2857 matches found
Directory traversal
Multiple directory traversal vulnerabilities in PHP-Fusion 6.00.306 allow remote attackers to include and execute arbitrary local files via 1 a .. dot dot in the settingslocale parameter in infusions/lastseenuserspanel/lastseenuserspanel.php, and 2 a .. dot dot in the localeset parameter in...
CVE-2006-2331
Multiple directory traversal vulnerabilities in PHP-Fusion 6.00.306 allow remote attackers to include and execute arbitrary local files via 1 a .. dot dot in the settingslocale parameter in infusions/lastseenuserspanel/lastseenuserspanel.php, and 2 a .. dot dot in the localeset parameter in...
CVE-2006-2331
Multiple directory traversal vulnerabilities in PHP-Fusion 6.00.306 allow remote attackers to include and execute arbitrary local files via 1 a .. dot dot in the settingslocale parameter in infusions/lastseenuserspanel/lastseenuserspanel.php, and 2 a .. dot dot in the localeset parameter in...
GLSA-200604-18 : Mozilla Suite: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200604-18 Mozilla Suite: Multiple vulnerabilities Several vulnerabilities were found in Mozilla Suite. Version 1.7.13 was released to fix them. Impact : A remote attacker could craft malicious web pages or emails that would levera...
Mozilla Suite: Multiple vulnerabilities
Background The Mozilla Suite is a popular all-in-one web browser that includes a mail and news reader. Description Several vulnerabilities were found in Mozilla Suite. Version 1.7.13 was released to fix them. Impact A remote attacker could craft malicious web pages or emails that would leverage...
Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2006:075)
A number of vulnerabilities have been discovered in the Mozilla Firefox browser that could allow a remote attacker to craft malicious web pages that could take advantage of these issues to execute arbitrary code with elevated privileges, spoof content, and steal local files, cookies, or other...
GLSA-200604-12 : Mozilla Firefox: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200604-12 Mozilla Firefox: Multiple vulnerabilities Several vulnerabilities were found in Mozilla Firefox. Versions 1.0.8 and 1.5.0.2 were released to fix them. Impact : A remote attacker could craft malicious web pages that would...
Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2006:078)
A number of vulnerabilities have been discovered in the Mozilla Thunderbird email client that could allow a remote attacker to craft malicious web emails that could take advantage of these issues to execute arbitrary code with elevated privileges, spoof content, and steal local files, or other...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is the next-generation web browser from the Mozilla project. Description Several vulnerabilities were found in Mozilla Firefox. Versions 1.0.8 and 1.5.0.2 were released to fix them. Impact A remote attacker could craft malicious web pages that would leverage these issue...
Design/Logic Flaw
Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into...
CVE-2006-1942
Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into...
CVE-2006-1942
Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into...
CVE-2006-1942
Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into...
CVE-2006-1942
Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into...
Directory traversal
Directory traversal vulnerability in the loadConfig function in index.php in phpWebSite 0.10.2 and earlier allows remote attackers to include arbitrary local files and execute arbitrary PHP code via the hubdir parameter, as demonstrated by including accesslog. NOTE: in some cases, arbitrary remot...
CVE-2006-1819
The CVE-2006-1819 issue affects phpWebSite prior to 0.10.2, where the hub_dir parameter in index.php is not properly validated, enabling local file inclusion via include() and possible PHP code execution. The root cause is inadequate verification of hub_dir, which can allow an attacker to referen...
Directory traversal
Directory traversal vulnerability in acc.php in QuickBlogger 1.4 allows remote attackers to read or include arbitrary local files via the request parameter. NOTE: this issue can also produce resultant XSS when the associated include statement fails...
CVE-2006-1791
Directory traversal vulnerability in acc.php in QuickBlogger 1.4 allows remote attackers to read or include arbitrary local files via the request parameter. NOTE: this issue can also produce resultant XSS when the associated include statement fails...
CVE-2006-1791
Directory traversal vulnerability in acc.php in QuickBlogger 1.4 allows remote attackers to read or include arbitrary local files via the request parameter. NOTE: this issue can also produce resultant XSS when the associated include statement fails...
CVE-2006-1777
Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache errorlog file, which...