CVE-2002-1913

CVE-2002-1913 affects myPHPNuke 1.8.8 where the PHP file phptonuke.php (filnavn parameter) allows a remote attacker to read arbitrary files via a full pathname. This is a Directory Traversal issue; exploitation requires no authentication and can be triggered by supplying a full file path in filna...

CVE-2005-1889

Unknown vulnerability in Sun ONE Application Server 6.5 SP1 Maintenance Update 6 and earlier allows attackers to read files...

CVE-2005-1889

Unknown vulnerability in Sun ONE Application Server 6.5 SP1 Maintenance Update 6 and earlier allows attackers to read files...

CVE-2005-1798

CVE-2005-1798 affects ServersCheck Monitoring Software versions 5.9.0–5.10.0. The vulnerability is a directory traversal that allows a remote attacker to read arbitrary files via dot-dot sequences in an HTTP request. According to the NVD entry, the impact is partial confidentiality with no integr...

CVE-2004-1986

Directory traversal vulnerability in modules.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to read arbitrary files via a .. dot dot in the startdir parameter...

CVE-2004-2051

The CVE-2004-2051 entry affects eSeSIX Thintune thin clients (Phoenix browser) running firmware 2.4.38 and earlier. The issue allows local users to read arbitrary files via a file:/// URL, as described in the CVE description. Related OpenVAS data also references multiple vulnerabilities in Thintu...

чтение файлов в скриптах printversion.pl и textversion.pl

Скрипты printversion.pl и textversion.pl позволяют читать произвольные файлы на сервере Exploit - http://www.xxx.com/cgi-bin/textversion/textversion.pl?conf=conf.xml&file=../../../../etc/passwd http://www.xxx.com/cgi-bin/printversion/printversion.pl?conf=conf.xml&file=../../../etc/passwd Пример -...

CVE-2003-0626

psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote attackers to read arbitrary files via the 1 headername or 2 footername arguments...

CVE-2004-1084

Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles...

CVE-2005-1087

CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to spoof or hide entries in the logfile, and possibly read files using an injected type command, via CRLF sequences in an HTTP request...

CVE-2005-1087

The CVE-2005-1087 entry concerns the AN HTTPD Server 1.42n, specifically the cmdIS.DLL plugin . It describes a CRLF injection vulnerability triggered by CRLF sequences in an HTTP request, enabling remote attackers to spoof or hide logfile entries and potentially read files via an injected type co...

CVE-2001-1432

The Cherokee Web Server is affected by CVE-2001-1432: a directory traversal vulnerability that allows remote attackers to read arbitrary files by appending a ../ sequence in the URL. OpenVAS notes an additional issue where the process fails to drop root privileges after binding to a port, enablin...

[Full-disclosure] Samsung ADSL Modem Vulnerability

------------------------------------------------------------ - EXPL-A-2005-002 exploitlabs.com Advisory 031 - ------------------------------------------------------------ - Samsung ADSL Modem - AFFECTED PRODUCTS ================= Samsung ADSL Modem Samgsung Eletronics http://www.samsung.com DETAI...

CVE-2005-0259

phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file...

CVE-2004-1740

Music daemon musicd 0.0.3 and earlier allows remote attackers to read arbitrary files by calling LOAD with a full pathname, then calling SHOWLIST...

CVE-2004-1733

CVE-2004-1733 is a directory traversal vulnerability in MyDMS 1.4.2 and other versions that allows remote registered users to read arbitrary files via ../ sequences in the URL. From the linked NASL, it is noted as affecting

phpMyAdmin 2.6 - Multiple Local File Inclusions

source: https://www.securityfocus.com/bid/12645/info phpMyAdmin is affected by multiple local file include vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it in a PHP 'include', 'require', 'require-once', or similar...

CVE-2005-0519

Summary: CVE-2005-0519 and CVE-2005-0520 affect ArGoSoft FTP Server prior to 1.4.2.8. The server allows remote attackers to read arbitrary files by abusing shortcut files (.LNK) during FTP operations using SITE UNZIP or SITE COPY, leading to a read (and potentially write) access to files on the s...

CVE-2005-0520

ArGoSoft FTP Server before 1.4.2.8 allows remote attackers to read arbitrary files via shortcut .LNK files in the SITE COPY command, a different vulnerability than CVE-2005-0519...

CVE-2004-1557

MyWebServer 1.0.3 allows remote attackers to bypass authentication, modify configuration, and read arbitrary files via a direct HTTP request to 1 /admin or 2 ServerProperties.html...