CVE-2002-2256

Directory traversal vulnerability in pWins Webserver 0.2.5 and earlier allows remote attackers to read arbitrary files via Unicode characters...

CVE-2002-2144

Directory traversal vulnerability in BearShare 4.0.5 and 4.0.6 allows remote attackers to read files outside of the web root by hex-encoding the "/" forward slash or "." dot characters...

CVE-2002-1818

ezhttpbench.php in eZ httpbench 1.1 allows remote attackers to read arbitrary files via a full pathname in the AnalyseSite parameter...

CVE-2002-1926

Directory traversal vulnerability in source.php in Aquonics File Manager 1.5 allows remote attackers to read arbitrary files via a .. dot dot in the HTTP query string...

CVE-2002-1258

Two vulnerabilities in Microsoft Virtual Machine VM up to and including build 5.0.3805, as used in Internet Explorer and other applications, allow remote attackers to read files via a Java applet with a spoofed location in the CODEBASE parameter in the APPLET tag, possibly due to a parsing error...

Multiple bugs in Macromedia flash plugin

Buffer overflows, local file reading...

File reading vulnerable in PHP and MySQL (Local Exploit)

Attacker can use PHP and mySQL to read some local file following this way: Create a database mySQL and upload this file to your server PHP Code: viewfile.php programmed by Luke ====================================================== ? // config this data $dbhost = ""; $dbuser = ""; $dbpasswd = "";...

DSA-197 courier - buffer overflow

Bulletin has no description...

CVE-2002-1291

The vulnerability CVE-2002-1291 affects the Microsoft Java implementation used in Internet Explorer. An applet tag with a codebase set to a "file://%00" URL can allow remote attackers to read arbitrary local files and network shares. The provided documents identify the affected component and the ...

CVE-2002-1202

Unknown vulnerability in routed for HP Tru64 UNIX V4.0F through V5.1A allows local and remote attackers to read arbitrary files...

CVE-2002-1213

Directory traversal vulnerability in RadioBird Software WebServer 4 Everyone 1.23 and 1.27, and other versions before 1.30, allows remote attackers to read arbitrary files via an HTTP request with ".." dot-dot sequences containing URL-encoded forward slash "%2F" characters...

CVE-2002-1224

Directory traversal vulnerability in kpf for KDE 3.0.1 through KDE 3.0.3a allows remote attackers to read arbitrary files as the kpf user via a URL with a modified icon parameter...

Microsoft Word and Excel documents allow local file reading by via embedded fields

Overview Microsoft Word and Excel contain special encoding tags for formatting and updating content. An attacker may be able to use these tags to exploit an information disclosure vulnerability. Description Microsoft Word and Microsoft Excel are applications that ship as part of the Microsoft...

CVE-2002-0893

Directory traversal vulnerability in NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to read arbitrary files via a URL-encoded request to com.newatlanta.servletexec.JSP10Servlet containing "..%5c" modified dot-dot sequences...

CVE-2002-0998

Directory traversal vulnerability in cafenews.php for CARE 2002 before beta 1.0.02 allows remote attackers to read arbitrary files via .. dot dot sequences and null characters in the lang parameter, which is processed by a call to the include function...

CVE-2002-1004

Directory traversal vulnerability in webmail feature of ArGoSoft Mail Server Plus or Pro 1.8.1.5 and earlier allows remote attackers to read arbitrary files via .. dot dot sequences in a URL...

CVE-2002-1021

BadBlue server allows remote attackers to read restricted files, such as EXT.INI, via an HTTP request that contains a hex-encoded null byte...

CVE-2002-1081

The Administration console for Abyss Web Server 1.0.3 allows remote attackers to read files without providing login credentials via an HTTP request to a target file that ends in a "+" character...

CVE-2002-0923

CGIScript.net csNews.cgi allows remote authenticated users to read arbitrary files, and possibly gain privileges, via the 1 pheader or 2 pfooter parameters in the "Advanced Settings" capability...

CVE-2002-1033

Directory traversal vulnerability in none.php for SunPS iRunbook 2.5.2 allows remote attackers to read arbitrary files via a "..:" sequence dot-dot variant in the argument...