3347 matches found
CVE-2002-0417
Directory traversal vulnerability in Endymion MailMan before 3.1 allows remote attackers to read arbitrary files via a .. dot dot and a null character in the ALTERNATETEMPLATES parameter for various mmstdo.cgi programs...
CVE-2002-0508
wwwisis 3.45 and earlier allows remote attackers to execute arbitrary commands and read files via the parameters 1 prolog or 2 epilog...
CVE-2002-0750
CGIscript.net csMailto.cgi program allows remote attackers to read arbitrary files by specifying the target filename in the form-attachment field...
CVE-2002-0482
Directory traversal vulnerability in PCI Netsupport Manager before version 7, when running web extensions, allows remote attackers to read arbitrary files via a .. dot dot in the HTTP GET request...
CVE-2002-0750
CGIscript.net csMailto.cgi program allows remote attackers to read arbitrary files by specifying the target filename in the form-attachment field...
CVE-2002-0410
sendmessage.php in AeroMail before 1.45 allows remote attackers to read arbitrary files on the server, instead of just uploaded files, via an attachment that modifies the filename to be uploaded...
CVE-2002-0680
Directory traversal vulnerability in GoAhead Web Server 2.1 allows remote attackers to read arbitrary files via a URL with an encoded / %5C in a .. dot dot sequence. NOTE: it is highly likely that this candidate will be REJECTED because it has been reported to be a duplicate of CVE-2001-0228...
IE allows universal Cross Domain Scripting (TL#003)
Thor Larholm, PivX, security advisory TL003 ------------------------------------- By Thor Larholm, Denmark 10 July 2002 HTML format: http://www.PivX.com/larholm/adv/TL003/ Topic: IE allows universal Cross Domain Scripting. Discovery date: 25 June 2002. Severity: High Affected applications:...
CVE-2002-0027
Affected software: Internet Explorer 5.5 and 6.0. Vulnerability: Frame Domain Verification bypass via Document.open between frames from different domains; allows a remote attacker to read files and spoof the URL in the address bar. Impact: reads files on target and can impersonate sites; variant ...
CVE-2002-0052
Internet Explorer 6.0 and earlier does not properly handle VBScript in certain domain security checks, which allows remote attackers to read arbitrary files...
CVE-2001-1108
Directory traversal vulnerability in SnapStream PVS 1.2a allows remote attackers to read arbitrary files via a .. dot dot attack in the requested URL...
CVE-2002-0312
Directory traversal vulnerability in Essentia Web Server 2.1 allows remote attackers to read arbitrary files via a .. dot dot in a URL...
KPMG-2002020: Resin view_source.jsp Arbitrary File Reading
-------------------------------------------------------------------- Title: Resin viewsource.jsp Arbitrary File Reading BUG-ID: 2002020 Released: 17th Jun 2002 -------------------------------------------------------------------- Problem: ======== In a default installation of Resin server, the...
CVE-2002-0508
wwwisis 3.45 and earlier allows remote attackers to execute arbitrary commands and read files via the parameters 1 prolog or 2 epilog...
CVE-2002-0556
Directory traversal vulnerability in Quik-Serv HTTP server 1.1B allows remote attackers to read arbitrary files via a .. dot dot in a URL...
CVE-2002-0417
Directory traversal vulnerability in Endymion MailMan before 3.1 allows remote attackers to read arbitrary files via a .. dot dot and a null character in the ALTERNATETEMPLATES parameter for various mmstdo.cgi programs...
xandros-autorun.txt
There is a new debian based distro called Xandros making its way on to the market.I believe the developers from Corel Linux are on board with Xandros. It has at least one public beta and another on the way and I know of at least one OS that uses it as its backend. I got a chance to play on a coup...
CVE-2002-0262
Directory traversal vulnerability in netget for Sybex E-Trainer web server allows remote attackers to read arbitrary files via a .. dot dot in the file parameter...
servletexec-4.1.txt
Westpoint Security Advisory Title: Multiple vulnerabilities in NewAtlanta ServletExec ISAPI 4.1 Risk Rating: High Software: ServletExec 4.1 ISAPI / IIS 4 & 5 Platforms: Win2k / WinNT 4 Vendor URL: www.newatlanta.com Author: Matt Moore Date: 22 May 2002 Advisory ID: wp-02-0006.txt Overview:...
CVE-2001-1334
Blockrenderurl.class in PHPSlash 0.6.1 allows remote attackers with PHPSlash administrator privileges to read arbitrary files by creating a block and specifying the target file as the source URL...