5642 matches found
soft lite serverworx 3.0 - Directory Traversal
soft lite serverworx 3.0 - Directory Traversal source: https://www.securityfocus.com/bid/2346/info It is possible for a remote user to gain read access to directories and files outside the root directory of ServerWorx. Requesting a specially crafted URL composed of '../' or '.../' sequences will...
GoAhead Web Server 2.02.1 - Directory Traversal
GoAhead Web Server 2.02.1 - Directory Traversal source: https://www.securityfocus.com/bid/2334/info A specially crafted URL composed of '..' sequences along with the known filename will disclose the requested file. This vulnerability will also allow an attacker to execute arbitrary code with root...
PALS Library System WebPALS 1.0 - pals-cgi Arbitrary Command Execution
PALS Library System WebPALS 1.0 - pals-cgi Arbitrary Command Execution source: https://www.securityfocus.com/bid/2372/info A specially crafted URL composed of a known filename, will disclose the requested file residing on a machine running WebPALS. This vulnerability will also allow an attacker t...
GoAhead Web Server 2.0/2.1 - Directory Traversal
source: https://www.securityfocus.com/bid/2334/info A specially crafted URL composed of '..' sequences along with the known filename will disclose the requested file. This vulnerability will also allow an attacker to execute arbitrary code with root privileges. Gaining access to a known file:...
fastream ftp++ 2.0 - Directory Traversal
fastream ftp++ 2.0 - Directory Traversal source: https://www.securityfocus.com/bid/2267/info It is possible for a remote uesr to gain read permissions outside of the Faststream FTP++ Server directory. By requesting an 'ls' command along with the drive name, Fastream FTP++ will disclose the conten...
Technote 20002001 - Filename Command Execution File Disclosure
Technote 20002001 - Filename Command Execution File Disclosure source: https://www.securityfocus.com/bid/2156/info Technote Inc. offers a multi-communication Package that includes a web board type of service. A script that ships with Technote, 'main.cgi', accepts a parameter called 'filename'. Th...
Technote 2000/2001 - 'Filename' Command Execution / File Disclosure
source: https://www.securityfocus.com/bid/2156/info Technote Inc. offers a multi-communication Package that includes a web board type of service. A script that ships with Technote, 'main.cgi', accepts a parameter called 'filename'. This remotely supplied variable is used as a filename when the op...
Technote 20002001 - board File Disclosure
Technote 20002001 - board File Disclosure source: https://www.securityfocus.com/bid/2155/info Technote Inc. offers a Multicommunication Package which includes a web board type of service. A script that ships with Technote, print.cgi, accepts a parameter called "board". This remotely-supplied...
Technote 2000/2001 - 'board' File Disclosure
source: https://www.securityfocus.com/bid/2155/info Technote Inc. offers a Multicommunication Package which includes a web board type of service. A script that ships with Technote, print.cgi, accepts a parameter called "board". This remotely-supplied variable is used as a filename when the open...
Microsoft Internet Explorer vulnerable to file disclosure via code containing GetObject() function
Overview Internet Explorer may disclose files on your computer if you visit a malicious web site or read a mail message with Active Scripting enabled. Description By design, Microsoft Internet Explorer prevents programs on web sites from reading files on your computer without authorization...
Apache 1.3 + PHP 3 - File Disclosure
Apache 1.3 + PHP 3 - File Disclosure source: https://www.securityfocus.com/bid/2060/info Apache Web Server is subject to disclose files to unauthorized users when used in conjunction with the PHP3 script language. By requesting a specially crafted URL by way of php, it is possible for a remote us...
Apache 1.3 + PHP 3 - File Disclosure
source: https://www.securityfocus.com/bid/2060/info Apache Web Server is subject to disclose files to unauthorized users when used in conjunction with the PHP3 script language. By requesting a specially crafted URL by way of php, it is possible for a remote user to gain read access to a known fil...
Quikstore File Disclosure Vulnerability
...
DCForum 1-6 - Arbitrary File Disclosure
DCForum 1-6 - Arbitrary File Disclosure source: https://www.securityfocus.com/bid/1951/info DCForum is a commercial cgi script from DCScripts which is designed to facilitate web-based threaded discussion forums. The script improperly validates user-supplied input, which allows the remote viewing ...
DCForum 1-6 - Arbitrary File Disclosure
source: https://www.securityfocus.com/bid/1951/info DCForum is a commercial cgi script from DCScripts which is designed to facilitate web-based threaded discussion forums. The script improperly validates user-supplied input, which allows the remote viewing of arbitrary files on the host which are...
Microsoft Indexing Service (Windows 2000) - File Verification
Demo - IE 5.x Win2000 Indexing service vulnerability Demo - IE 5.x Win2000 Indexing service vulnerability Legal Notice: This Advisory and Demonstration is Copyright c 2000 Georgi Guninski. You may distribute it unmodified. You may not modify it and distribute it or distribute parts of it without...
Cisco Catalyst 3500 XL - Arbitrary Command Execution
Cisco Catalyst 3500 XL - Arbitrary Command Execution source: https://www.securityfocus.com/bid/1846/info A vulnerability exists in the webserver configuration interface which will allow an anonymous user to execute commands. A http request which includes /exec and a known filename will reveal the...
anaconda Foundation 1.4 1.9 - Directory Traversal
anaconda Foundation 1.4 1.9 - Directory Traversal source: https://www.securityfocus.com/bid/2338/info A vulnerability exists in Anaconda Foundation Directory which allows a remote user to traverse the filesystem of a target computer. This may lead to the disclosure of file and directory contents...
anaconda Foundation 1.4 < 1.9 - Directory Traversal
source: https://www.securityfocus.com/bid/2338/info A vulnerability exists in Anaconda Foundation Directory which allows a remote user to traverse the filesystem of a target computer. This may lead to the disclosure of file and directory contents. Arbitrary files can be accessed through the use o...
Oatmeal Studios Mail File 1.10 - Arbitrary File Disclosure
Oatmeal Studios Mail File 1.10 - Arbitrary File Disclosure source: https://www.securityfocus.com/bid/1807/info OatMeal studios' Mail-File is a cgi application that allows for sending of certain files to user-specified email addresses via a web interface. A vulnerability exists in this script that...