134 matches found
CVE-2017-14947
Artifex GSView 6.0 Beta on Windows allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Block Data Move starting at mupdfnet64!mIncrementalSaveFile+0x0000000000193359."...
Design/Logic Flaw
In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to a "Read Access Violation starting at image0000000000400000+0x000000000001b596."...
CVE-2017-9926
In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to a "Read Access Violation starting at image0000000000400000+0x000000000001b596."...
CVE-2017-9833
CVE-2017-9833 affects BOA Web Server 0.94.14rc21, enabling arbitrary file read via path traversal through the FILECAMERA parameter in /cgi-bin/wapopen. Exploitation reads files with root privileges without credentials. Affected component: BOA Web Server; root cause: improper handling of FILECAMER...
CVE-2015-5019
IBM Sterling Integrator 5.1 before 50100048 and Sterling B2B Integrator 5.2 before 50205009 allow remote authenticated users to read or upload files by leveraging a password-change requirement...
NetIQ Access Manager Directory Traversal Vulnerability
NetIQ Access Manager is a solution for controlling access to resources from American NetIQ. A directory traversal vulnerability in HF3, version 4.x prior to NetIQ Access Manager 4.0.1, allows remotely authenticated novlwww users to read arbitrary files via external entity declarations containing...
CVE-2012-2206
The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as demonstrated by a modified metadata=fteSamplesUser field to the /transfer URI...
CVE-2009-2031
The CVE-2009-2031 entry applies to Sun OpenSolaris smbfs (SNV_84 to SNV_110). It describes a localPrivilege issue where, when default mount permissions are used, local users can read arbitrary files and list arbitrary directories on CIFS volumes . The description identifies the affected component...
CVE-2008-3946
The finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to read arbitrary files via a link corresponding to a 1 .plan or 2 .project file...
CVE-2007-6185
Directory traversal vulnerability in users/files.php in Eurologon CMS allows remote attackers to read arbitrary files via a .. dot dot in the file parameter in a download action, as demonstrated by a certain PHP file containing database credentials...
HP-UX PHSS_35579 : s700_800 11.X OV NNM7.01 PA RISC Intermediate Patch 10
s700800 11.X OV NNM7.01 PA RISC Intermediate Patch 10 : The remote HP-UX host is affected by multiple vulnerabilities : - A potential vulnerability has been identified with HP OpenView Network Node Manager OV NNM. This vulnerability could be exploited remotely by an unauthorized user to execute...
[SECURITYREASON.COM] PostNuke SQL Injection 0.750=>x
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PostNuke Non Critical SQL Injection and Include 0.760-RC3=x cXIb8O3.10 Author: cXIb8O3Maksymilian Arciemowicz Date: 2.4.2005 from securityreason.com TEAM - --- 0.Description --- PostNuke: The Phoenix Release 0.760-RC3=X PostNuke is an open source, ope...
ypxfrd daemon fails to properly validate user supplied arguments in "getdbm" procedure
Overview A vulnerability in the ypxfrd daemon may allow a local attacker to read arbitrary files on the vulnerable system. Description Janusz Niewiadomski, of iSEC, discovered this vulnerability and produced the following advisory.Issue: ====== Improper arguments validation in ypxfrd may allow...
ht://Dig < 3.1.5 htsearch CGI Multiple Vulnerabilities
The 'htsearch' CGI, which is part of the htdig package, allows anyone to read arbitrary files on the target host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid10105; scriptversion"1.36"; scriptcveid"CVE-1999-0978...