4820/info A vulnerability exists in LocalWEB2000 related to content password protection. It is possible to have LocalWEB2000 treat files as unprotected by requesting them as files within the '.' current...
NewAtlanta ServletExecISAPI 4.1 - File Disclosure
NewAtlanta ServletExecISAPI 4.1 - File Disclosure source: https://www.securityfocus.com/bid/4795/info ServletExec/ISAPI is a plug-in Java Servlet/JSP engine for Microsoft IIS. It runs with IIS on Microsoft Windows NT/2000/XP systems. ServletExec/ISAPI will disclose the contents of arbitrary files...
NewAtlanta ServletExec/ISAPI 4.1 - File Disclosure
source: https://www.securityfocus.com/bid/4795/info ServletExec/ISAPI is a plug-in Java Servlet/JSP engine for Microsoft IIS. It runs with IIS on Microsoft Windows NT/2000/XP systems. ServletExec/ISAPI will disclose the contents of arbitrary files within the webroot directory by sending a request...
Six new bugs in Internet Explorer
Crossite scripting, local files disclosure, security zone spoofing, etc...
Hosting Controller 1.x - Browse.asp File Disclosure
Hosting Controller 1.x - Browse.asp File Disclosure source: https://www.securityfocus.com/bid/4778/info Hosting Controller is an application which consolidates all hosting tasks into one interface. Hosting Controller runs on Microsoft Windows operating systems. The 'browse.asp' script is prone to...
Hosting Controller 1.x - 'Browse.asp' File Disclosure
source: https://www.securityfocus.com/bid/4778/info Hosting Controller is an application which consolidates all hosting tasks into one interface. Hosting Controller runs on Microsoft Windows operating systems. The 'browse.asp' script is prone to an issue which may allow a remote attacker to view...
mcNews 1.x - File Disclosure
mcNews 1.x - File Disclosure source: https://www.securityfocus.com/bid/4770/info mcNews is a set of scripts for allowing users to post news stories on a webpage. It will run on most Linux and Unix variants as well as Microsoft Windows operating systems. mcNews does not sufficiently filter...
Hosting Controller 1.x - DSNManager Directory Traversal
Hosting Controller 1.x - DSNManager Directory Traversal source: https://www.securityfocus.com/bid/4759/info Hosting Controller is an application which consolidates all hosting tasks into one interface. Hosting Controller runs on Microsoft Windows operating systems. The DSNManager script does not...
mcNews 1.x - File Disclosure
source: https://www.securityfocus.com/bid/4770/info mcNews is a set of scripts for allowing users to post news stories on a webpage. It will run on most Linux and Unix variants as well as Microsoft Windows operating systems. mcNews does not sufficiently filter dot-dot-slash ../ sequences from URL...
Critical Path InJoin Directory Server 4.0 - File Disclosure
Critical Path InJoin Directory Server 4.0 - File Disclosure source: https://www.securityfocus.com/bid/4718/info Critical Path provides an LDAP Lightweight Directory Access Protocol Directory Server called InJoin. InJoin Directory Server is provided for Microsoft Windows operating systems and Unix...
Critical Path InJoin Directory Server 4.0 - File Disclosure
source: https://www.securityfocus.com/bid/4718/info Critical Path provides an LDAP Lightweight Directory Access Protocol Directory Server called InJoin. InJoin Directory Server is provided for Microsoft Windows operating systems and Unix variants. iCon is the administrative web interface for the...
FileSeek - CGI Script File Disclosure
FileSeek - CGI Script File Disclosure source: https://www.securityfocus.com/bid/6784/info FileSeek is an example cgi-script from "The CGI/Perl Cookbook from John Wiley & Sons". The script is written and maintained by Craig Patchett. It is mainly used to find and download files on a web server...
FileSeek - CGI Script File Disclosure
source: https://www.securityfocus.com/bid/6784/info FileSeek is an example cgi-script from "The CGI/Perl Cookbook from John Wiley & Sons". The script is written and maintained by Craig Patchett. It is mainly used to find and download files on a web server. FileSeek.cgi and FileSeek2.cgi are prone...