Format string

Format string vulnerability in authcfg.cgi in Accoria Web Server aka Rock Web Server 1.4.7 allows remote attackers to have an unspecified impact via format string specifiers in the path aka Password File parameter...

CVE-2010-2018

Directory traversal vulnerability in downlot.php in Lokomedia CMS 1.4.1 and 2.0 allows remote attackers to read arbitrary files via a .. dot dot in the file parameter...

CVE-2010-2019

SQL injection vulnerability in downlot.php in Lokomedia CMS 1.4.1, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the file parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

Directory traversal

Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos JwallVideos plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ modified dot dot in the file parameter...

CVE-2009-3999

Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter...

PT-2009-5272 · Pixaria · Pixaria Gallery

Name of the Vulnerable Software and Affected Versions: Pixaria Gallery versions 2.0.0 through 2.3.5 Description: The issue allows remote attackers to read arbitrary files via a base64-encoded file parameter in the pixaria.image.php file. Recommendations: For Pixaria Gallery versions 2.0.0 through...

PT-2009-2346 · Zen Cart · Zen Cart

Name of the Vulnerable Software and Affected Versions: Zen Cart versions 1.3.8 through 1.3.8a Description: A directory traversal issue exists, allowing remote attackers to include and execute arbitrary local files via a .. dot dot in the loader file parameter in admin/includes/initsystem.php when...

CVE-2009-2397

CVE-2009-2397 is a directory traversal vulnerability in the Audio Article Directory’s download.php where an attacker can read arbitrary files by manipulating the file parameter. Affected component: download.php; vulnerable vector: directory traversal sequences in file parameter. Impact as documen...

CVE-2009-2180

Multiple directory traversal vulnerabilities in upfiles/index.php in Pc4 Uploader 10.0 and earlier allow remote attackers to read arbitrary files via 1 a .. dot dot or 2 absolute path in the file parameter...

CVE-2009-2184

Absolute path traversal vulnerability in forcedownload.php in Gravy Media Photo Host 1.0.8 allows remote attackers to read arbitrary files via an encoded "/" slash in the file parameter...

CVE-2009-2184

CVE-2009-2184 affects Gravy Media Photo Host 1.0.8, with an absolute path traversal vulnerability in forcedownload.php. The underlying issue allows remote attackers to read arbitrary files by supplying an encoded "/" in the file parameter. According to the NVD entry, the vulnerability has a Base ...

Cute Editor vulnerability-vulnerability warning-the black bar safety net

Affects versions: CuteEditor For Net 6.4 Program description: CuteEditor for ASP. NET is built on an Html Foundation, most easy-to-use, most powerful WYSIWYG Asp. net online editor. Vulnerability analysis: In the Load. ashx file, not the file parameter is processed, you can load any file. Exploit...

CVE-2008-6610

CVE-2008-6610 affects Stefan Ott’s phpcksec 0.2.0 via an absolute path traversal in phpcksec.php. An attacker can remote read files and list arbitrary directories by supplying a full pathname in the file parameter. This is the stated vulnerability and impact in multiple sources (CVE/NVD). The ava...

CVE-2009-1226

CVE-2009-1226 affects Podcast Generator 1.1 and earlier. The issue is an improper restriction of access to admin functions in core/admin/delete.php, allowing remote attackers to delete arbitrary files via the file parameter. Base score 7.5 (HIGH) per NVD. No patch/mitigation details are provided ...

CVE-2008-6521

index.php in Terracotta aka OpenTerracotta 0.6.1 allows remote attackers to obtain sensitive information via an invalid File parameter, which reveals the installation path in an error message...

CVE-2008-6420

Social Site Generator SSG 2.0 allows remote attackers to read arbitrary files via the file parameter to 1 filedload.php, 2 webadmin/download.php, and 3 webadmin/downloadfile.php...

CVE-2008-6420

The CVE-2008-6420 entry concerns Social Site Generator (SSG) 2.0. The vulnerability allows remote attackers to read arbitrary files via the file parameter to (1) filedload.php, (2) webadmin/download.php, and (3) webadmin/download_file.php. The impact is described as partial confidentiality leakag...

CVE-2008-6420

Social Site Generator SSG 2.0 allows remote attackers to read arbitrary files via the file parameter to 1 filedload.php, 2 webadmin/download.php, and 3 webadmin/downloadfile.php...

Directory traversal

Directory traversal vulnerability in gallery/comment.php in Enhanced Simple PHP Gallery ESPG 1.72 allows remote attackers to read arbitrary files via a .. dot dot in the file parameter. NOTE: the vulnerability may be in my little homepage Comment script. If so, then this should not be treated as ...

Design/Logic Flaw

globsyedit.php in Globsy 1.0 and earlier allows remote attackers to create or overwrite arbitrary files via a filename in the file parameter and file contents in the data parameter...