5637 matches found
webmin 0.91 - Directory Traversal
webmin 0.91 - Directory Traversal source: https://www.securityfocus.com/bid/3698/info Webmin is a web-based interface for system administration for Unix. Using any browser that supports tables and forms, you can setup user accounts, Apache, DNS, file sharing and so on. Webmin will run on most Uni...
Digital Unix msgchk vulnerable to file contents disclosure via symlink redirection of profile
Overview msgchk, a part of the MH mail system, reads the user's .mhprofile in order to obtain configuration options. If the .mhprofile is linked to another file with illegal format, the first line of that file will be displayed in an error message by msgchk. Description msgchk is the portion of t...
CVE-1999-1418
CVE-1999-1418 affects ICQ99 ICQ web server build 1701 with “Active Homepage” enabled. The vulnerability allows remote attackers to infer the existence of files on the server by comparing responses: a “404 Forbidden” when a file exists vs “404 not found” when it does not. The provided documents do...
Beck GmbH IPC@CHIP HTTPD vulernable to arbitrary file disclosure
Overview The Beck IPC@CHIP web server permits intruders to access files outside the web root. Description The Beck IPC@CHIP is a single chip embedded webserver. The Web Server's root directory is set to / by default. Because of this default setting, an attacker can download arbitrary files from a...
Power Up HTML 0.8033 Beta - Directory Traversal Arbitrary File Disclosure
Power Up HTML 0.8033 Beta - Directory Traversal Arbitrary File Disclosure source: https://www.securityfocus.com/bid/3304/info Power Up HTML is a set of HTML-like commands that can be placed into web pages. It provides a central routing point to simplify programming and customization of CGI script...
Power Up HTML 0.8033 Beta - Directory Traversal Arbitrary File Disclosure
source: https://www.securityfocus.com/bid/3304/info Power Up HTML is a set of HTML-like commands that can be placed into web pages. It provides a central routing point to simplify programming and customization of CGI scripts. A vulnerability exists in Power Up HTML which allows directory traversa...
[SNS Advisory No.38] Trend Micro Virus Buster (Ver.3.5x) Remote File Disclosure With IUSER Privilege Vulnerability
---------------------------------------------------------------------- SNS Advisory No.38 Trend Micro Virus Buster Ver.3.5x Remote File Disclosure With IUSER Privilege Vulnerability Problem first discovered: Wed, 18 Jul 2001 Published: Mon, 20 Aug 2001...
[SNS Advisory No.39] WinWrapper Professional 2.0 Remote Arbitrary File Disclosure Vulnerability
---------------------------------------------------------------------- SNS Advisory No.39 WinWrapper Professional 2.0 Remote Arbitrary File Disclosure Vulnerability Problem first discovered: Mon, 16 Jul 2001 Published: Mon, 20 Aug 2001...
PHP-Nuke 5.0 - user.php Form Element Substitution
PHP-Nuke 5.0 - user.php Form Element Substitution source: https://www.securityfocus.com/bid/3107/info PHP-Nuke is a website creation/maintenance tool written in PHP3. If a malicious user may subtitute arbitrary values for image form elements in the PHP-Nuke User Registration Form by saving the...
PHP-Nuke 5.0 - 'user.php' Form Element Substitution
source: https://www.securityfocus.com/bid/3107/info PHP-Nuke is a website creation/maintenance tool written in PHP3. If a malicious user may subtitute arbitrary values for image form elements in the PHP-Nuke User Registration Form by saving the webpage locallyas 'user.php.html' and altering the...
QDAV-2001-7-3
Interactive Story File Disclosure Vulnerability qDefense Advisory Number QDAV-2001-7-3 Product: Interactive Story Vendor: Valerie Mates http://www.valeriemates.com Severity: Remote; Attacker may read arbitrary file Versions Affected: Version 1.3 Vendor Status: Vendor contacted; has released new...
Interactive Story File Disclosure Vulnerability
Interactive Story File Disclosure Vulnerability qDefense Advisory Number QDAV-2001-7-3 Product: Interactive Story Vendor: Valerie Mates http://www.valeriemates.com Severity: Remote; Attacker may read arbitrary file Versions Affected: Version 1.3 Vendor Status: Vendor contacted; has released new...
Horde 1.2.x2.1.3 and Imp 2.2.x3.1.2 - File Disclosure
Horde 1.2.x2.1.3 and Imp 2.2.x3.1.2 - File Disclosure source: https://www.securityfocus.com/bid/3067/info A vulnerability has been discovered in Horde Imp which may allow an attacker to access arbitrary system files. The issue occurs due to insufficient sanity checks on user-supplied URI...
Horde 1.2.x/2.1.3 and Imp 2.2.x/3.1.2 - File Disclosure
source: https://www.securityfocus.com/bid/3067/info A vulnerability has been discovered in Horde Imp which may allow an attacker to access arbitrary system files. The issue occurs due to insufficient sanity checks on user-supplied URI parameters. By specifying a malicious INBOX file in a request,...
Basilix Webmail 1.0 - File Disclosure
Basilix Webmail 1.0 - File Disclosure source: https://www.securityfocus.com/bid/2995/info Basilix is a web-based mail application. It offers features such as mail attachments, address book, multiple language and theme support. During operation, Basilix opens a PHP include file using a variable as...
Basilix Webmail 1.0 - File Disclosure
source: https://www.securityfocus.com/bid/2995/info Basilix is a web-based mail application. It offers features such as mail attachments, address book, multiple language and theme support. During operation, Basilix opens a PHP include file using a variable as the filename that can be supplied...
ScreamingMedia SITEware does not adequately validate user input thereby allowing arbitrary file disclosure via directory traversal
Overview A vulnerability exists in ScreamingMedia's SiteWare Editor's Desktop that allows an intruder to read arbitrary files within the SiteWare web hierarchy. Description SiteWare Editor's Desktop is a web-based administration tool for manipulating ScreamingMedia content on a SiteWare web serve...
1C: Arcadia Internet Store 1.0 - Arbitrary File Disclosure
1C: Arcadia Internet Store 1.0 - Arbitrary File Disclosure source: https://www.securityfocus.com/bid/2902/info 1C: Arcadia Internet Store is a online shopping utility for Microsoft Windows NT/2000 that is fully integratable with 1C: Enterprise, another popular Russian web-commerce utility. One of...
1C: Arcadia Internet Store 1.0 - Arbitrary File Disclosure
source: https://www.securityfocus.com/bid/2902/info 1C: Arcadia Internet Store is a online shopping utility for Microsoft Windows NT/2000 that is fully integratable with 1C: Enterprise, another popular Russian web-commerce utility. One of the components of this package, 'tradecli.dll', allows use...
DC Scripts DCShop Beta 1.0 02 - File Disclosure (1)
DC Scripts DCShop Beta 1.0 02 - File Disclosure 1 source: https://www.securityfocus.com/bid/2889/info DCShop is a GCI-based ecommerce system from DCScripts. Under certain configurations, a beta version of this product can allow a remote user to request and obtain files containing confidential ord...