JVN#15972537 Fujitsu Java Runtime Environment reflection API vulnerability

Impact If a user downloads and executes a specially crafted applet, a remote attacker could access local files with the elevated privileges or execute arbitrary code with the privilege of the user running the applet. Solution Products Affected For more information, refer to the vendor's website...

CVE-2005-4086

Directory traversal vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management SugarCRM 4.0 beta and earlier allows remote attackers to include arbitrary local files via ".." sequences in the beanFiles array parameter...

CVE-2005-3936

PHP file include vulnerability in SocketKB 1.1.0 and earlier allows remote attackers to include arbitrary local files via the f parameter...

CVE-2005-3936

PHP file include vulnerability in SocketKB 1.1.0 and earlier allows remote attackers to include arbitrary local files via the f parameter...

CVE-2005-3910

merchants/index.php in Post Affiliate Pro 2.0.4 and earlier, with magicquotesgpc disabled, allows remote attackers to include arbitrary local files via the md parameter, possibly due to a directory traversal vulnerability...

[SA17748] Sun Java JRE Sandbox Security Bypass Vulnerabilities

TITLE: Sun Java JRE Sandbox Security Bypass Vulnerabilities SECUNIA ADVISORY ID: SA17748 VERIFY ADVISORY: http://secunia.com/advisories/17748/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: Sun Java SDK 1.4.x http://secunia.com/product/1661/ Sun Java SDK 1.3.x...

CVE-2005-3680

The CVE-2005-3680 entry concerns XOOPS 2.2.3. It describes a directory traversal/Local File Inclusion in editor_registry.php, exploitable via a .. in the xoopsConfig[language] parameter, allowing remote attackers to read or include arbitrary local files. The affected component is XOOPS 2.2.3 (edi...

CVE-2005-3579

ts.exe aka ts.cgi in Walla TeleSite 3.0 and earlier allows remote attackers to access arbitrary local files via the querystring...

CVE-2005-3579

ts.exe aka ts.cgi in Walla TeleSite 3.0 and earlier allows remote attackers to access arbitrary local files via the querystring...

XOOPS xoopsConfig[language] Parameter Local File Inclusion (XOOPS_WFd205_xpl)

The remote installation of XOOPS fails to sanitize user-supplied input to the 'xoopsConfiglanguage' parameter of several xoopseditor scripts before using it in PHP 'include' functions. An unauthenticated attacker may be able to leverage these issues to read arbitrary local files and even execute...

CVE-2005-3519

Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow remote attackers to execute arbitrary PHP code and include arbitrary local files via the 1 INCLUDEPATH and 2 SQUIZLIBPATH parameters in newupgradefunctions.php, 3 the INCLUDEPATH parameter in initmysource.php, and the PEARPATH...

XML Core Services patch (Q318203)

XMLHTTP Control Can Allow Access to Local Files. A flaw exists in how the XMLHTTP control applies IE security zone settings to a redirected data stream returned in response to a request for data from a web site. A vulnerability results because an attacker could seek to exploit this flaw and speci...

IE VBScript Handling patch (Q318089)

Incorrect VBScript Handling in IE can Allow Web Pages to Read Local Files. SPDX-FileCopyrightText: 2002 Michael Scheidell Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2005-3299

PHP file inclusion vulnerability in grabglobals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $redirect parameter, possibly involving the subform array...

CVE-2005-2607

PHP file include vulnerability in download.php in PHPSimplicity Simplicity oF Upload before 1.3.1 allows remote attackers to include arbitrary local and remote files via the language parameter and a terminating null "%00" characters...

CVE-2005-2607

PHP file include vulnerability in download.php in PHPSimplicity Simplicity oF Upload before 1.3.1 allows remote attackers to include arbitrary local and remote files via the language parameter and a terminating null "%00" characters...

EMC Navisphere Manager 6.x - Directory Traversal Information Disclosure

EMC Navisphere Manager 6.x - Directory Traversal Information Disclosure source: https://www.securityfocus.com/bid/14487/info EMC Navisphere Manager is affected by directory traversal and information disclosure vulnerabilities. These issues are due to a failure in the application to properly...

Comdev eCommerce 3.0 - WCE.download.php Directory Traversal

Comdev eCommerce 3.0 - WCE.download.php Directory Traversal source: https://www.securityfocus.com/bid/14479/info Comdev eCommerce is prone to a directory traversal vulnerability. A remote unauthorized user can disclose the contents of arbitrary local files through the use of directory traversal...

EMC Navisphere Manager 6.x - Directory Traversal / Information Disclosure

source: https://www.securityfocus.com/bid/14487/info EMC Navisphere Manager is affected by directory traversal and information disclosure vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. A remote unauthorized user can disclose the...

Comdev eCommerce 3.0 - 'WCE.download.php' Directory Traversal

source: https://www.securityfocus.com/bid/14479/info Comdev eCommerce is prone to a directory traversal vulnerability. A remote unauthorized user can disclose the contents of arbitrary local files through the use of directory traversal strings '../' relative to the Web application's root path...