CVE-2003-0151

BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote attackers to read arbitrary files or execute arbitrary code...

CVE-2002-1559

Directory traversal vulnerability in ion-p.exe aka ion-p allows remote attackers to read arbitrary files via 1 C: drive letter or 2 .. dot-dot sequences in the page parameter...

CVE-2002-1498

The CVE-2002-1498 entry documents a directory traversal vulnerability in SWServer 2.2 and earlier. The issue arises when an attacker supplies a URL containing .. sequences along with "/" or "\" characters, allowing reading of arbitrary files on the server. The vulnerability affects SWServer’s han...

CVE-2002-1442

The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a window to tools.google.com or the res: protocol, then using script to modify the window's location...

CVE-2002-1467

CVE-2002-1467 affects the Macromedia Flash Plugin prior to 6.0.47.0, allowing remote attackers to bypass the same-domain restriction and read arbitrary files via (1) HTTP redirects, (2) a file:// base in a web document, or (3) a relative URL from a web archive (mht). The primary sources in the pr...

CVE-2003-0076

Unknown vulnerability in the directory parser for Direct Connect 4 Linux dcgui before 0.2.2 allows remote attackers to read files outside the sharelist...

CVE-2002-1252

The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as used in various PeopleSoft products, allows remote attackers to read arbitrary files via certain XML External Entities XXE fields in an HTTP POST request that is processed by the SimpleFileHandler handler...

CVE-2003-0043

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file...

CVE-2003-0027

Directory traversal vulnerability in Sun Kodak Color Management System KCMS library service daemon kcmsserver allows remote attackers to read arbitrary files via the KCSOPENPROFILE procedure...

Microsoft Internet Explorer allows arbitrary local file reading via "showHelp()" function

Overview A vulnerability in Microsoft Internet Explorer IE allows remote attackers to read arbitrary files on a vulnerable system. Description A vulnerability in the showHelp Method contained within IE may allow a remote attacker to read arbitrary files. For further details, please see the...

Microsoft Internet Explorer 5 - ShowHelp Arbitrary Command Execution

Microsoft Internet Explorer 5 - ShowHelp Arbitrary Command Execution source: https://www.securityfocus.com/bid/6780/info Microsoft Internet Explorer implements the showHelp function as a means of displaying help content contained in HTML pages. However, this function is capable of performing too...

Microsoft Internet Explorer 5 - ShowHelp Arbitrary Command Execution

source: https://www.securityfocus.com/bid/6780/info Microsoft Internet Explorer implements the showHelp function as a means of displaying help content contained in HTML pages. However, this function is capable of performing too many other actions outside of its intended functionality through...

DSA-246 tomcat - information exposure, cross site scripting

Bulletin has no description...

DSA-223 geneweb - information exposure

Bulletin has no description...

CVE-2002-1782

The default configuration of University of Washington IMAP daemon wu-imapd, when running on a system that does not allow shell access, allows a local user with a valid IMAP account to read arbitrary files as that user...

CVE-2002-1761

Directory traversal vulnerability in PHProjekt 2.0 through 3.1 allows remote attackers to read arbitrary files via .. dot dot sequences...

CVE-2002-1815

Directory traversal vulnerability in source.php and source.cgi in Aquonics File Manager 1.5 allows remote attackers to read arbitrary files via a .. dot dot in the URL...

CVE-2002-1818

ezhttpbench.php in eZ httpbench 1.1 allows remote attackers to read arbitrary files via a full pathname in the AnalyseSite parameter...

CVE-2002-1926

Directory traversal vulnerability in source.php in Aquonics File Manager 1.5 allows remote attackers to read arbitrary files via a .. dot dot in the HTTP query string...

CVE-2002-2076

Directory traversal vulnerability in Lil' HTTP server 2.1 and 2.2 allows remote attackers to read arbitrary files via a .. dot dot in an HTTP GET request...