Stack overflow

Multiple stack-based buffer overflows in the Pegasus ImagN' ActiveX control IMW32O40.OCX 4.00.041 allow remote attackers to execute arbitrary code via 1 a long FileName parameter, or unspecified vectors involving the 2 BeginReport, 3 CreatePictureExA, 4 DefineImage, 5 DefineImageEx, 6...

CVE-2007-2190

PHP remote file inclusion vulnerability in admin/public/webpages.php in Eba News 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter...

PT-2007-3531 · Eba News · Eba News

Name of the Vulnerable Software and Affected Versions: Eba News version 1.1 Description: A remote file inclusion issue in the admin/public/webpages.php file allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter. Recommendations: For Eba News version 1.1, avoid...

PT-2007-3204 · 2Bgal · 2Bgal

Name of the Vulnerable Software and Affected Versions: 2BGal version 3.1.1 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the lang filename parameter to 1 "index.php" or 2 "backupdb.inc.php" in admin/, or other unspecified files. Recommendations: For 2BG...

PT-2007-1411 · Php · Upload Tool For Php

Name of the Vulnerable Software and Affected Versions: Upload Tool for PHP version 1.0 Description: The issue allows remote attackers to read arbitrary files via directory traversal attacks using ".." sequences or absolute pathnames in the filename parameter of the /upload/bin/download.php API...

PT-2007-1383 · Smarty · Smarty

Name of the Vulnerable Software and Affected Versions: Smarty version 2.6.9 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter in the libs/Smarty.class.php file. This is a PHP remote file inclusion issue. Note that the original...

CVE-2007-1140

Directory traversal vulnerability in edit.php in pheap allows remote attackers to read and modify arbitrary files via a .. dot dot in the filename parameter...

Directory traversal

Directory traversal vulnerability in edit.php in pheap allows remote attackers to read and modify arbitrary files via a .. dot dot in the filename parameter...

CVE-2007-1140

The CVE-2007-1140 entry describes a directory traversal vulnerability in edit.php of the pheap application, where an attacker can supply a filename containing .. to read and modify arbitrary files. Affected component: pheap (edit.php). Root cause: improper validation of the filename parameter all...

CVE-2006-6912

SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the userfile or filename parameter...

CVE-2006-6725

Multiple directory traversal vulnerabilities in PHPBuilder 0.0.2 and earlier allow remote attackers to read arbitrary files via a .. dot dot in the filename parameter to 1 lib/htm2php.php and 2 sitetools/htm2php.php. NOTE: The provenance of this information is unknown; the details are obtained...

CVE-2006-6255

Direct static code injection vulnerability in util.php in the NukeAI 0.0.3 Beta module for PHP-Nuke, aka Program E is an AIML chatterbot, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension in the filename parameter and code in the moreinfo...

CVE-2006-3547

EMC VMware Player allows user-assisted attackers to cause a denial of service unrecoverable application failure via a long value of the ide1:0.fileName parameter in the .vmx file of a virtual machine. NOTE: third parties have disputed this issue, saying that write access to the .vmx file enables...

PT-2005-4687 · Php · Php Upload Center

Name of the Vulnerable Software and Affected Versions: PHP Upload Center affected versions not specified Description: A directory traversal issue exists in index.php, allowing remote attackers to read arbitrary files by including "../" sequences in the filename parameter of the vulnerable API...

CVE-2004-2586

CVE-2004-2586 applies to SmarterTools SmarterMail 1.6.1511 and 1.6.1529, where a directory traversal flaw in frmGetAttachment.aspx allows remote attackers to read arbitrary files via the filename parameter. Root cause: insufficient input validation leading to path traversal. The available sources...

CVE-2002-1812

Buffer overflow in gdam123 0.933 and 0.942 allows local users to execute arbitrary code via a long filename parameter...

PT-2004-2917 · Oscommerce · Oscommerce

Name of the Vulnerable Software and Affected Versions: osCommerce version 2.2 Description: A directory traversal issue exists, allowing remote attackers to view arbitrary files by including a .. dot dot in the filename argument of the file manager.php script. Recommendations: For osCommerce versi...

BBS E-Market Professional index.php filename Parameter Traversal Arbitrary File Access

The remote host is running BBS E-Market Professional, a Korean e-commerce application written in PHP.\n There is a directory traversal vulnerability in the 'filename' parameter of '/bemarket/shop/index.php'. A remote attacker could exploit this to read sensitive information on the system...

CVE-2004-0676

Directory traversal vulnerability in Fastream NETFile FTP/Web Server 6.7.2.1085 and earlier allows remote attackers to create or delete arbitrary files via .. dot dot and // double slash sequences in the filename parameter...

PT-2004-1763 · Fastream · Netfile Ftp/Web Server

Name of the Vulnerable Software and Affected Versions: Fastream NETFile FTP/Web Server versions 6.7.2.1085 and earlier Description: A directory traversal issue allows remote attackers to create or delete arbitrary files by using .. dot dot and // double slash sequences in the filename parameter...