CVE-2007-5299

Multiple directory traversal vulnerabilities in SkaDate 5.0 and 6.0, and possibly later versions such as 6.482, allow remote attackers to read arbitrary files via a .. dot dot in the viewmode parameter to 1 featuredlist.php and 2 onlinelist.php in member/...

CVE-2007-4726

Web Oddity 0.09b contains a directory traversal vulnerability that lets remote attackers read arbitrary files via a .. in the request URI. The available documents identify the affected product and the vulnerability class but do not provide remediation steps. Exploitation details or patches are no...

EUVD-2007-3241

Multiple directory traversal vulnerabilities in e-Vision CMS 2.02 and earlier allow remote attackers to 1 include and execute arbitrary local files via a .. dot dot in the adminlang cookie to admin/functions.php or 2 read arbitrary local files via the img parameter to admin/showimg.php...

Firefox 0day local file reading

Firefox 0day local file reading By Thor Larholm RSnake mentioned a potential way to read security sensitive configuration settings from Firefox on ha.ckers.org, with an example PoC from Sergey Vzloman that used the resource:// URL protocol handler in Firefox. Unfortunately, the settings that were...

EUVD-2007-2435

Directory traversal vulnerability in Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to read certain files via a .. dot dot in a URI containing a "\web-inf" sequence...

CVE-2007-2440

Directory traversal vulnerability in Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to read certain files via a .. dot dot in a URI containing a "\web-inf" sequence...

Design/Logic Flaw

picture.php in WebSPELL 4.01.02 and earlier allows remote attackers to read arbitrary files via the file parameter...

CVE-2007-2369

CVE-2007-2369 affects WebSPELL up to version 4.01.02 (and earlier) where Picture.php is vulnerable when PHP

Design/Logic Flaw

The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-dependent attackers to bypass safemode restrictions and read arbitrary files by referring to local files with a certain URL syntax instead of a pathname syntax, as demonstrated by a filename preceded a "php://../../" sequence...

Fizzle : Firefox Extension Vulnerability

Fizzle allows feeds to use HTML in feed data resulting in JavaScript being run in the chrome: window with chrome permissions. The extension will convert HTML entities back to their ASCII equivalents thus becomes and so forth. Various feeds fields are vulnerable including the title which allows th...

fizzle-access.txt

Fizzle allows feeds to use HTML in feed data resulting in JavaScript being run in the chrome: window with chrome permissions. The extension will convert HTML entities back to their ASCII equivalents thus for formatting to lose their layout I told him it would be too difficult to sanitize the data...

Fedora Core 6 : xen-3.0.3-8.fc6 (2007-343)

A flaw was found affecting the VNC server code in QEMU. On a fully virtualized guest VM, where qemu monitor mode is enabled, a user who had access to the VNC server could gain the ability to read arbitrary files as root in the host filesystem. CVE-2007-0998 Note that Tenable Network Security has...

Fizzle 0.5 - RSS Feed HTML Injection

source: https://www.securityfocus.com/bid/23144/info Fizzle is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of the...

CVE-2007-0998

Summary of CVE-2007-0998 : The vulnerability concerns the VNC server implementation in QEMU (as used by Xen and potentially other environments). It allows local users within a guest OS to read arbitrary files on the host via the QEMU monitor mode, demonstrated by mapping files to a CD-ROM device;...

CVE-2007-1509

Directory traversal vulnerability in enkrypt.php in Sascha Schroeder krypt aka Holtstraeter Rot 13 allows remote attackers to read arbitrary files via a .. dot dot in the datei parameter...

Code injection

download.php in McGallery 0.5b allows remote attackers to read arbitrary files and obtain script source code via the filename parameter...

CVE-2007-1138

Absolute path traversal vulnerability in listmainpages.php in Cromosoft Simple Plantilla PHP SPP allows remote attackers to list arbitrary directories, and read arbitrary files, via an absolute pathname in the nfolder parameter...

CVE-2007-1199

Adobe Reader and Acrobat Trial allow remote attackers to read arbitrary files via a file:// URI in a PDF document, as demonstrated with , a different issue than CVE-2007-0045...

CVE-2007-1199

CVE-2007-1199 describes a vulnerability in Adobe Reader/Acrobat where a PDF containing a file:// URI can cause a remote attacker to read arbitrary files, as demonstrated with URI(file:///C:/). The issue is distinct from CVE-2007-0045. The NVD entry lists a MEDIUM impact with network attack vector...

CVE-2007-1191

The CVE-2007-1191 issue affects the Social Bookmarks (del.icio.us) plug‑in 8F for Quicksilver. The vulnerability detail states that usernames and passwords are written in plaintext to the file /Library/Logs/Console/UID/Console.log, allowing local users to read sensitive information. This is a loc...