CVE-2007-1392

Directory traversal vulnerability in down.php in netForo! 0.1g allows remote attackers to read arbitrary files via a .. dot dot in the filetodownload parameter...

DEBIAN-CVE-2007-1329

Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . dot characters adjacent to 1 users and 2 users/members strings, which are removed by blacklisting functions that filter the...

PT-2007-1411 · Php · Upload Tool For Php

Name of the Vulnerable Software and Affected Versions: Upload Tool for PHP version 1.0 Description: The issue allows remote attackers to read arbitrary files via directory traversal attacks using ".." sequences or absolute pathnames in the filename parameter of the /upload/bin/download.php API...

CVE-2007-1149

Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow remote attackers to read arbitrary files via a .. dot dot in 1 the step parameter to install/index.php or 2 the load parameter to the top-level URI...

CVE-2007-1199

Adobe Reader and Acrobat Trial allow remote attackers to read arbitrary files via a file:// URI in a PDF document, as demonstrated with , a different issue than CVE-2007-0045...

PT-2007-2118 · Gentoo · Thttpd +1

Name of the Vulnerable Software and Affected Versions: thttpd versions prior to 2.25b-r6 Description: The issue allows remote attackers to read arbitrary files because thttpd is started from the system root directory / by the Gentoo baselayout 1.12.6 package. Recommendations: For versions prior t...

Design/Logic Flaw

BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP7, and 8.1 through 8.1 SP5 allows remote attackers to read arbitrary files inside the class-path property via .ear or exploded .ear files that use the manifest class-path property to point to utility jar files...

CVE-2006-5858

CVE-2006-5858 affects Adobe ColdFusion MX 7–7.0.2 and JRun 4 when run on Microsoft IIS. The vulnerability allows remote attackers to read arbitrary files, list directories, or read source code by sending a double URL-encoded NULL byte in a ColdFusion filename (e.g., a .cfm file). This is a server...

PT-2006-5772 · Cakephp · Cakephp

Name of the Vulnerable Software and Affected Versions: CakePHP versions prior to 1.1.8.3544 Description: The issue allows remote attackers to read arbitrary files via a .. dot dot in the file parameter, followed by a filename ending with %00 and a .js filename. This is a directory traversal...

CVE-2006-4684

CVE-2006-4684 details (Zope/Zope2, docutils integration): Affects Zope 2.7.0–2.7.9 and 2.8.0–2.8.8. The vulnerability stems from improper handling of reStructuredText (reST) in web pages, allowing a remote attacker to read arbitrary files via a csv_table directive. CVSSv2 base metrics reported: A...

security flaw

Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1729, which allows remote attackers to read arbitrary files by inserting the target filename into a text box, then turning that box into a file upload control...

security flaw

Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1729, which allows remote attackers to read arbitrary files by inserting the target filename into a text box, then turning that box into a file upload control...

CVE-2006-3392

CVE-2006-3392 affects Webmin (pre-1.290) and Usermin (pre-1.220). The issue arises when the server’s miniserv.pl sanitization path uses the simplify_path function before HTML decoding, allowing a remote attacker to read arbitrary files via specially crafted URLs (eg, using ..%01 sequences that b...

CVE-2006-2317

Unspecified vulnerability in Ideal Science Ideal BB 1.5.4a and earlier allows remote attackers to read arbitrary files under the web root via unspecified attack vectors related to the OpenTextFile method in Scripting.FileSystemObject...

DEBIAN-CVE-2006-2082

Directory traversal vulnerability in Quake 3 engine, as used in products including Quake3 Arena, Return to Castle Wolfenstein, Wolfenstein: Enemy Territory, and Star Trek Voyager: Elite Force, when the svallowdownload cvar is enabled, allows remote attackers to read arbitrary files from the serve...

CVE-2006-1729

Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by 1 inserting the target filename into a text box, then turning that box into a file upload control, or 2 changing the type of the...

CVE-2006-0484

Directory traversal vulnerability in Vis.pl, as part of the FACE CONTROL product, allows remote attackers to read arbitrary files via a .. dot dot in any parameter that opens a file, such as 1 s or 2 p...

CVE-2006-0434

Directory traversal vulnerability in action.php in phpXplorer allows remote attackers to read arbitrary files via ".." dot dot sequences and null bytes in the sAction parameter, a different vulnerability than CVE-2006-0244. NOTE: if the functionality of phpXplorer supports the upload of PHP files...

Directory traversal

Directory traversal vulnerability in action.php in phpXplorer allows remote attackers to read arbitrary files via ".." dot dot sequences and null bytes in the sAction parameter, a different vulnerability than CVE-2006-0244. NOTE: if the functionality of phpXplorer supports the upload of PHP files...

CVE-2005-3947

CVE-2005-3947 affects PHP Upload Center. A vulnerability in index.php allows directory traversal through the filename parameter (using ../), enabling an attacker to read arbitrary files on the server with the web server’s privileges. Technical details across sources confirm the vulnerable compone...