CVE-2005-4212

CVE-2005-4212 affects phpCOIN 1.2.2. A directory traversal vulnerability in coin_includes/db.php permits remote attackers to read arbitrary local files by supplying ".." sequences in the $_CCFG[_PKG_PATH_DBSE] variable. This is a server-side path traversal in the PHP include logic, enabling expos...

CVE-2005-4160

The CVE-2005-4160 entry concerns Torrential 1.2 and a directory traversal vulnerability in getdox.php that lets remote attackers read arbitrary files via ".. /" in the query. Connected documents confirm the same vulnerability description and indicate the affected component is getdox.php within To...

CVE-2005-4156

CVE-2005-4156 affects Mambo 4.5 (1.0.0) through 4.5 (1.0.9) with magic_quotes_gpc disabled. A remote attacker can read arbitrary files and potentially cause a denial of service via a query string that ends with a NULL character. Root cause: input handling vulnerability allowing unintended file ac...

Help Center Live 1.0/1.2/2.0 - 'module.php' Local File Inclusion

source: https://www.securityfocus.com/bid/15404/info Help Center Live is prone to a local file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to disclose sensitive information. This may help wi...

toendaCMS < 0.6.2.1 Multiple Vulnerabilities

The remote host is running toendaCMS, a content management and weblogging system written in PHP. The version of toendaCMS installed on the remote host allows an unauthenticated attacker to read arbitrary files by manipulating the 'iduser' parameter of the 'engine/admin/admin.php' script. In...

GuildFTPd Directory Traversal

Version 0.97 of GuildFTPd was detected. A security vulnerability in this product allows anyone with a valid FTP login to read arbitrary files on the system. OpenVAS Vulnerability Test $Id: GuildFTPD097.nasl 6063 2017-05-03 09:03:05Z teissa $ Description: GuildFTPd Directory Traversal Authors: Yoa...

Oracle 9iAS Jsp Source File Reading

In a default installation of Oracle 9iAS it is possible to read the source of JSP files. When a JSP is requested it is compiled 'on the fly' and the resulting HTML page is returned to the user. Oracle 9iAS uses a folder to hold the intermediate files during compilation. These files are created in...

PHP.EXE / Apache HTTP Server Win32 Arbitrary File Reading Vulnerability - Active Check

A configuration vulnerability exists for PHP.EXE cgi running on Apache HTTP Server for Win32 platforms. SPDX-FileCopyrightText: 2002 Matt Moore Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

FAQManager Arbitrary File Reading Vulnerability

FAQManager is a Perl-based CGI for maintaining a list of Frequently asked Questions. Due to poor input validation it is possible to use this CGI to view arbitrary files on the web server. For example: someserver.com/cgi-bin/faqmanager.cgi?toc=/etc/passwd%00 SPDX-FileCopyrightText: 2002 Matt Moore...

ServletExec 4.1 ISAPI File Reading

By invoking the JSPServlet directly it is possible to read the contents of files within the webroot that would not normally be accessible global.asa, for example. SPDX-FileCopyrightText: 2002 Matt Moore Some text descriptions might be excerpted from a referenced sources, and are Copyright C by th...

FAQManager Arbitrary File Reading Vulnerability

FAQManager is a Perl-based CGI for maintaining a list of Frequently asked Questions. Due to poor input validation it is possible to use this CGI to view arbitrary files on the web server. For example: http://www.someserver.com/cgi-bin/faqmanager.cgi?toc=/etc/passwd%00 OpenVAS Vulnerability Test...

ServletExec 4.1 ISAPI File Reading

By invoking the JSPServlet directly it is possible to read the contents of files within the webroot that would not normally be accessible global.asa, for example. When attempting to retrieve ASP pages it is common to see many errors due to their similarity to JSP pages in syntax, and hence only...

CVE-2005-3163

Unspecified vulnerability in Polipo 0.9.8 and earlier allows attackers to read files outside of the web root...

CVE-2005-3163

Unspecified vulnerability in Polipo 0.9.8 and earlier allows attackers to read files outside of the web root...

contentServ.txt

---------------------------------------------------------------------- -- ContentServ still features remote reading of arbitrary files -- ------------------------- [email protected] ------------------------ / Boring PHP bug warning: """""""""""""""""""""""""""""" By reading boring PHP bug...

CVE-2005-2792

Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to read arbitrary files via a .. dot dot in the customwelcomepage parameter...

PHPMyFAQ 1.5.1 - Local File Inclusion

PHPMyFAQ 1.5.1 - Local File Inclusion source: https://www.securityfocus.com/bid/14929/info PHPMyFAQ is prone to a local file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...

CVE-2005-2613

Unknown vulnerability in CPAINT Ajax Toolkit before 1.3-SP allows attackers to execute arbitrary PHP or ASP code or read files via unknown vectors...

CVE-2001-1580

CVE-2001-1580 : A directory traversal vulnerability exists in ScriptEase viewcode.jse for NetWare 5.1 before 5.1 SP3, enabling remote attackers to read arbitrary files via ".." sequences in the query string. The vulnerability stems from insufficient input sanitization in the NetWare Web Server’s ...

Slackware 9.0 / current : GDM security update (SSA:2003-236-01)

Upgraded gdm packages are available for Slackware 9.0 and -current. These fix a security issue where a local user may use GDM to read any file on the system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware...