873 matches found
Partial access to local files via CSS in Internet Explorer
Via .oFile.cssText property of Link object it's possible to get partial content of any file with structure close to CSS...
PHP 4.x5.x MySQL Library - Safe_mode Filesystem Circumvention (2)
PHP 4.x5.x MySQL Library - Safemode Filesystem Circumvention 2...
CVE-2001-0892
Acme Thttpd Secure Webserver before 2.22, with the chroot option enabled, allows remote attackers to view sensitive files under the document root such as .htpasswd via a GET request with a trailing /...
sglMerchant Version 1.0
sglMerchant Version 1.0 by SeaGlass Technologies, Inc have the old bug ExploiT: www.server.com/cgi-shop/viewitem? HTMLFILE=../../../../../../etc/passwd00&KEY=1900- 0999 XP- TEAM DonHuan [email protected]...
CVE-2001-0480
Directory traversal vulnerability in Alex's FTP Server 0.7 allows remote attackers to read arbitrary files via a ... modified dot dot in the 1 GET or 2 CD commands...
CVE-2000-0912
The CVE-2000-0912 entry concerns the MultiHTML CGI script (multihtml.pl). Affected component: the multihtml.pl CGI. The underlying issue is a traversal/file-access vulnerability where the attacker can specify the file name via the multi parameter, enabling reading of arbitrary files on the remote...
Unsafe passing of variables to mailform.pl in MailForm V2.0
Title: Unsafe passing of variables to mailform.pl in MailForm V2.0 For Unix or NT Advisory Author: Karl Hanmore [email protected] Script URL: http://rlaj.com/scripts/mailform Script Author: Ranson Johnson Advisory Released: 11 September 2000 Vendor notified: [email protected] 05 Sept...
Roxen security alert: Problems with URLs containing null characters.
Roxen 2.0 up to version 2.0.68 has a vulnerability where using URLs containing null characters can gain the browser access to information he is not authorized to: Directory listings in directories with index files In normal filesystems: the sourcecode for RXML files, Pike scripts, CGIs etc...
IE 5.5 and 5.01 vulnerability - reading at least local and from any host text and parsed html files
Georgi Guninski security advisory 16, 2000 IE 5.5 and 5.01 vulnerability - reading at least local and from any host text and parsed html files Systems affected: IE 5.5, 5.01 / Win98 - probably other versions, have not tested Risk: Medium Disclaimer: The opinions expressed in this advisory and...
CVE-2000-0465
Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files via the frame, aka the "Frame Domain Verification" vulnerability...
Compaq Client Management Agents 3.704.0 Insight Management Agents 4.21 A4.22 A4.30 A Intelligent Cluster Administrator 1.0 Management Agents for Workstations 4.20 A Server Management Agents 4.23 Survey Utility 2.0 - Web File Access
Compaq Client Management Agents 3.704.0 Insight Management Agents 4.21 A4.22 A4.30 A Intelligent Cluster Administrator 1.0 Management Agents for Workstations 4.20 A Server Management Agents 4.23 Survey Utility 2.0 - Web File Access source: https://www.securityfocus.com/bid/282/info A vulnerabilit...
Microsoft Internet Explorer 4/5 - DHTML Edit ActiveX Control File Stealing / Cross Frame Access
source: https://www.securityfocus.com/bid/116/info Vulnerabilities in an ActiveX control distributed with Internet Explorer 5 and available for Internet Explorer 4 allow malicous web sites to steal local files and to bypass cross-frame security rules. The DHTML Edit Control Safe for Scripting...
Security Update, February 13, 2002 (MSXML 2.6)
This update resolves the "XMLHTTP Control Can Allow Access to Local Files" security vulnerability in Microsoft XML MSXML 2.6 and Windows XP, and is discussed in Microsoft Security Bulletin MS02-008. Download now to help prevent a malicious user from reading the files on your computer when you vis...