Lucene search
K

1400 matches found

NVD
NVD
added 2002/12/11 5:0 a.m.20 views

CVE-2002-1269

Unknown vulnerability in NetInfo Manager application in Mac OS X 10.2.2 allows local users to access restricted parts of a filesystem...

4.6CVSS6.2AI score0.00306EPSS
Exploits0References1
NVD
NVD
added 2002/10/16 4:0 a.m.14 views

CVE-2002-1618

JFS JFS3.1 and OnlineJFS in HP-UX 10.20, 11.00, and 11.04 does not properly implement the sticky bit functionality, which could allow attackers to bypass intended restrictions on filesystems...

7.2CVSS6.5AI score0.00567EPSS
Exploits0References5
CERT
CERT
added 2002/09/24 12:0 a.m.13 views

Cherokee Web Server does not adequately validate user input thereby allowing directory traversal

Overview Cherokee contains a directory traversal vulnerability caused by failure to filter '../' character sequences. Description Cherokee is a compact, open-source web server. Cherokee does not filter '../' sequences from HTTP requests. As a result, it is possible for a remote attacker to reques...

6.9AI score
Exploits0References2
securityvulns
securityvulns
added 2002/09/13 12:0 a.m.25 views

Security Issue with Mac OS X

Below is the copy of the email I sent to Apple a week ago I have dropped them a copy of the mail on their feedback web page, too. Since I haven't heard of them since, I have chosen to make the security issue available to the community. Below the copy of the mail is a short discussion of the...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2002/07/11 12:0 a.m.28 views

Multiple Security Vulnerabilities in Sharp Zaurus

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Syracuse University Research for Understanding Aspects of the Zaurus Security Advisory SURUAZ-2002-07-07 Center for Systems Assurance http://www.csa.syr.edu Synopsis: The SharpR Zaurustm SL-5000D and SL-5500 have multiple security vulnerabilities in...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2002/07/11 12:0 a.m.36 views

Sharp Zaurus multiple bugs

Remote filesystem access, weak pseudo-random numbers generation...

3.5AI score
Exploits0References1
securityvulns
securityvulns
added 2002/02/08 12:0 a.m.31 views

Обхот chroot() в AtheOS (protection bypass)

С помощью обратного пути можно обратиться к файлам за пределами chroot...

1.2AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2002/02/05 12:0 a.m.44 views

PHP Safe Mode Filesystem Circumvention Problem

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ------------------------------------------------------------------------------ Security Advisory DW020203-PHP Release: 3rd February 2002 PHP Safe Mode Filesystem Circumvention Problem Severity: Medium to high. Affects: PHP, all versions which include...

7.6AI score
Exploits0
exploitpack
exploitpack
added 2002/02/03 12:0 a.m.12 views

PHP 4.x5.x MySQL Library - Safe_mode Filesystem Circumvention (3)

PHP 4.x5.x MySQL Library - Safemode Filesystem Circumvention 3 optionsMYSQLIOPTLOCALINFILE, 1; $m-setlocalinfilehandler"r"; $m-query"LOAD DATA LOCAL INFILE '/etc/passwd' INTO TABLE a.a"; $m-close; ?...

Exploits0
exploitpack
exploitpack
added 2002/02/03 12:0 a.m.23 views

PHP 4.x5.x MySQL Library - Safe_mode Filesystem Circumvention (1)

PHP 4.x5.x MySQL Library - Safemode Filesystem Circumvention 1 ?php / source: https://www.securityfocus.com/bid/4026/info PHP's 'safemode' feature may be used to restrict access to certain areas of a filesystem by PHP scripts. However, a problem has been discovered that may allow an attacker to...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2002/02/03 12:0 a.m.66 views

PHP 4.x/5.x MySQL Library - 'Safe_mode' Filesystem Circumvention (1)

?php / source: https://www.securityfocus.com/bid/4026/info PHP's 'safemode' feature may be used to restrict access to certain areas of a filesystem by PHP scripts. However, a problem has been discovered that may allow an attacker to bypass these restrictions to gain unauthorized access to areas o...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2001/08/25 12:0 a.m.37 views

Java Plugin 1.4 with JRE 1.3 -> Ignores certificates.

During work I've found out that the combination of the Java Plugin 1.4 with the JRE 1.3 doesn't handle certificates properly. An applet signed with an outdated certificate shouldn't be able to get access to the filesystem on the client machine. However this happens when using the named combinatio...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2001/04/02 12:0 a.m.43 views

Microburst uStorekeeper 1.x - Arbitrary Commands

source: https://www.securityfocus.com/bid/2536/info A vulnerability exists in versions of uStorekeeper Online Shopping System from Microburst Technologies. The script fails to properly validate user-supplied input, allowing remote users to submit URLs containing '/../' sequences and arbitrary...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2000/10/23 12:0 a.m.17 views

Allaire JRun 2.3 - File Source Code Disclosure

Allaire JRun 2.3 - File Source Code Disclosure source: https://www.securityfocus.com/bid/1833/info Allaire JRun is a web application development suite with JSP and Java Servlets. JRun contains a vulnerability that allows a user to access documents outside of the webroot. Requesting a malformed UR...

7.6AI score
Exploits0
exploitpack
exploitpack
added 2000/10/23 12:0 a.m.14 views

Allaire JRun 2.3 - Arbitrary Code Execution

Allaire JRun 2.3 - Arbitrary Code Execution source: https://www.securityfocus.com/bid/1831/info Jrun contains a vulnerability that allows a user to compile and execute JSP code from an arbitrary file on the webserver's filesystem. This bug is due to the way JSP execution is invoked -- if a...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2000/10/23 12:0 a.m.36 views

Allaire JRun 2.3 - Arbitrary Code Execution

source: https://www.securityfocus.com/bid/1831/info Jrun contains a vulnerability that allows a user to compile and execute JSP code from an arbitrary file on the webserver's filesystem. This bug is due to the way JSP execution is invoked -- if a requested filename/path is prefixed with...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2000/10/13 12:0 a.m.24 views

anaconda Foundation 1.4 < 1.9 - Directory Traversal

source: https://www.securityfocus.com/bid/2338/info A vulnerability exists in Anaconda Foundation Directory which allows a remote user to traverse the filesystem of a target computer. This may lead to the disclosure of file and directory contents. Arbitrary files can be accessed through the use o...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2000/10/11 12:0 a.m.35 views

SLA-16.MasterIndex.txt

Synnergy Laboratories Advisory SLA-2000-16 NAME Master Index directory traversal vulnerability AFFECTED Linux/UNIX with Master Index SYNOPSIS Synnergy Labs has found a flaw within Master Index that allows a user to successfully traverse the filesystem on a remote host, allowing arbitary...

7.4AI score
Exploits0
exploitpack
exploitpack
added 1999/11/29 12:0 a.m.12 views

symantec mail-gear 1.0 - Directory Traversal

symantec mail-gear 1.0 - Directory Traversal source: https://www.securityfocus.com/bid/827/info Mail-Gear, a multi-purpose filtering email server, includes a webserver for remote administration and email retrieval. This webserver is vulnerable to the '../' directory traversal attack. By including...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 1999/11/04 12:0 a.m.27 views

etype eserv 2.50 - Directory Traversal

source: https://www.securityfocus.com/bid/773/info Etype's Eserv product is designed to be a one-source internet connectivity solution, incorporating mail, web, ftp, and proxy servers into one package. The web server will allow remote browsing of the entire filesystem by the usage of ../ strings ...

7.4AI score
Exploits0
Rows per page
Query Builder