CVE-2008-4638

qioadmin in the Quick I/O for Database feature in Symantec Veritas File System VxFS on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, allows local users to read arbitrary files by causing qioadmin to write a file's content to standard error in an error message...

CVE-2008-4632

Multiple directory traversal vulnerabilities in index.php in Kure 0.6.3, when magicquotesgpc is disabled, allow remote attackers to read and possibly execute arbitrary local files via a .. dot dot in the 1 post and 2 doc parameters...

CVE-2008-4602

Directory traversal vulnerability in index.php in Post Affiliate Pro 2.0 allows remote authenticated users to read and possibly execute arbitrary local files via a .. dot dot in the md parameter...

JDK untrusted applet/application privilege escalation (6661918)

Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.218 allows context-dependent attackers to gain privileges via an untrusted 1 application or 2 applet, as...

CVE-2003-1366

CVE-2003-1366 affects OpenBSD versions 2.0–3.2 in the chpass utility, enabling local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information. The vulnerability is described with a CVSS v2 base score of 3.3 (LOCAL, MEDIUM complex...

CVE-2007-5484

Directory traversal vulnerability in wxis.exe in WWWISIS 7.1 allows local users to read arbitrary files via a .. dot dot in the IsisScript parameter to iah...

Design/Logic Flaw

Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.215 and earlier, on Windows does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read local files via an untrusted application...

PT-2007-5375 · Pluck · Pluck

Name of the Vulnerable Software and Affected Versions: Pluck version 4.3 Description: The issue allows remote attackers to potentially read arbitrary local files via a .. dot dot in the file parameter in the data/inc/theme.php file when register globals is enabled. However, it's noted that the co...

PhpWind anti-theft chain plug-in Showpic. php local file read vulnerability-vulnerability warning-the black bar safety net

Vulnerability file: showpic.php str=$SERVER'QUERYSTRING'; $img=base64decode$str; $codelen=strlen$safeguard;//get the additional code length $img=substr$img,$codelen; //remove the additional code readfile$img; Submitted parameters are base64 encoded directly using readfile to read the file,so you...

openmedia.txt

openmadia exploit local read file ========================================== search google powered by openmedia ====================================== Exploit : http://www.site.com/page.php?src=../../../../../etc/passwd http://www.site.com/searchform.php?lang=fr&format=../../../../../etc/passwd...

CVE-2006-6242

Multiple directory traversal vulnerabilities in Serendipity 1.0.3 and earlier allow remote attackers to read or include arbitrary local files via a .. dot dot sequence in the serendipitycharset parameter in 1 include/lang.inc.php; or to plugins/ scripts 2...

CVE-2006-2449

KDE Display Manager KDM in KDE 3.2.0 up to 3.5.3 allows local users to read arbitrary files via a symlink attack related to the session type for login...

Loudblog 0.41 SQL Injection, Local file read/include

"Loudblog is a sleek and easy-to-use Content Management System CMS for publishing media content on the web." SQL Injection in podcast.php magicquotes=off: http://target/loudblog/podcast.php?id=1' and '1'='0' union select...

CVE-2005-0259

CVE-2005-0259 affects phpBB 2.0.11 (and possibly other versions) where enabling remote avatars and avatar uploading allows local users to read arbitrary files by providing both a local and remote avatar location and setting the “Upload Avatar from a URL:” field to reference the target file. Root ...

CVE-2002-1199

The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments...

CVE-2002-1270

Mac OS X 10.2.2 is affected by CVE-2002-1270: local users can read files that are intended to be writable only. The root cause is related to the map_fd() Mach system call, enabling reading of restricted files rather than only writing. The vulnerability is local, with low base score (2.1 in NVD) a...

PT-2004-2957 · Isearch · Isearch +1

Name of the Vulnerable Software and Affected Versions: RiSearch version 1.0.01 RiSearch Pro version 3.2.06 Description: The issue allows remote attackers to use the show.pl script as an open proxy or read arbitrary local files by setting the url parameter to a http://, ftp://, or file:// URL...

HP-UX 10.20 - registrar Local Arbitrary File Read

HP-UX 10.20 - registrar Local Arbitrary File Read source: https://www.securityfocus.com/bid/1919/info The registrar service that ships with version 10.20 possibly others of HP's HP-UX operating system contains a vulnerability that may allow a local user to read any file on the hosts filesystem. T...

CVE-1999-0988

UnixWare pkgtrans allows local users to read arbitrary files via a symlink attack...