825 matches found
CVE-2005-3676
SQL injection vulnerability in download.php in PhpWebThings 1.4.4 allows remote attackers to execute arbitrary SQL commands via the file parameter...
CVE-2005-3676
SQL injection vulnerability in download.php in PhpWebThings 1.4.4 allows remote attackers to execute arbitrary SQL commands via the file parameter...
CVE-2005-2786
Directory traversal vulnerability in bestmailedit.cgi in cosmoshop 8.10.78 and earlier allows remote administrators to read arbitrary files via ".." sequences in the file parameter...
CVE-2004-2347
blog.cgi in Leif M. Wright Web Blog 1.1 and 1.1.5 allows remote attackers to execute arbitrary commands via shell metacharacters such as '|' in the file parameter of ViewFile requests...
CVE-2002-2011
The CVE-2002-2011 entry concerns Faq-O-Matic’s fom.cgi (versions 2.711 and 2.712). The issue is a cross-site scripting (XSS) vulnerability where an attacker can inject arbitrary web script or HTML via the file parameter, potentially enabling/script execution in the victim’s browser. Documented im...
CVE-2005-2111
login.cgi in Community Link Pro Web Editor allows remote attackers to execute arbitrary commands via the file parameter...
CVE-2005-2111
login.cgi in Community Link Pro Web Editor allows remote attackers to execute arbitrary commands via the file parameter...
CVE-2005-2111
The OpenVAS/Nessus entries confirm CVE-2005-2111 affects Community Link Pro Web Editor’s login.cgi. The flaw lies in the login.cgi script where the file parameter is not sanitized, enabling an unauthenticated attacker to execute arbitrary commands on the remote host. This is described as remote c...
PT-2005-1857 · Ciamos +2 · Ciamos +2
Name of the Vulnerable Software and Affected Versions: RUNCMS version 1.1A CIAMOS version 0.9.2 RC1 e-Xoops version 1.05 Rev3 Description: The issue allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter. This can be used to read sensitive information...
CVE-2004-1607
slxweb.dll in SalesLogix 6.1 allows remote attackers to obtain sensitive information via a 1 Library or 2 Attachment request with an invalid file parameter, which reveals the path in an error message...
CVE-2004-2347
blog.cgi in Leif M. Wright Web Blog 1.1 and 1.1.5 allows remote attackers to execute arbitrary commands via shell metacharacters such as '|' in the file parameter of ViewFile requests...
CVE-2004-2508
Cross-site scripting XSS vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to inject arbitrary web script or HTML via the nextfile parameter...
CVE-2004-1202
Cross-site scripting XSS vulnerability in parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to inject arbitrary web script or HTML via the file parameter...
CVE-2004-1607
slxweb.dll in SalesLogix 6.1 allows remote attackers to obtain sensitive information via a 1 Library or 2 Attachment request with an invalid file parameter, which reveals the path in an error message...
CVE-2003-0278
Cross-site scripting XSS vulnerability in normalhtml.cgi in Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to insert arbitrary web script via the file parameter...
CVE-2003-0278
Cross-site scripting XSS vulnerability in normalhtml.cgi in Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to insert arbitrary web script via the file parameter...
CVE-2003-0243
Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter for the 1 normalhtml.cgi or 2 memberhtml.cgi scripts...
CVE-2002-1423
tmpview.php in FUDforum before 2.2.0 allows remote attackers to read arbitrary files via an absolute pathname in the file parameter...
EUVD-2002-0871
showtemp.cfm for Gafware CFXImage 1.6.6 allows remote attackers to read arbitrary files via 1 a .. or 2 a C: style pathname in the FILE parameter...
CVE-2002-0206
index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly other versions before 5.5, allows remote attackers to execute arbitrary PHP code by specifying a URL to the malicious code in the file parameter...