CVE-2007-0929

CVE-2007-0929 affects the php rrd browser project, specifically versions prior to 0.2.1. The vulnerability is a directory traversal flaw that allows remote attackers to read arbitrary files by manipulating the p parameter with ".." sequences. The NVD entry documents a base CVSS v2 score of 5.0 (M...

CVE-2007-0412

BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP7, and 8.1 through 8.1 SP5 allows remote attackers to read arbitrary files inside the class-path property via .ear or exploded .ear files that use the manifest class-path property to point to utility jar files...

Code injection

Unspecified vulnerability in HP OpenView Network Node Manager OV NNM 6.20, 6.4x, 7.01, and 7.50 allows remote attackers to read arbitrary files via unknown vectors...

@lex Guestbook 4.0.2 - Remote Command Execution

@lex Guestbook 4.0.2 - Remote Command Execution !/usr/bin/php @lex Guestbook ======================================================== | status Retrieving the administrator password | sploit AdminUsername::root | sploit AdminPassword::toor | status Trying to get logged in | sploit Done | status...

SiteKiosk < 6.5.150 Multiple Vulnerabilities

According to its version number, the installation of SiteKiosk on the remote host contains an unspecified ActiveX control that is marked as 'safe for scripting' yet exposes two dangerous methods that reading and downloading of any file from the kiosk. In addition, it fails to completely sanitize...

CVE-2006-6725

Multiple directory traversal vulnerabilities in PHPBuilder 0.0.2 and earlier allow remote attackers to read arbitrary files via a .. dot dot in the filename parameter to 1 lib/htm2php.php and 2 sitetools/htm2php.php. NOTE: The provenance of this information is unknown; the details are obtained...

Oracle 9i10g - utl_file FileSystem Access

Oracle 9i10g - utlfile FileSystem Access -- -- $Id: raptororafile.sql,v 1.1 2006/12/19 14:21:00 raptor Exp $ -- -- raptororafile.sql - file system access suite for oracle -- Copyright c 2006 Marco Ivaldi -- -- This is an example file system access suite for Oracle based on the utlfile -- package...

CVE-2006-6384

CVE-2006-6384 affects the aBitWhizzy web application component abitwhizzy.php, prior to version 20061204. The vulnerability is an absolute path traversal in the Filename field (f parameter) that allows remote attackers to read arbitrary files. The issue is a variant of CVE-2006-6084. Related entr...

CVE-2006-6259

Multiple directory traversal vulnerabilities in a class/functions.php and b class/mbro.php in AlternC 0.9.5 and earlier allow remote attackers to 1 create arbitrary files and directories via a .. dot dot in the "create name" field and 2 read arbitrary files via a .. dot dot in the "web root" fiel...

contentserv 4.x

ContentServ again still features remote reading of arbitrary files ==================================================================== ContentServ is a cms and "cross media publishing" software. Let me quote from their website: "At ContentServ, there is always something happening. We continously...

ContentServ 4.x - &#039;/admin/FileServer.php&#039; File Disclosure

ContentServ again still features remote reading of arbitrary files ==================================================================== ContentServ is a cms and "cross media publishing" software. Let me quote from their website: "At ContentServ, there is always something happening. We continously...

CVE-2006-6084

CVE-2006-6084 is a directory traversal in abitwhizzy.php of aBitWhizzy that lets remote attackers read arbitrary files via a .. in the f parameter. The PTSecurity entry reiterates the vulnerability and notes affected software without specifying fixed versions, and the NVD entry provides the same ...

EUVD-2006-5757

Directory traversal vulnerability in index.php in FreeWebshop 2.2.1 and earlier allows remote attackers to read arbitrary files and disclose the installation path via a .. dot dot in the action parameter...

CVE-2006-5319

Foafgen 0.3 is affected by a directory traversal in redir.php that allows a remote attacker to read arbitrary files using a .. segment in the foaf parameter. The vulnerability is triggered by supplying a traversing path via the foaf parameter, enabling access to filesystem content. Exploitation d...

CVE-2006-5205

Vulnerability CVE-2006-5205 affects Invision Gallery 2.0.7. A directory traversal flaw allows remote attackers to read arbitrary files via a .. sequence in the dir parameter when using the viewimage command in the gallery module (index.php and forum/index.php). Public exploit references exist (Ex...

CVE-2006-4914

CVE-2006-4914 describes a directory traversal vulnerability in A.l-Pifou 1.8p2. An attacker can read arbitrary files by manipulating the ze_langue_02 cookie via the choix_lng parameter to choix_langue.php, which indirectly sets the cookie and allows triggering an inclusion from inc/change_lang_ck...

PYSEC-2006-8

The docutils module in Zope Zope2 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText reST markup, which allows remote attackers to read arbitrary files via a csvtable directive, a different vulnerability than CVE-2006-3458...

CVE-2006-4615

The CVE documents a vulnerability in Shape Services IM+ Mobile Instant Messenger for Pocket PC, version 3.10, where usernames and passwords are stored in plaintext in %PROGRAMFILES%\IMPlus\implus.cfg. This local-access issue allows a user with file-read privileges to obtain credentials. Affected ...

CVE-2006-4353

The CVE concerns Sun Java System Content Delivery Server versions 4.0, 4.1 and 5.0. Affected component: Content Delivery Server; vulnerability type described as an unspecified flaw that allows local and remote attackers to read data from arbitrary files via unspecified vectors. The exact root cau...

CVE-2006-3921

Summary (CVE-2006-3921): Affects Sun Java System Application Server (SJSAS) 7–8.1 and Web Server (SJSWS) 6.0–6.1. The issue permits remote authenticated users to read files outside the “document root” via a direct request using a UTF-8 encoded URI. The NVD entry lists a Medium base score (AV:N/AC...