CVE-2004-0452

Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack...

CVE-2002-1381

Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pidfilepath value...

Ipswitch WS_FTP Server 5.0.x - CD Command Malformed File Path Remote Denial of Service

Ipswitch WSFTP Server 5.0.x - CD Command Malformed File Path Remote Denial of Service source: https://www.securityfocus.com/bid/11065/info WSFTP Server is reported prone to a remote denial of service vulnerability. This issue presents itself when the application processes a malformed file path...

Ipswitch WS_FTP Server 5.0.x - CD Command Malformed File Path Remote Denial of Service

source: https://www.securityfocus.com/bid/11065/info WSFTP Server is reported prone to a remote denial of service vulnerability. This issue presents itself when the application processes a malformed file path through the 'cd' command. WSFTP Server version 5.0.2 is reported prone to this issue,...

unzip directory traversal revisited

unzip directory traversal revisited problem: well I kinda stumbled over this when i was looking for something else A while back some fuss was made over the use of .. sequences in archives because it allows you to craft an archive which will trojan your system on extraction the creators of unzip...

CVE-2001-1372

Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message...

DEBIAN-CVE-2003-0165

Format string vulnerability in Eye Of Gnome EOG allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display...

CVE-2001-1372

CVE-2001-1372 affects Oracle 9i Application Server (AS) 1.0.2. It enables an attacker to disclose the server’s physical webroot path by requesting a non-existent .JSP file, because the default error message leaks the pathname. The vulnerability is a information disclosure issue, with CVSS-like co...

CVE-2003-0153

bonsai Mozilla CVS query tool leaks the absolute pathname of the tool in certain error messages generated by 1 cvslog.cgi, 2 cvsview2.cgi, or 3 multidiff.cgi...

linux kmod/ptrace bug - details

Hello There are many discussions on slashdot for example on the recent linux ptrace & kmod bug. I'll try to clarify what is this all about. It's a local root vulnerability. It's exploitable only if: 1. the kernel is built with modules and kernel module loader enabled and 2...

CVE-2002-2295

Buffer overflow in Pico Server pServ 2.0 beta 1 through beta 5 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 a 1024-byte TCP stream message, which triggers an off-by-one buffer overflow, or 2 a long method name in an HTTP request, 3 a long...

DEBIAN-CVE-2002-1381

Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pidfilepath value...

Bharat Mediratta Gallery 1.x - Remote File Inclusion

Bharat Mediratta Gallery 1.x - Remote File Inclusion source: https://www.securityfocus.com/bid/5375/info Gallery is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. This issue is present in several PHP script files provided with Gallery. An...

CGIscript.net - csPassword.cgi - Multiple Vulnerabilities

CGIscript.net - csPassword.cgi - Multiple Vulnerabilities --------------------------------------------------------------------- Date : May 29, 2002 Product : csPassword.cgi Vendor : WWW.CGIscript.NET, LLC. Homepage : http://www.cgiscript.net/ DISCUSSION:...

CVE-2001-1372

Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message...

AOL Instant Messenger exposes local file path during file transfers

Overview AOL Instant Messenger AIM disclose local file paths during transfer. Description AOL Instant Messenger AIM is a program for communicating with other users over the Internet. AIM permits users to transfer files from one client to another. When the file is transferred, the entire local pat...

(Repost) CwpApi : GetRelativePath() returns invalid paths (security advisory)

ACD Incorporated Security Advisory Project: Comprehensive Web Programming API Synopsis: GetRelativePath in CwpApi.php returns paths outside of the HTTP ServerRoot. Advisory date: January 18, 2002 New version: 1.1.1 1. In Brief: An updated CwpApi release is available which fixes a minor security b...

Реальный путь к файлам в XCache (information leakage)

В заголовках HTTP-ответа содержится реальный путь к файлу...

oracle.9i.path.txt

Product: Oracle 9i Application Server. Description: The Oracle 9i Application Server uses the Apache web server for HTTP service. However, if a request is made for a non-existent .jsp file, the complete path is shown. For instance, if you were to make the following request at a server running...

ACI 4D WebServer Directory traversal.

vendor: http://www.4d.com/ current version: 6.7 tested version: 6.57 , others? This directory transversal hole seems to work on ACI 4d webserver running on the NT platform. I would imagine exploitation on a macos box would be similar but would require the proper mac filesystem path to the file yo...