3348 matches found
CVE-2004-2749
Directory traversal vulnerability in wra/public/wralogin in 2Wire Gateway, possibly as used in HomePortal and other product lines, allows remote attackers to read arbitrary files via a .. dot dot in the return parameter. NOTE: this issue was reported as XSS, but this might be a terminology error...
CVE-2004-1399
Directory traversal vulnerability in the Attachment module 2.3.10 and earlier for phpBB allows remote attackers to read arbitrary files via a .. dot dot in the filename...
CVE-2004-2170
Directory traversal vulnerability in sampleshowcode.html in Caravan 2.00/03d and earlier allows remote attackers to read arbitrary files via the fname parameter...
CVE-2004-2256
Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remote attackers to read arbitrary files, and possibly execute local PHP files, via .. sequences in the lang language variable...
CVE-2004-2594
Absolute path traversal vulnerability in Quake II server before R1Q2 on Windows, as used in multiple products, allows remote attackers to read arbitrary files via a "/" in a pathname argument, as demonstrated by "download /server.cfg"...
CVE-2004-2333
Bodington 2.1.0 RC1 and earlier does not secure the file upload area, which allows remote attackers to read uploaded files...
CVE-2004-1557
MyWebServer 1.0.3 allows remote attackers to bypass authentication, modify configuration, and read arbitrary files via a direct HTTP request to 1 /admin or 2 ServerProperties.html...
CVE-2004-2105
The webacc servlet in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to read arbitrary .htt files via a full pathname in the error parameter...
CVE-2004-2640
Directory traversal vulnerability in lstat.cgi in LinuxStat before 2.3.1 allows remote attackers to read arbitrary files via 1 .. dot dot sequences or 2 absolute paths to the template parameter...
CVE-2004-1148
phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sqllocalfile parameter...
CVE-2004-1148
phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sqllocalfile parameter...
phpMyAdmin < 2.6.1-rc1 Multiple Remote Vulnerabilities
According to its banner, the remote version of phpMyAdmin is vulnerable to one or both of the following flaws : - An attacker may be able to exploit this software to execute arbitrary commands on the remote host on a server which does not run PHP in safe mode. - An attacker may be able to read...
CVE-2004-1084
Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles...
CVE-2004-1598
Adobe Acrobat and Acrobat Reader 6.0 allow remote attackers to read arbitrary files via a PDF file that contains an embedded Shockwave swf file that references files outside of the temporary directory...
sudo -- sudoedit information disclosure
A new feature of sudo 1.6.8 called "sudoedit" a safe editing facility may allow users to read files to which they normally have no access...
Просмотр файлов в Search Engine & Directory Powered by Turbo Seek от FocalMedia.Net
Здравствуйте, 3APA3A. нашел новую узвимость. Просмотр файлов в Search Engine & Directory Powered by Turbo Seek от FocalMedia.Net Software / Application - Search Engine & Directory Powered by Turbo Seek Problem-Type - удаленная Vulnerability - возможность чтения файлов. Vendor - FocalMedia.Net...
CVE-2000-0773
Bajie HTTP web server 0.30a allows remote attackers to read arbitrary files via a URL that contains a "....", a variant of the dot dot directory traversal attack...
CVE-2001-1386
WFTPD 3.00 allows remote attackers to read arbitrary files by uploading a link file that ends in a ".lnk." extension, which bypasses WFTPD's check for a ".lnk" extension...
CVE-2004-0122
Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain requests, which allows remote attackers to read arbitrary files...
CVE-2002-1390
The daemon for GeneWeb before 4.09 does not properly handle requested paths, which allows remote attackers to read arbitrary files via a crafted URL...