FreeBSD : shoutcast -- XSS, information exposure (67dbe99f-0f09-11db-94f8-00e029485e38)

Goober's advisory reports reports that shoutcast is vulnerable to an arbitrary file reading vulnerability : Impact of the vulnerability depends on the way the product was installed. In general, the vulnerability allows the attacker to read any file which can be read by the Shoutcast server proces...

CVE-2006-3392

Webmin before 1.290 and Usermin before 1.220 calls the simplifypath function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename...

Slackware 10.0 / 10.1 / 10.2 / current : kdebase kdm local file reading vulnerability (SSA:2006-178-01)

New kdebase packages are available for Slackware 10.0, 10.1, 10.2, and -current to fix a security issue with KDM the KDE login manager which could be exploited by a local attacker to read any file on the system. The official KDE security advisory may be found here:...

CVE-2006-3182

CVE-2006-3182 affects MobeScripts Mobile Space Community 2.0. The vulnerability is a directory traversal in index.php, exploitable via a .. sequence in the uid parameter on the rss page, enabling remote attackers to read arbitrary files. The NVD entry lists a CVSSv2 base score of 7.5 (HIGH) with ...

shoutcast -- cross-site scripting, information exposure

Goober's advisory reports reports that shoutcast is vulnerable to an arbitrary file reading vulnerability: Impact of the vulnerability depends on the way the product was installed. In general, the vulnerability allows the attacker to read any file which can be read by the Shoutcast server process...

CVE-2006-2692

Multiple unspecified vulnerabilities in aMuleWeb for AMule before 2.1.2 allow remote attackers to read arbitrary image, HTML, or PHP files via unknown vectors, probably related to directory traversal...

CVE-2006-2427

The CVE affects freshclam in Clam Antivirus (ClamAV) 0.88 and ClamXav 1.0.3h and earlier. The root cause is that the process does not drop privileges before handling the config-file command line option, enabling local users to read portions of arbitrary files when an error message displays the fi...

CVE-2006-2082

Directory traversal vulnerability in Quake 3 engine, as used in products including Quake3 Arena, Return to Castle Wolfenstein, Wolfenstein: Enemy Territory, and Star Trek Voyager: Elite Force, when the svallowdownload cvar is enabled, allows remote attackers to read arbitrary files from the serve...

Multiple Vulnerabilities In IdealBB ASP Bulletin Board

======================================================================== = CodeScan Advisory, codescan.com [email protected] = = Multiple Vulnerabilities In IdealBB ASP Bulletin Board = = Vendor Website: = http://www.idealscience.com = = Affected Version: = Version 1.5.4a And Earlier = =...

CVE-2006-1729

Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by 1 inserting the target filename into a text box, then turning that box into a file upload control, or 2 changing the type of the...

CVE-2006-1729

Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by 1 inserting the target filename into a text box, then turning that box into a file upload control, or 2 changing the type of the...

CVE-2005-4758

CVE-2005-4758 affects BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier. The vulnerability arises in the Administration server, allowing remote authenticated Admin users to read arbitrary files through an internal servlet accessed via HTTP. The description characterizes the flaw as uns...

Directory traversal

Directory traversal vulnerability in index.php in ViHor Design allows remote attackers to read arbitrary files via the page parameter...

CVE-2003-1299

CVE-2003-1299 affects Baby FTP Server 1.2. A directory traversal flaw via the CWD command using triple dots (… ) enables remote authenticated users to list arbitrary directories and possibly read files. The description does not specify patches or fixed versions in the provided documents. Impact i...

Command injection

Adobe Graphics Server 2.0 and 2.1 formerly AlterCast and Adobe Document Server ADS 5.0 and 6.0 allows local users to read files with certain extensions or overwrite arbitrary files and execute code via a crafted SOAP request to the AlterCast web service in which the request uses the 1 saveContent...

CVE-2006-1062

Unspecified vulnerability in lurker.cgi for Lurker 2.0 and earlier allows attackers to read arbitrary files via unknown vectors...

4Images <= 1.7.1 (Local Inclusion) Remote Code Execution Exploit

No description provided by source. ?php ----4images171inclxpl.php 6.45 26/02/2006 4Images = 1.7.1 remote commands execution through arbitrary local inclusion coded by rgod site: http://retrogod.altervista.org - this works regardless of magicquotesgpc settings Sun-Tzu: "Having doomed spies, doing...

чтение произвольного файла в ODFaq 2.1.0

Программа: ODFaq 2.1.0 http://www.oodie.com/project/odfaq/ Описание: в интерактивной системе ODFaq 2.1.0 существует возможность обхода ограничения на чтение файлов с сервера. В файле config.inc.php в ассоциативном массиве $PAGE прописаны все страницы, доступные для выполнения через параметр P в...

CVE-2006-0434

Directory traversal vulnerability in action.php in phpXplorer allows remote attackers to read arbitrary files via ".." dot dot sequences and null bytes in the sAction parameter, a different vulnerability than CVE-2006-0244. NOTE: if the functionality of phpXplorer supports the upload of PHP files...

Oracle Reports arbitrary file reading vulnerability

Overview Oracle Reports fails to validate URI parameters, possibly allowing a remote attacker to read arbitrary files on the Reports Server. Description Oracle Reports is an enterprise reporting tool that extracts data from multiple sources and inserts it into a formatted report. It is a componen...