CVE-2004-1678

CVE-2004-1678 describes a directory traversal vulnerability in PerlDesk’s pdesk.cgi. A remote attacker can read portions of arbitrary files (and possibly trigger execution of Perl modules) by crafting lang parameters with ‘..’ sequences terminated by a NULL character (%00), potentially leaking fi...

CVE-2005-0479

Directory traversal vulnerability in ComGetLogFile.php3 for TrackerCam 5.12 and earlier allows remote attackers to read arbitrary files via ".." sequences and 1 "/" slash, 2 "" backslash, or 3 hex-encoded characters in the fn parameter...

CVE-2004-1521

The CVE-2004-1521 issue affects Eudora 6.2.0.14 where forwarding an email containing base64 or quoted-printable encoded attachments fails to warn, enabling a remote attacker to read arbitrary files via spoofed Converted headers. The underlying cause is improper handling/validation of encoded atta...

CVE-2005-0372

Summary (CVE-2005-0372) : A directory traversal vulnerability in gftp for GTK+ up to version 2.0.17 allows remote FTP servers to read arbitrary files via ".." sequences returned from LIST. The issue affects gftp and is documented under CVE-2005-0372; multiple advisories (Red Hat/CentOS/Fedora) no...

CVE-2004-1450

Technical details are not publicly available in the provided connected documents (no explicit affected product/version, root cause, or exploit information). Monitor for updates from the cited sources (NVD/CVE records) for any changes.

CVE-2004-1399

Directory traversal vulnerability in the Attachment module 2.3.10 and earlier for phpBB allows remote attackers to read arbitrary files via a .. dot dot in the filename...

CVE-2005-0293

Directory traversal vulnerability in minis.php in Minis 0.2.1 allows remote attackers to read arbitrary files via a .. dot dot in the month parameter...

CVE-2005-0287

CVE-2005-0287 affects Bottomline Webseries Payment Application. A remote attacker can read arbitrary files on the network by supplying a modified ReportPath or ReportName in a report template, implying a path-leaking/authorization bypass in report handling. The provided metrics indicate partial c...

CVE-2005-0335

Directory traversal vulnerability in EMotion MediaPartner Web Server 5.0 allows remote attackers to read arbitrary files via a .. dot dot in the URL...

CVE-2005-0202

Directory traversal vulnerability in the truepath function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences...

CVE-2005-0192

Directory traversal vulnerability in the parsing of Skin file names in RealPlayer 10.5 6.0.12.1040 and earlier allows remote attackers to read arbitrary files via a .. dot dot in an RJS filename...

CVE-2005-0072

zhcon before 0.2 does not drop privileges before reading a user configuration file, which allows local users to read arbitrary files...

Minis minis.php month Parameter Traversal Arbitrary File Access

The remote host is running Minis, a weblogging system written in PHP. The remote version of this software is vulnerable to a directory traversal attack. Input to the 'month' parameter of the 'minis.php' script is not properly sanitized. A remote attacker could exploit this to read arbitrary files...

MinisTraverse.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: Minis directory traversal vulnerability Vulnerability discovery: Madelman Date: 31/12/2004 Severity: Moderate Summary: - -------- from vendor site: http://minis.sourceforge.net/ Minis is a tiny, PHP-powered, text-file based weblogging system. I...

CVE-2004-1148

phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sqllocalfile parameter...

CVE-2004-1231

Directory traversal vulnerability in Gadu-Gadu allows remote attackers to read arbitrary files via .. dot dot sequences in a DCC connection with a CTCP packet that contains a 1 as the type and a 4 as the subtype...

CVE-2004-1148

phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sqllocalfile parameter...

CVE-2004-1221

Directory traversal vulnerability in weblibs.pl in WebLibs 1.0 allows remote attackers to read arbitrary files via .. sequences in the TextFile parameter...

CVE-2004-2170

Directory traversal vulnerability in sampleshowcode.html in Caravan 2.00/03d and earlier allows remote attackers to read arbitrary files via the fname parameter...

CVE-2004-2256

Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remote attackers to read arbitrary files, and possibly execute local PHP files, via .. sequences in the lang language variable...