2871 matches found
Directory traversal
Directory traversal vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to include and execute arbitrary local files via a .. dot dot, or an absolute pathname, in the n parameter...
security flaw
Multiple buffer overflows in Sun Java Development Kit JDK and Java Runtime Environment JRE 5.0 Update 7 and earlier, Java System Development Kit SDK and JRE 1.4.212 and earlier 1.4.x versions, and SDK and JRE 1.3.118 and earlier allow attackers to develop Java applets that read, write, or execute...
CVE-2007-0836
admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the 1 "Path to custom header include" and 2 "Path to custom footer include" form fields. NOTE: The provenance of this information is...
security flaw
Multiple buffer overflows in Sun Java Development Kit JDK and Java Runtime Environment JRE 5.0 Update 7 and earlier, Java System Development Kit SDK and JRE 1.4.212 and earlier 1.4.x versions, and SDK and JRE 1.3.118 and earlier allow attackers to develop Java applets that read, write, or execute...
Mozilla Firefox weak PRNG generator
Weak PRNG generator is used to generate temporary files names for XMLHttpRequest. It may be used to access content of local files by creating temporary HTML file with predictable name...
Directory traversal
Directory traversal vulnerability in zdnumer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included ...
CVE-2007-0637
Directory traversal vulnerability in zdnumer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included ...
security flaw
Multiple buffer overflows in Sun Java Development Kit JDK and Java Runtime Environment JRE 5.0 Update 7 and earlier, Java System Development Kit SDK and JRE 1.4.212 and earlier 1.4.x versions, and SDK and JRE 1.3.118 and earlier allow attackers to develop Java applets that read, write, or execute...
CVE-2007-0349
Directory traversal vulnerability in upgrade.php in nicecoder.com INDEXU 5.x allows remote attackers to include arbitrary local files via a .. dot dot in the gateway parameter...
Directory traversal
Directory traversal vulnerability in upgrade.php in nicecoder.com INDEXU 5.x allows remote attackers to include arbitrary local files via a .. dot dot in the gateway parameter...
CVE-2007-0349
Directory traversal vulnerability in upgrade.php in nicecoder.com INDEXU 5.x allows remote attackers to include arbitrary local files via a .. dot dot in the gateway parameter...
Directory traversal
Directory traversal vulnerability in sesskglogadmin.php in KGB 1.9 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the skinnn parameter, as demonstrated by invoking kg.php with a postek parameter containing PHP code, which is injected into a fi...
CVE-2007-0335
CVE-2007-0335 affects Jax Petition Book 1.0.3.06. Affected component: languagepack handling in jax_petitionbook.php and smileys.php. Root cause: directory traversal via a .. in the languagepack parameter enables inclusion of arbitrary local files. Impact: remote attackers can include and execute ...
KLA10293 Multiple vulnerabilities in PentaWare
Multiple serious vulnerabilities have been found in PentaWare. Malicious users can exploit these vulnerabilities to cause denial of service or extract files to an arbitrary directory. Below is a complete list of vulnerabilities 1. Unknown vectors can be exploited remotely via a specially designed...
Apple Quicktime HREFTrack Cross-Zone Scripting vulnerability
Overview Web browsers running the Apple QuickTime plugin may allow remote web sites to reference content on the local filesystem. This may allow an attacker to execute script within the security context of the local machine. Description Web browser plugins that allow remote web sites to reference...
Directory traversal
Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when registerglobals is enabled and magicquotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the page parameter, as demonstrated by injecting PHP...
Directory traversal
Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log fil...
CVE-2006-6731
Multiple buffer overflows in Sun Java Development Kit JDK and Java Runtime Environment JRE 5.0 Update 7 and earlier, Java System Development Kit SDK and JRE 1.4.212 and earlier 1.4.x versions, and SDK and JRE 1.3.118 and earlier allow attackers to develop Java applets that read, write, or execute...
Links: Arbitrary Samba command execution
Background Links is a web browser running in both graphics and text modes. Description Teemu Salmela discovered that Links does not properly validate "smb://" URLs when it runs smbclient commands. Impact A remote attacker could entice a user to browse to a specially crafted "smb://" URL and execu...
CVE-2006-6465
WikyBlog v1.3.2 and earlier exposes a directory traversal risk in WBmap.php via the l parameter. The vulnerability is described as allowing remote inclusion/execution of local files, with the note that the l parameter is validated by ctype_alpha before use, which CVE disputes. Affected software i...