PT-2005-4687 · Php · Php Upload Center

Name of the Vulnerable Software and Affected Versions: PHP Upload Center affected versions not specified Description: A directory traversal issue exists in index.php, allowing remote attackers to read arbitrary files by including "../" sequences in the filename parameter of the vulnerable API...

CVE-2004-2594

CVE-2004-2594 affects the Quake II server on Windows prior to R1Q2. The vulnerability is an absolute path traversal in the server’s file access, allowing a remote attacker to read arbitrary files by including a "/" sequence in a pathname (example: download /server.cfg). The CVSS data indicates ne...

CVE-2004-2478

The CVE-2004-2478 entry concerns Jetty HTTP Server in affected products (IBM Trading Partner Interchange < 4.2.4; CA Unicenter Web Services Distributed Management

CVE-2002-2033

FAQManager’s FAQManager CGI (faqmanager.cgi) is affected by CVE-2002-2033. The vulnerability occurs in version 2.2.5 and earlier, where an attacker can read arbitrary files on the web server by supplying a filename in the toc parameter with a trailing null character (%00). This is a web-applicati...

CVE-2000-1231

code.php3 in Phorum 3.0.7 allows remote attackers to read arbitrary files in the phorum directory via the query string...

CVE-2002-1684

Directory traversal vulnerability in 1 Deerfield D2Gfx 1.0.2 or 2 BadBlue Enterprise Edition 1.5.x and BadBlue Personal Edition 1.5.6 allows remote attackers to read arbitrary files via a ../ dot dot slash in the script used to read Microsoft Office documents...

CVE-2005-1898

The passthrough functionality in phpThumb.php in phpThumb before 1.5.4 allows remote attackers to read files that are not images...

CVE-2004-2105

The webacc servlet in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to read arbitrary .htt files via a full pathname in the error parameter...

CVE-2005-1408

Apple Keynote 2.0/2.0.1 is affected by CVE-2005-1408 due to a flaw in the keynote: URI handler that can be triggered by a crafted Keynote presentation. The vulnerability allows remote attackers to read arbitrary files on the local system. The related Nessus NASL entry confirms the issue exists in...

security flaw

PHP 4.0 with cURL functions allows remote attackers to bypass the openbasedir setting and read arbitrary files via a file: URL argument to the curlinit function...

CVE-2005-1295

Technical details (affected products, precise root cause, affected versions, and exploitability) are not publicly provided in the supplied documents. Monitor for updates from official advisories.

CVE-2005-0864

The CVE-2005-0864 entry concerns the Boa web server, used in Samsung ADSL Modem SMDK8947v1.2 and possibly other products. The vulnerability allows remote attackers to read arbitrary files by supplying a full path in the HTTP request (path traversal). Reported impact is partial breach of confident...

LimeWire 4.1.2 4.5.6 - GET Remote File Read

LimeWire 4.1.2 4.5.6 - GET Remote File Read !/usr/bin/perl Limewire 4.1.2 - 4.5.6 remote and fucking lame exploit written by lammat http://grpower.ath.cx [email protected] Discovered by Kevin Walsh use IO::Socket; $host = @ARGV0; $file = @ARGV1; unless @ARGV == 2 print "usage: $0 host file\n"; pri...

LimeWire 4.1.2 < 4.5.6 - 'GET' Remote File Read

!/usr/bin/perl Limewire 4.1.2 - 4.5.6 remote and fucking lame exploit written by lammat http://grpower.ath.cx [email protected] Discovered by Kevin Walsh use IO::Socket; $host = @ARGV0; $file = @ARGV1; unless @ARGV == 2 print "usage: $0 host file\n"; print "E.g: $0 10.0.0.2 /etc/passwd\n"; exit @r...

CVE-2005-0520

ArGoSoft FTP Server before 1.4.2.8 allows remote attackers to read arbitrary files via shortcut .LNK files in the SITE COPY command, a different vulnerability than CVE-2005-0519...

security flaw

Directory traversal vulnerability in the truepath function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences...

CVE-2004-1392

CVE-2004-1392 affects PHP 4.0 with the curl extension: remote attacker can bypass open_basedir and read arbitrary files via a file:// URL argument to curl_init. Public advisories RHSA-2005:405/406 (CentOS/Red Hat) describe updated PHP packages that fix this issue (curl_safe-file lookup; can impac...

CVE-2005-0313

Multiple directory traversal vulnerabilities in Magic Winmail Server 4.0 Build 1112 allow remote attackers to 1 upload arbitrary files via certain parameters to upload.php or 2 read arbitrary files via certain parameters to download.php, and remote authenticated users to read, create, or delete...

CVE-2004-0122

CVE-2004-0122 is described as affecting Microsoft MSN Messenger 6.0 and 6.1, allowing remote attackers to read arbitrary files via improper handling of certain requests. Connected advisories for pidgin/libpurple reference a related directory-traversal issue in the MSN protocol plugin (slp.c) that...

CVE-2002-1252

The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as used in various PeopleSoft products, allows remote attackers to read arbitrary files via certain XML External Entities XXE fields in an HTTP POST request that is processed by the SimpleFileHandler handler...