CVE-2009-4321

Zen Cart CVE-2009-4321 affects extras/curltest.php in Zen Cart 1.3.8/1.3.8a (and possibly other versions), allowing remote attackers to read arbitrary local files via a file:// URI. The root cause cited is insufficient sanitization of user-supplied data, enabling information disclosure through th...

PT-2009-6124 · Cherokee · Cherokee Web Server

Name of the Vulnerable Software and Affected Versions: Cherokee Web Server versions 0.5.4 and earlier Description: A directory traversal issue allows remote attackers to read arbitrary files by including a /.. slash backslash dot dot in the URL. Recommendations: For Cherokee Web Server versions...

PT-2009-5987 · Vmware · Vmware Esxi +1

Name of the Vulnerable Software and Affected Versions: VMware Server versions 1.x through 1.0.9 and 2.x through 2.0.1 VMware ESXi version 3.5 VMware ESX versions 3.0.3 and 3.5 Description: A directory traversal issue allows remote attackers to read arbitrary files via unspecified vectors...

CVE-2009-1479

CVE-2009-1479 affects Boxalino (closed-source) and its HTTP handling of the path in client/desktop/default.htm. A directory traversal vulnerability exists where an attacker can craft a URL containing sequences like ../../.. to read arbitrary files outside the intended directory, leveraging web se...

PT-2009-5272 · Pixaria · Pixaria Gallery

Name of the Vulnerable Software and Affected Versions: Pixaria Gallery versions 2.0.0 through 2.3.5 Description: The issue allows remote attackers to read arbitrary files via a base64-encoded file parameter in the pixaria.image.php file. Recommendations: For Pixaria Gallery versions 2.0.0 through...

CVE-2008-6960

The CVE-2008-6960 entry concerns X10media’s x10 Automatic Mp3 Search Engine Script (versions 1.5.5–1.6). According to the description, the vulnerability is in download.php, where an encoded url parameter allows remote attackers to read arbitrary files, demonstrated by retrieving database credenti...

CVE-2009-2222

Directory traversal vulnerability in PHP-I-BOARD 1.2 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors, probably related to mail...

CVE-2009-2046

The embedded web server on the Cisco Video Surveillance 2500 Series IP Camera with firmware before 2.1 allows remote attackers to read arbitrary files via a 1 http or 2 https request, related to the a SD Camera Web Server and the b Wireless Camera HTTP Server, aka Bug IDs CSCsu05515 and CSCsr9649...

CVE-2009-2183

Directory traversal vulnerability in admin-files/ad.php in Campsite 3.3.0 RC1 allows remote attackers to read and possibly execute arbitrary local files via a .. dot dot in the GLOBALSgcampsiteDir parameter...

CVE-2009-2166

Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter...

DEBIAN-CVE-2009-0842

mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to read arbitrary invalid .map files via a full pathname in the map parameter, which triggers the display of partial file contents within an error message, as demonstrated by a /tmp/sekrut.map symlink...

CVE-2009-0842

mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to read arbitrary invalid .map files via a full pathname in the map parameter, which triggers the display of partial file contents within an error message, as demonstrated by a /tmp/sekrut.map symlink...

Directory traversal

Directory traversal vulnerability in index.php in MyPHPSite, when magicquotesgpc is disabled, allows remote attackers to read arbitrary files via a .. dot dot in the mod parameter...

CVE-2009-0240

CVE-2009-0240 affects WebSVN 2.0 (and possibly 1.7 beta). listing.php can expose restricted project changelogs/diffs when using an SVN authz file, via a manipulated repname parameter. Root cause is improper access control in listing.php. Impact: remote authenticated users can read restricted cont...

TeamSpeak <= 2.0.23.17 Remote File Disclosure Vulnerability

No description provided by source. ?php // teamspeak server = 2.0.23.17 remote read file vulnerability // bug found and exploit write by c411k // http://www.heise-online.co.uk/security/Vulnerability-in-TeamSpeak-2-server--/news/93734 zazhali ploent svolo4i!! // tested on win ts2serverrc2202317,...

KLA10285 RLF vulnerability in Orb

A directory traversal vulnerability was found in Orb. By exploiting this vulnerability malicious users can read arbitrary files. This vulnerability can be exploited remotely via a specially designed GET request. Original advisories - Related products Orb CVE list CVE-2008-5645 high Solution Updat...

Directory traversal

Directory traversal vulnerability in index.php in FAR-PHP 1.00, when magicquotesgpc is disabled, allows remote attackers to read arbitrary files via a .. dot dot in the c parameter...

Allaire Forums GetFile.cfm远程读取任意文件漏洞

BugCVE: CVE-1999-0800 BUGTRAQ: 229 Allaire Forums 是Allaire出品的一个论坛，运行在Coldfusion环境下。Allaire Forums 2.0.4版及其以前版本的一个文件存在安全问题。可以被远程入侵者用来获取服务器上的任意文件。 文件“GetFile.cfm”通常在Web应用程序的根目录下，由于这一行代码的问题： CFCONTENT TYPE= FT/FST FILE= FilePath 可以在指定绝对路径的情况下获取服务器上的任意文件，只要发出如下请求：...

resource: traversal vulnerability

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. dot dot and URL-encoded / slash characters in a resource: URI...

resource: traversal vulnerability

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. dot dot and URL-encoded / slash characters in a resource: URI...