Microsoft Windows NT cmd.exe buffer overflow

Buffer overflow Windows NT or batch failure Windows 2000 on oversized paths...

E-theni - Remote File Inclusion Command Execution

source: https://www.securityfocus.com/bid/6970/info E-theni may allow inclusion of malicious remote files. This is due to remote users being able to influence the include path of an external file 'paralangue.php' referenced by the 'afflistelangue.php' script. This could result in arbitrary comman...

N/X (PHP)

Informations : °°°°°°°°°°°°°° Website : http://nxwcms.sourceforge.net/ Version : 2002 PreRelease 1 Problem : Include file PHP Code/Location : °°°°°°°°°°°°°°°°°°° nx/common/cds/menu.inc.php : ----------------------------------------------------------- ... requireonce...

DEBIAN-CVE-2002-1344

Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing 1 /absolute/path or 2 .. dot dot sequences...

FTP clients directory traversal

Server can put relative or absolute path in filename...

QNX RTOS 6.2 - Application Packager Non-Explicit Path Execution

QNX RTOS 6.2 - Application Packager Non-Explicit Path Execution source: https://www.securityfocus.com/bid/6146/info A vulnerability has been discovered in an application packager shipped with QNX RTOS. It should be noted that the vulnerable packager is installed setuid root by default. It has bee...

CVE-2002-1592

The aplogrerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information...

CVE-2001-1282

Ipswitch IMail 7.04 and earlier records the physical path of attachments in an e-mail message header, which could allow remote attackers to obtain potentially sensitive configuration information...

IIS Unicode Strings

Some of unicodes ... collected by cd http://bastardo.de/ apache ; /MSADC/root.exe?/c+dir /PBServer/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir /PBServer/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir /PBServer/..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir...

CVE-2001-0507

CVE-2001-0507 describes a privilege-elevation flaw in IIS 5.0 where local users can gain privileges by abusing relative path resolution to system files used to run in-process Trojan horse files. OpenVAS/NVD entries corroborate an IIS remote/content-exploitation lineage around early MS01-044 era; ...

Многочисленные ошибки в BPM Studio (multiple bugs)

Доступ к специальным устройствам, обратный путь в каталогах...

AtheOS: escaping from a chroot jail

------- AtheOS ------- AtheOS is a free desktop operating system under the GPL license. AtheOS currently run on Intel, AMD and other compatible processors and support the Intel Multi Processor architecture. AtheOS home page is : http://www.atheos.cx ------- Vulnerability ------- A chroot call is...

Обратный путь в директориях Comprehensive Web Programming API (directory traversal)

Метод GetRelativePath не проверяет относительные пути...

Important: Red Hat Security Advisory: : Updated man package fixing GID security problems.

Updated man packages fixing a local GID man exploit and a potential GID man to root exploit, as well as a problem with the man paths of Red Hat Linux 5.x and 6.x. Users could gain access to the GID man by overrunning a buffer in the ultimatesource function. Users with GID man could get root acces...

Broker Ftp Server 5.0 Vulnerability

Vulnerability: users can break out of their root directory and list directories. Depending on the priv. you have other commands like delete maybe executed outside of the home. directory. e:crap was used as homedir. deleting files in e:crap is enabled Detail: Problem: Again relative paths. dir:...

Vulnerability in SlimServe FTPd

----- Begin Hush Signed Message from [email protected] ----- Vulnerability in SlimServe FTPd Overview SlimServe FTPd v1.0 is an ftp server available from http://www.whitsoftdev.com and http://www.download.com. A vulnerability exists which allows an attacker to break out of the ftp root using...

Vulnerability in Resin Webserver

----- Begin Hush Signed Message from [email protected] ----- Vulnerability in Resin Webserver Overview Resin 1.2.2 is a webserver available from http://www.caucho.com and http://java.tucows.com. A vulnerability exists which allows a remote user to break out of the web root using relative path...

Vulnerability in Picserver

Vulnerability in Picserver Overview Picserver is a specialized webserver available from http://www.informs.com and http://www.zdnet.com. A vulnerability exists which allows a remote user to break out of the web root using relative paths ie: '..', '...'. Details http://localhost:7000/../file outsi...

Дырка в Apache + PHP3 под Windows

Проблема обратного пути в директориях при использовании спец-символов...

Hassan Consulting Shopping Cart 1.18 - Directory Traversal

Hassan Consulting Shopping Cart 1.18 - Directory Traversal source: https://www.securityfocus.com/bid/1777/info The $page variable in Hassan Consulting Shopping Cart does not properly check for insecure relative paths such as the double dot "..". Therefore, requesting the following URL will displa...