CVE-2009-1368

Directory traversal vulnerability in index.php in moziloCMS 1.11 allows remote attackers to read arbitrary files via a .. dot dot in the page parameter. NOTE: this might be the same issue as CVE-2008-6126.2, which may have been fixed in 1.10.3...

CVE-2009-1368

CVE-2009-1368 describes a directory traversal vulnerability in moziloCMS 1.11 where an attacker can read arbitrary files by injecting a deroute “..” into the page parameter of index.php. Related entries indicate a similar issue in moziloCMS 1.10.2 and earlier (CVE-2008-6126) with the same dot-dot...

CVE-2008-6335

CVE-2008-6335 affects the eMetrix Online Keyword Research Tool via a directory traversal in download.php. The vulnerability allows remote attackers to read arbitrary files by supplying a .. sequence in the filename parameter, exposing confidential data. The NVD notes a CVSS v2 base score of 7.8 (...

linux/x86 file reader 65 bytes + pathname

linux/x86 file reader 65 bytes + pathname. Shellcode exploit for linx86 platform / Linux/x86 file reader. 65 bytes + pathname Author: certaindeath Source code: start: xor %eax, %eax xor %ebx, %ebx xor %ecx, %ecx xor %edx, %edx jmp two one: pop %ebx movb $5, %al xor %ecx, %ecx int $0x80 mov %eax,...

CVE-2009-0355

components/sessionstore/src/nsSessionStore.js in Mozilla Firefox before 3.0.6 does not block changes of INPUT elements to type="file" during tab restoration, which allows user-assisted remote attackers to read arbitrary files on a client machine via a crafted INPUT element...

CVE-2009-0355

CVE-2009-0355 affects Mozilla Firefox (components/sessionstore/src/nsSessionStore.js). Root cause: code does not block changes to input type="file" during tab restoration, enabling a crafted tab to let a user‑assisted remote attacker read arbitrary files on the client. Impact: local file disclosu...

Code injection

front-end/edit.php in mini-pub 0.3 and earlier allows remote attackers to read files and obtain PHP source code via a filename in the sFileName parameter...

CVE-2008-5936

front-end/edit.php in mini-pub 0.3 and earlier allows remote attackers to read files and obtain PHP source code via a filename in the sFileName parameter...

Ninja Blog 4.8 Remote Information Disclosure Vulnerability

Exploit for unknown platform in category web applications ========================================================== Ninja Blog 4.8 Remote Information Disclosure Vulnerability ========================================================== Vendor: http://ninjadesigns.co.uk Versions: Ninja Blog 4.8 May...

mysql reads the file in several ways and application-vulnerability warning-the black bar safety net

Today a friend asked me how to in mysql read the file, the I asked, stunned, found himself still guilty of careless: the problem is, therefore, specially checked the mysql manual. The ideas are the same, in the have the file permissions of the premise, to read the file as a string into a table,...

opera 9.52 using ajax to read a local file vulnerability-vulnerability warning-the black bar safety net

by emptiness prodigal heart This may also be a safety feature right, opera can use ajax to read a local file. ff3 does not have this vulnerability. Not nonsense, look at the code. Use as follows: This piece of code saved as a local htm file, and then use opera to open. Will put a local user name...

RSS Simple News - SQL Injection

RSS Simple News - SQL Injection !/usr/bin/perl Coded by Piker pikerdotther00tatgmaildotcom D.O.M Team piker,ka0x,an0de,xarnuz 2008 Security Researchers RSS Simple News Remote SQL Injection Exploit http://sourceforge.net/projects/rss-simple-news/ This exploit tries to read an arbitrary file. It...

RSS Simple News - SQL Injection

!/usr/bin/perl Coded by Piker pikerdotther00tatgmaildotcom D.O.M Team piker,ka0x,an0de,xarnuz 2008 Security Researchers RSS Simple News Remote SQL Injection Exploit http://sourceforge.net/projects/rss-simple-news/ This exploit tries to read an arbitrary file. It needs magicquotesgpc=off...

CVE-2008-5587

Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when registerglobals is enabled, allows remote attackers to read arbitrary files via a .. dot dot in the language parameter to index.php...

Design/Logic Flaw

The SAN Manager Master Agent service aka msragent.exe in EMC Control Center before 6.1 does not properly authenticate SSTSENDFILE requests, which allows remote attackers to read arbitrary files...

gCards Multiple Vulnerabilities

The remote web server contains a PHP application that is prone to multiple vulnerabilities. Description : The remote host is running gCards, a free electronic greeting card system written in PHP. The installed version of gCards fails to sanitize user input to the 'setLang' parameter in the...

CVE-2008-4638

qioadmin in the Quick I/O for Database feature in Symantec Veritas File System VxFS on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, allows local users to read arbitrary files by causing qioadmin to write a file's content to standard error in an error message...

CVE-2008-4075

CVE-2008-4075 is a directory traversal vulnerability in D-iscussion Board 3.01 (index.php) that allows remote attackers to read arbitrary files via a .. in the topic parameter. Affected software: D-iscussion Board 3.01. Root cause: traversal in topic parameter handling. Impact (as per NVD): parti...

CVE-2008-3946

The finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to read arbitrary files via a link corresponding to a 1 .plan or 2 .project file...

FreeBSD Ports: phpmyadmin

The remote host is missing an update to the system as announced in the referenced advisory. VID fe971a0f-1246-11dd-bab7-0016179b2dd5 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...