483 matches found
CVE-2013-0080
Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Callback Function Vulnerability."...
JGroups diagnostics service enabled by default with no authentication when a JGroups channel is started
JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a...
CVE-2011-5127
Directory traversal vulnerability in Blue Coat Reporter 9.x before 9.2.4.13, 9.2.5.x before 9.2.5.1, and 9.3 before 9.3.1.2 on Windows allows remote attackers to read arbitrary files, and consequently execute arbitrary code, via an unspecified HTTP request...
jakarta-commons-daemon: jsvc does not drop capabilities allowing access to files and directories owned by the superuser
native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for...
PHP-NUKE Remote read config Vulnerability
Exploit for php platform in category web applications Exploit Title:PHP-NUKE remote read config Vulnerability Date: 6/6/2011 Author: Angel Injection home Page: http://www.club-h.co.cc Email: Angel-Injectionathotmail.com Vendor or Software Link:http://phpnuke.org Version: n/a Category:: webapps...
CVE-2011-1647
The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote attackers to read the private key for the admin SSL certificate via unspecified...
CVE-2011-1673
BackupConfig.php on the NetGear ProSafe WNAP210 allows remote attackers to obtain the administrator password by reading the configuration file...
Kleeja Upload Script remote read config Vulnerability
Exploit for php platform in category web applications ===================================================== Kleeja Upload Script remote read config Vulnerability ===================================================== + Author : ali.erroor Contact : email protected HomePage :...
libpng: Interlaced Images Information Disclosure Vulnerability
libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in t...
UBUNTU-CVE-2009-2166
Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter...
tomcat Unicode directory traversal vulnerability
Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than...
DEBIAN-CVE-2008-1270
moduserdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the nobody directory...
chrome: directory traversal
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing sessio...
security flaw
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs...
tomcat directory traversal
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules modproxy, modrewrite, modjk, allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 "/" slash, 2 "" backslash, and...
webMethods Security Advisory: Glue console directory traversal vu lnerability
======================================================================== webMethods Security Advisory Glue console directory traversal vulnerability Announced: 2007-04-17 Affects: webMethods Glue 4.x, 5.x, 6.x Severity: High I. Description On April 11 2007, Patrick Webster reported a vulnerabilit...
CVE-2007-2036
The SNMP implementation in the Cisco Wireless LAN Controller WLC before 20070419 uses the default read-only community public, and the default read-write community private, which allows remote attackers to read and modify SNMP variables, aka Bug ID CSCse02384...
PT-2005-3723 · Microsoft +1 · Windows +3
Name of the Vulnerable Software and Affected Versions: Rediff Bol version 7.0 Description: The issue allows remote attackers to read the Windows Address Book. This is achieved via the FullAddressBook method of the Fetch.FetchContact.1 ActiveX control, which is part of the Fetch.dll component...
security flaw
The findreplen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method...
security flaw
The default servlet org.apache.catalina.servlets.DefaultServlet in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet...