3350 matches found
CVE-1999-1377
Matt Wright's download.cgi 1.0 allows remote attackers to read arbitrary files via a .. dot dot in the f parameter...
msie4.x-readfile.txt
Guninski's IE 4 file reading bug. http://www.geocities.com/ResearchTriangle/1711/read3.html There is a bug in Internet Explorer 4.x patched which allows reading local files and sending them to an arbitrary server. The problem is: if you add '%01someURL' after the URL, IE thinks that the document ...
msie.5.0-0.001.percent.txt
Date: Fri, 9 Apr 1999 07:15:12 +0300 From: Georgi Guninski To: [email protected] Subject: IE 5.0 security vulnerabilities - %01 bug again There is a security bug in Internet Explorer 5.0 which circumvents "Cross-frame security" and opens several security holes. This is a modification of the "%...
msie4.01-jscript-security.txt
Date: Thu, 28 Jan 1999 04:53:31 PST From: Georgi Guninski To: [email protected] Subject: Javascript %01 bug in Internet Explorer There is a Javascript security bug in Internet Explorer 4.x patched, which circumvents "Cross-frame security" and opens several security holes. The probl...
eeye.web.interfaces.txt
Date: Wed, 26 May 1999 06:58:27 -0000 From: Marc To: [email protected] Subject: Multiple Web Interface Security Holes Multiple Web Interface Security Holes Systems Affected CMail 2.3 FTGate 2,1,2,1 NTMail 4.20 Release Date May 26, 1999 Advisory Code AD05261999 Description: The following holes...
webcom.cgi.guestbook.txt
Date: Fri, 9 Apr 1999 20:41:39 +0100 From: Mnemonix To: [email protected] Subject: Webcom's CGI Guestbook for Win32 web servers I reported a while back on Webcom's www.webcom.se CGI Guestbook wguest.exe and rguest.exe having a number of security problems where any text based file o...
CVE-1999-1165
GNU fingerd 1.37 does not properly drop privileges before accessing user information, which could allow local users to 1 gain root privileges via a malicious program in the .fingerrc file, or 2 read arbitrary files via symbolic links from .plan, .forward, or .project files...
CVE-1999-1378
dbmlparser.exe CGI guestbook program does not perform a chroot operation properly, which allows remote attackers to read arbitrary files...
CVE-1999-0771
The web components of Compaq Management Agents and the Compaq Survey Utility allow a remote attacker to read arbitrary files via a .. dot dot attack...
CVE-1999-0736
The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files...
CVE-1999-0487
The DHTML Edit ActiveX control in Internet Explorer allows remote attackers to read arbitrary files...
CVE-2000-0412
The gnapster and knapster clients for Napster do not properly restrict access only to MP3 files, which allows remote attackers to read arbitrary files from the client by specifying the full pathname for the file...
CVE-1999-0386
Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL...
Qbik WinGate Standard 3.0.5 - Log Service Directory Traversal
Qbik WinGate Standard 3.0.5 - Log Service Directory Traversal source: https://www.securityfocus.com/bid/507/info The WinGate log service is configured by default to only allow connections from 127.0.0.1, but can be set to allow connections from anywhere. Either way, there is a vulnerability that...
CVE-1999-1375
FileSystemObject FSO in the showfile.asp Active Server Page ASP allows remote attackers to read arbitrary files by specifying the name in the file parameter...
CVE-1999-0347
Internet Explorer 4.01 allows remote attackers to read local files and spoof web pages via a "%01" character in an "about:" Javascript URL, which causes Internet Explorer to use the domain specified after the character...
Greg Matthews - Classifieds.cgi 1.0 MetaCharacter
Greg Matthews - Classifieds.cgi 1.0 MetaCharacter source: https://www.securityfocus.com/bid/2020/info Classifieds.cgi is a perl script part of the classifieds package by Greg Matthews which provides simple classified ads to web sites. Due to improper input validation it can be used to read files ...
Greg Matthews - 'Classifieds.cgi' 1.0 MetaCharacter
source: https://www.securityfocus.com/bid/2020/info Classifieds.cgi is a perl script part of the classifieds package by Greg Matthews which provides simple classified ads to web sites. Due to improper input validation it can be used to read files on the host machine, with the privileges of the we...
CVE-1999-1437
ePerl 2.2.12 allows remote attackers to read arbitrary files and possibly execute certain commands by specifying a full pathname of the target file as an argument to bar.phtml...
CVE-1999-0264
htmlscript CGI program allows remote read access to files...