3350 matches found
CVE-2001-0042
The CVE-2001-0042 entry affects PHP 3.x running on Apache 1.3.6 . It describes a remote file-read vulnerability via a modified “..” path traversal that can include encoded backslash sequences ("%5c") to disclose arbitrary files. The description indicates the root cause is a dot-dot traversal vuln...
CVE-2002-1417
Directory traversal vulnerability in Novell NetBasic Scripting Server NSN for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to read arbitrary files via a URL containing a "..%5c" sequence modified dot-dot, which is mapped to the directory separator...
CVE-2002-1390
The daemon for GeneWeb before 4.09 does not properly handle requested paths, which allows remote attackers to read arbitrary files via a crafted URL...
CVE-2002-0627
The CVE-2002-0627 issue concerns the Polycom ViewStation Web server prior to version 7.2.4, where authentication can be bypassed and files read through Unicode-encoded requests. The affected component is the ViewStation web server; the underlying cause is a flaw that permits bypassing access cont...
CVE-2002-1390
The daemon for GeneWeb before 4.09 does not properly handle requested paths, which allows remote attackers to read arbitrary files via a crafted URL...
CVE-2003-0043
Affected software: Jakarta Tomcat prior to 3.3.1a when used with JDK 1.3.1 or earlier. Root cause: processing of web.xml uses trusted privileges, enabling remote attackers to read portions of some files. Impact: information disclosure (partial). Exploitation details are not provided in the suppli...
CVE-2004-0122
Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain requests, which allows remote attackers to read arbitrary files...
CVE-2001-1386
WFTPD 3.00 allows remote attackers to read arbitrary files by uploading a link file that ends in a ".lnk." extension, which bypasses WFTPD's check for a ".lnk" extension...
clearswift.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------- SySS-Advisory: Clearswift Mimesweeper Path Traversal Vulnerability - ------------------------------------------------------------------- Problem discovered: July 27th 2004 Vendor...
CVE-2004-0577
WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions such as 5.0.5, allows remote attackers to read arbitrary files from the root directory via a URL request to the wingate-internal directory...
CVE-2004-0405
CVS before 1.11 allows CVS clients to read arbitrary files via .. dot dot sequences in filenames via CVS client requests, a different vulnerability than CVE-2004-0180...
HP Web JetAdmin vulnerabilities.
lo all: http://sh0dan.org/files/hpjadmadv.txt Fear the vi formatting. Product: HP Web JetAdmin Version 7.5.2546 Others that use this codebase assumed vulnerable Note: Only tested on the Windows Platform. Vulnerability: Denial of Service, Upload Any file to the filesystem to a known location, Writ...
CVE-2004-1859
Directory traversal vulnerability in Trend Micro Interscan Web Viruswall in InterScan VirusWall 3.5x allows remote attackers to read arbitrary files via a .. dot dot in the URL...
CVE-2004-1857
Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7.5.2546 allows remote authenticated attackers to read arbitrary files via a .. dot dot in the setinclude parameter...
CVE-2004-0302
Directory traversal vulnerability in OWLS 1.0 allows remote attackers to read arbitrary files via a .. dot dot in the 1 file parameter in index.php, 2 editfile in glossary.php, or 3 editfile in newmultiplechoice.php...
CVE-2004-0129
Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via .. dot dot sequences in the what parameter...
CVE-2004-0129
Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via .. dot dot sequences in the what parameter...
CVE-2003-0817
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object...
CVE-2004-0071
Directory traversal vulnerability in buildManPage in class.manpagelookup.php for PHP Man Page Lookup 1.2.0 allows remote attackers to read arbitrary files via the command parameter $cmd variable to index.php...
CVE-2003-1351
Directory traversal vulnerability in edittag.cgi in EditTag 1.1 allows remote attackers to read arbitrary files via a "%2F.." encoded slash dot dot in the file parameter...