3282 matches found
alex heiphetz Group eZshopper 2.03.0 - Directory Traversal
alex heiphetz Group eZshopper 2.03.0 - Directory Traversal source: https://www.securityfocus.com/bid/2109/info It is possible for a remote user to gain read access to various files that reside within the EZShopper directory. By requesting a specially crafted URL utilizing loadpage.cgi' applicatio...
Apache 1.3 + PHP 3 - File Disclosure
source: https://www.securityfocus.com/bid/2060/info Apache Web Server is subject to disclose files to unauthorized users when used in conjunction with the PHP3 script language. By requesting a specially crafted URL by way of php, it is possible for a remote user to gain read access to a known fil...
Inktomi Search Software 3.0 - Source Disclosure
Inktomi Search Software 3.0 - Source Disclosure source: https://www.securityfocus.com/bid/2061/info A vulnerability exists in version 3.0 of Ultrseek server aka Inktomi Search. Due to a failure to properly validate user-supplied input, URLs submitted by a remote user of the form:...
Cat Soft Serv-U FTP Server 2.4/2.5 - FTP Directory Traversal
source: https://www.securityfocus.com/bid/2052/info FTP Serv-U is an internet FTP server from CatSoft. Authenticated users can gain access to the ftproot of the drive where Serv-U FTP has been installed. Users that have read, write, execute and list access in the home directory will have the same...
anaconda Foundation 1.4 1.9 - Directory Traversal
anaconda Foundation 1.4 1.9 - Directory Traversal source: https://www.securityfocus.com/bid/2338/info A vulnerability exists in Anaconda Foundation Directory which allows a remote user to traverse the filesystem of a target computer. This may lead to the disclosure of file and directory contents...
anaconda Foundation 1.4 < 1.9 - Directory Traversal
source: https://www.securityfocus.com/bid/2338/info A vulnerability exists in Anaconda Foundation Directory which allows a remote user to traverse the filesystem of a target computer. This may lead to the disclosure of file and directory contents. Arbitrary files can be accessed through the use o...
SLA-16.MasterIndex.txt
Synnergy Laboratories Advisory SLA-2000-16 NAME Master Index directory traversal vulnerability AFFECTED Linux/UNIX with Master Index SYNOPSIS Synnergy Labs has found a flaw within Master Index that allows a user to successfully traverse the filesystem on a remote host, allowing arbitary...
SmartWin CyberOffice Shopping Cart 2.0 - Client Information Disclosure
source: https://www.securityfocus.com/bid/1734/info Smartwin Technology CyberOffice Shopping Cart is a shopping cart application for e-commerce enabled websites running Windows NT 4.0 or 2000. It is possible for a remote user to gain read access to the private directory on a website running...
nathan purciful phpphotoalbum 0.9.9 - Directory Traversal
source: https://www.securityfocus.com/bid/1650/info The explorer.php script within phpPhotoAlbum 0.9.9 and possibly previous versions are vulnerable to directory traversal. By requesting a URL composed of explorer.php and the ../ string in the value of the "folder" variable it is possible for a...
GWScripts News Publisher 1.0 - author.file Write
GWScripts News Publisher 1.0 - author.file Write source: https://www.securityfocus.com/bid/1621/info It is possible for a remote user to add an author to the author index author.file in GWScripts News Publisher, a web news publisher. This can be done by requesting the following raw HTTP request...
GWScripts News Publisher 1.0 - 'author.file' Write
source: https://www.securityfocus.com/bid/1621/info It is possible for a remote user to add an author to the author index author.file in GWScripts News Publisher, a web news publisher. This can be done by requesting the following raw HTTP request using any arbitrary username and password: POST...
Subscribe Me Vulnerability
Product: Subscribe Me Versions: ALL version numbers LITE only OS: Unix and Winnt Vendor: Notified, http://www.cgiscriptcenter.com/ The Problem: Yet again the script allows a remote user to overwrite the Admin Passwd file with any password they see fit. Therefore giving them Admin access to the...
Account Manager CGI Vulnerability
Product: Account Manager Versions: ALL including LITE and PRO haven't been able to test ENTERPRISE OS: Unix and Winnt Vendor: Notified, http://www.cgiscriptcenter.com/ The Problem: The Script allows any remote user access to the Administration Control Panel through overwriting the Admin Password...
CGI Script Center Subscribe Me Lite 2.0 - Administrative Password Alteration (1)
CGI Script Center Subscribe Me Lite 2.0 - Administrative Password Alteration 1 source: https://www.securityfocus.com/bid/1607/info Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Subscribe Me Lite. This would grant the user full...
CGI Script Center Subscribe Me Lite 2.0 - Administrative Password Alteration (2)
CGI Script Center Subscribe Me Lite 2.0 - Administrative Password Alteration 2 source: https://www.securityfocus.com/bid/1607/info Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Subscribe Me Lite. This would grant the user full...
CGI Script Center Account Manager 1.0 LITE PRO - Administrative Password Alteration (2)
CGI Script Center Account Manager 1.0 LITE PRO - Administrative Password Alteration 2 source: https://www.securityfocus.com/bid/1604/info Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Account Manager. In order to accomplish this, a...
CGI Script Center Subscribe Me Lite 2.0 - Administrative Password Alteration (2)
source: https://www.securityfocus.com/bid/1607/info Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Subscribe Me Lite. This would grant the user full administrative privileges which includes addition or removal of users from mailing...
CGI Script Center Account Manager 1.0 LITE / PRO - Administrative Password Alteration (2)
source: https://www.securityfocus.com/bid/1604/info Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Account Manager. In order to accomplish this, a user would access the following URL with a POST command:...
netwin netauth 4.2 - Directory Traversal
netwin netauth 4.2 - Directory Traversal source: https://www.securityfocus.com/bid/1587/info A remote user is capable of gaining read access to any known file residing on a host running Netwin Netauth through directory traversal. Appending a series of '../' and the desired file name to the 'page'...
Conectiva 4.x5.x RedHat 6.x - pam_console Remote User
Conectiva 4.x5.x RedHat 6.x - pamconsole Remote User source: https://www.securityfocus.com/bid/1513/info There is a vulnerability in the Linux pamconsole module that could allow an attacker to remotely reboot the workstation or perform other actions limited to local users. If a workstation is...