CVE-2003-1427

Directory traversal vulnerability in the web configuration interface in Netgear FM114P 1.4 allows remote attackers to read arbitrary files, such as the netgear.cfg configuration file, via a hex-encoded %2e%2e%2f ../ dot dot slash in the port parameter...

CVE-2003-1542

Directory traversal vulnerability in plugins/file.php in phpWebFileManager before 0.4.4 allows remote attackers to read arbitrary files via a .. dot dot in the fmpath parameter...

quikstore.txt

Indonesia Security Development Team Advisory QuikStore Shopping Cart Discloses Installation Path & Files to Remote Users ===================================================================== Advisory Name: QuikStore Shopping Cart Discloses Installation Path & Files to Remote Users Release Date:...

QuikStore Shopping Cart Discloses Installation Path & Files to Remote Users

Indonesia Security Development Team Advisory QuikStore Shopping Cart Discloses Installation Path & Files to Remote Users ===================================================================== Advisory Name: QuikStore Shopping Cart Discloses Installation Path & Files to Remote Users Release Date:...

commerceSQL.txt

CommerceSQL shopping cart http://commercesql.com allows remote file reading. It only needs to specially prepared page variable in index.cgi to allow reading remote files like /etc/passwd By using prepared GET page variable it allows user to read remote files Example: With...

[CommerceSQL] Remote File Read Vulnerability

CommerceSQL shopping cart http://commercesql.com allows remote file reading. It only needs to specially prepared page variable in index.cgi to allow reading remote files like /etc/passwd By using prepared GET page variable it allows user to read remote files Example: With...

phpSysInfo: arbitrary code execution and directory traversal

Background phpSysInfo is a PHP system information tool. Description phpSysInfo contains two vulnerabilities which could allow local files to be read or arbitrary PHP code to be executed, under the privileges of the web server process. Impact An attacker could read local files or execute arbitrary...

CVE-2003-0658

Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules...

CVE-2003-0753

nphpd.php in newsPHP 216 and earlier allows remote attackers to read arbitrary files via a full pathname to the target file in the nphpconfigLangFile parameter...

CVE-2003-0839

Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. dot dot sequences in a "shell:" link...

[Full-Disclosure] Adobe SVG Viewer Local and Remote File Reading (GM#003-MC)

GreyMagic Security Advisory GM003-MC ===================================== By GreyMagic Software, Israel. 07 Oct 2003. Available in HTML format at http://security.greymagic.com/adv/gm003-mc/. Topic: Adobe SVG Viewer Local and Remote File Reading. Discovery date: 07 Sep 2003. Affected applications...

GuppY : XSS, Files Reading/Writing

Informations : °°°°°°°°°°°°° Language : PHP Bugged Version : 2.4p3 and less ? Patched version : 2.4p4 Website : http://www.freeguppy.org Problems : - Permanent XSS - Files Reading - Files Writing PHP Code/Location : °°°°°°°°°°°°°°°°°°° postguest.php :...

LanSuite 2003 - Multiple Vulnerabilities

TITLE ===== 602Pro Lansuite 2003 - Multiple Vulnerabilities DESCRIPTION =========== “602Pro LAN SUITE is an easy-to-install and manage all-in-one server application. Its standards-based SMTP/POP3 e-mail server provides effective e-mail communication without the risk of destructive virus...

lansuite2003.txt

TITLE ===== 602Pro Lansuite 2003 - Multiple Vulnerabilities DESCRIPTION =========== “602Pro LAN SUITE is an easy-to-install and manage all-in-one server application. Its standards-based SMTP/POP3 e-mail server provides effective e-mail communication without the risk of destructive virus...

MSIE->HijackClick: 1+1=2

HijackClick: 1+1=2. tested Browser Ver MS Internet Explorer: 6.0.2600.0000.xpclntqfe.021108-2107; Encryption: 128-bit; Patch:; Q810847; So, it's far from fully patched. OS Ver: "Windows XP Cn ver" demo POF VER http://www.safecenter.net/liudieyu/HijackClick/HijackClick-MyPage.HTM or...

CVE-2003-0756

SiteBuilder 1.4 contains a directory traversal flaw in sitebuilder.cgi, exploitable via .. sequences in the selectedpage parameter that allows reading arbitrary files. Evidence from CVE-2003-0756 across NVD/Red Hat records confirms the same vector; no exploit status or active exploitation is prov...

CVE-2003-0610

Directory traversal vulnerability in ePO agent for McAfee ePolicy Orchestrator 3.0 allows remote attackers to read arbitrary files via a certain HTTP request...

CVE-2003-0425

Directory traversal vulnerability in Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to read arbitrary files via a ... triple dot in an HTTP request...

GDM security update

Upgraded gdm packages are available for Slackware 9.0 and -current. These fix a security issue where a local user may use GDM to read any file on the system. Here are the details from the Slackware 9.0 ChangeLog: Sun Aug 24 14:36:29 PDT 2003 patches/packages/gdm-2.4.1.6-i386-1.tgz: Upgraded to...

CVE-2003-0536

Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows attackers with write access to a local directory to read arbitrary files as the PHP user or cause a denial of service via .. dot dot sequences in the 1 template or 2 lng parameters...