CVE-2010-2445

freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the 1 os, 2 io, 3 package, 4 dofile, 5 loadfile, 6 loadlib, 7 module, and 8 require modules or functions...

CVE-2010-2445

freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the 1 os, 2 io, 3 package, 4 dofile, 5 loadfile, 6 loadlib, 7 module, and 8 require modules or functions...

Работа с инъекциями в MySQL третьей версии

Работа с инъекциями в MySQL третьей версии. Предполагается что у вас есть некоторые знания синтаксиса SQL, а также опыт работы со слепыми инъекциями. Достаточно часто встречаюсь с тем что после того как люди узнают что имеют дело с инъекцией в скриптах, использующих мускул 3 версии, говорят что т...

CVE-2010-2033

Directory traversal vulnerability in the Percha Multicategory Article comperchacategoriestree component 0.6 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. dot dot in the controller parameter to index.php...

CVE-2010-1457

Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 allows local users to read arbitrary files via a 1 -c or 2 -a option, which prints file contents in an error message...

Directory traversal

Directory traversal vulnerability in the Shoutbox Pro comshoutbox component for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php...

CVE-2010-1531

Directory traversal vulnerability in the redSHOP comredshop component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the view parameter to index.php...

CVE-2010-1309

Directory traversal vulnerability in Irmin CMS formerly Pepsi CMS 0.6 BETA2 allows remote attackers to read arbitrary files via a .. dot dot in the w parameter to index.php...

Easy Icon Maker - .ico File Reading Crash

Easy Icon Maker - .ico File Reading Crash ! /usr/bin/python Easy Icon Maker .ico File Reading Crash Homepage: www.icon-maker.com Credit : ItSecTeam mail : [email protected] Web: WwW.ITSecTeam.com Forum: WwW.forum.itsecteam.com Special Tanks : PLATE - [email protected] - B3hz4d - Cdef3nder EAX 30303030 ECX...

Easy Icon Maker - '.ico' File Reading Crash

!/usr/bin/python Easy Icon Maker .ico File Reading Crash Homepage: www.icon-maker.com Credit : ItSecTeam mail : [email protected] Web: WwW.ITSecTeam.com Forum: WwW.forum.itsecteam.com Special Tanks : PLATE - [email protected] - B3hz4d - Cdef3nder EAX 30303030 ECX 00000000 EDX 00000000 EBX 00000000 ESP...

CVE-2009-4665

CVE-2009-4665 affects CuteSoft Components Cute Editor for ASP.NET. Affected component: CuteSoft_Client/CuteEditor/Load.ashx. Vulnerability type: directory traversal via the file parameter using a .. payload, enabling reading of arbitrary files. Base CVSS v2 score 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) ...

CVE-2009-4023

Argument injection vulnerability in the sendmail implementation of the Mail::Send method Mail/sendmail.php in the Mail package 1.1.14 for PEAR allows remote attackers to read and write arbitrary files via a crafted $from parameter, a different vector than CVE-2009-4111...

CVE-2009-3123

CVE-2009-3123 is a directory traversal vulnerability in Wap-Motor (before version 18.1) affecting the file gallery/gallery.php . The issue occurs when an attacker supplies a malicious value for the image parameter containing “..”, enabling an attacker to read arbitrary files and potentially discl...

CVE-2009-2701

The CVE-2009-2701 issue affects Zope Object Database (ZODB) with ZEO storage-server sharing and blob support enabled, specifically ZODB versions prior to 3.8.3 (3.8.x) and prior to 3.9.0c2 (3.9.x). The vulnerability allows remote authenticated users to read or delete arbitrary files via unknown v...

CVE-2009-2944

Incomplete blacklist vulnerability in the teximg plugin in ikiwiki before 3.1415926 and 2.x before 2.53.4 allows context-dependent attackers to read arbitrary files via crafted TeX commands...

DEBIAN-CVE-2009-2334

wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a configuration file in the page parameter to obtain sensitive information or modify this file, as...

CVE-2009-2325

CVE-2009-2325 affects Clicknet CMS 2.1, via a directory traversal in index.php: an attacker can read arbitrary files by supplying .. in the side parameter. The NVD entry confirms the vulnerability with a CVSS v2 base score of 5.0 (Medium) and network access with no authentication. Several connect...

CVE-2009-2166

Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter...

KLA10210 Vulnerability in IBM Tivoli Storage Manager

An unspecified vulnerability was found in IBM Tivoli Storage Manager. By exploiting this vulnerability malicious users can conduct a man-in-the-middle attack and read arbitrary files. This vulnerability can be exploited remotely at a point related to SSL. Original advisories - Related products...

AIX 5.3 TL 6 : bos.rte.cron (U821986)

The remote host is missing AIX PTF U821986, which is related to the security of the package bos.rte.cron. The at command does not drop permissions when reading certain files. A local attacker may exploit this error to read any file on the system because the command is setuid root. The following...