CVE-2002-1133

Encoded directory traversal vulnerability in Dino's web server 2.1 allows remote attackers to read arbitrary files via ".." dot dot sequences with URL-encoded 1 "/" %2f" or 2 "" %5c characters...

CVE-2002-0893

Directory traversal vulnerability in NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to read arbitrary files via a URL-encoded request to com.newatlanta.servletexec.JSP10Servlet containing "..%5c" modified dot-dot sequences...

CVE-2002-0976

Internet Explorer 4.0 and later allows remote attackers to read arbitrary files via a web page that accesses a legacy XML Datasource applet com.ms.xml.dso.XMLDSO.class and modifies the base URL to point to the local system, which is trusted by the applet...

CVE-2002-0648

The legacy data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file...

CVE-2002-0860

The LoadText method in the spreadsheet component in Microsoft Office Web Components OWC 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file...

Entrust GetAccess does not validate user input thereby allowing users to read arbitrary files

Overview Entrust GetAccess does not properly validate the CGI variable "LOCALE" and may be exploited to read arbitrary files on the server. Description Entrust GetAccess is a web software product for identifying users of a web site. Entrust GetAccess takes a CGI variable named "LOCALE" specifying...

CVE-2002-1114

configinc2.php in Mantis before 0.17.4 allows remote attackers to execute arbitrary code or read arbitrary files via the parameters 1 gbottomincludepage, 2 gtopincludepage, 3 gcssincludefile, 4 gmetaincludefile, or 5 a cookie...

CVE-2002-0915

autorun in Xandros based Linux distributions allows local users to read the first line of arbitrary files via the -c parameter, which causes autorun to print the first line of the file...

CVE-2002-0923

CGIScript.net csNews.cgi allows remote authenticated users to read arbitrary files, and possibly gain privileges, via the 1 pheader or 2 pfooter parameters in the "Advanced Settings" capability...

CVE-2002-0926

Directory traversal vulnerability in Wolfram Research webMathematica 1.0.0 and 1.0.0.1 allows remote attackers to read arbitrary files via a .. dot dot in the MSPStoreID parameter...

CVE-2002-0915

CVE-2002-0915 affects Xandros-based Linux distributions. A local user can abuse the autorun facility with the -c parameter to cause autorun to print the first line of an arbitrary file. The issue is described as a local-priority information disclosure without remote access. The NVD entry assigns ...

CVE-2002-0879

showtemp.cfm for Gafware CFXImage 1.6.6 allows remote attackers to read arbitrary files via 1 a .. or 2 a C: style pathname in the FILE parameter...

EUVD-2002-0871

showtemp.cfm for Gafware CFXImage 1.6.6 allows remote attackers to read arbitrary files via 1 a .. or 2 a C: style pathname in the FILE parameter...

EUVD-2002-0917

Directory traversal vulnerability in Wolfram Research webMathematica 1.0.0 and 1.0.0.1 allows remote attackers to read arbitrary files via a .. dot dot in the MSPStoreID parameter...

PT-2002-2004 · Care 2002 · Care 2002

Name of the Vulnerable Software and Affected Versions: CARE 2002 versions prior to beta 1.0.02 Description: The issue allows remote attackers to read arbitrary files via .. dot dot sequences and null characters in the lang parameter, which is processed by a call to the include function...

CVE-2002-0874

Vulnerability in Interchange 4.8.6, 4.8.3, and other versions, when running in INET mode, allows remote attackers to read arbitrary files...

CVE-2002-0874

Interchange vulnerability CVE-2002-0874 affects Interchange 4.8.6, 4.8.3 and other versions when running in INET mode, allowing remote attackers to read arbitrary files. The issue is documented in Debian DSA-150-1, which notes the fix to 4.8.3.20020306-1 (woody) and 4.8.6-1 (sid). OpenVAS and CVE...

[Mantis Advisory/2002-05] Arbitrary code execution and file reading vulnerability in Mantis

Mantis Advisory/2002-05 Arbitrary code execution and file reading vulnerability in Mantis 0. Table of Contents 1. Introduction 2. Summary / Impact analysis 3. Affected versions 4. Workaround / Solution 5. Detailed explanation 5.1 Arbitrary code execution 5.2 Displaying local files 6. Credit 7...

CVE-2002-0661

Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. dot dot sequences containing \ backslash characters...

CVE-2002-0417

Directory traversal vulnerability in Endymion MailMan before 3.1 allows remote attackers to read arbitrary files via a .. dot dot and a null character in the ALTERNATETEMPLATES parameter for various mmstdo.cgi programs...