676 matches found
CVE-2001-0626
O'Reilly Website Professional 2.5.4 and earlier allows remote attackers to determine the physical path to the root directory via a URL request containing a ":" character...
1C: Arcadia Internet Store 1.0 - Arbitrary File Disclosure
1C: Arcadia Internet Store 1.0 - Arbitrary File Disclosure source: https://www.securityfocus.com/bid/2902/info 1C: Arcadia Internet Store is a online shopping utility for Microsoft Windows NT/2000 that is fully integratable with 1C: Enterprise, another popular Russian web-commerce utility. One of...
Дырка в clean-tmps в FreeBSD
Можно удалить любые файлы в корневом каталоге...
4.3 Security: local DoS via clean-tmps
Tested in 4.3-RELEASE only: If /etc/periodic/daily/clean-tmps is enabled, then it's possible for any local user to trick it into calling unlink or rmdir on anything in the root directory. The problem is that "find -delete" can be made to do chdir".." multiple times followed by unlink and/or rmdir...
CVE-2001-0749
Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to read arbitrary files via a webserver root directory set to system root...
Faststream FTP++ Client 2 Beta 11 (build in server) Vulnerability
Faststram FTP built in server responds with the real path of directory instead of a virtual one.It is possible to get files outside of root.dir. e:crap was used as root directory 1. directory path 230 User anonymous logged in. ftp pwd 257 "/E:/crap/" is current directory. 2. getting files from...
Brightstation Muscat 1.0 - Full Path Disclosure
Brightstation Muscat 1.0 - Full Path Disclosure source: https://www.securityfocus.com/bid/2374/info Making an invalid request to a machine running Brightstation Muscat, will disclose the physical path to the root directory. http://target/cgi-bin/empower?DB=UkRteamHole...
Brightstation Muscat 1.0 - Full Path Disclosure
source: https://www.securityfocus.com/bid/2374/info Making an invalid request to a machine running Brightstation Muscat, will disclose the physical path to the root directory. http://target/cgi-bin/empower?DB=UkRteamHole http://target/cgi-bin/empower?DB=UkRteamHole...
ManTrap 1.6.1 - Root Directory Inode Disclosure
/ source: https://www.securityfocus.com/bid/1909/info ManTrap is a "honeypot" intrusion detection system designed to lure attackers into it for analysis. The honeypot is implemented as a chroot'ed Solaris environment, designed to look and feel real to an attacker who gains access to it. Chroot...
Armada Design Master Index 1.0 - Directory Traversal
source: https://www.securityfocus.com/bid/1772/info Master Index is a commercially supported search engine. Certain versions of this software ship with a path traversal vulnerability. This is to say that a remote user may 'back out' .../ of the web root directory and view/download any file which...
IBM HTTP SERVER / APACHE
I haven't seen any advisories for IBM HTTP SERVER running Apache. There is a crucial number of "/" forward slash you can use to retrieve the contents of the root directory of this particular Web Server. Using this vulnerability, you can retrieve any files or scripts running from that directory an...
SuSE Linux 6.x - Arbitrary File Deletion
source: https://www.securityfocus.com/bid/1130/info A vulnerability exists in SuSE Linux, version 6.3 and prior, that can allow arbitrary users to delete any file on the system. If the MAXDAYSINTMP variable is set in /etc/rc.config to be larger than 0, any local user can remove any file on the...
Anonymous FTP Writable root Directory
It is possible to write on the root directory of the remote anonymous FTP server. This allows an attacker to upload arbitrary files which can be used in other attacks, or to turn the FTP server into a software distribution point. TRUSTED...
Netscape FastTrack Server 3.0.1 - Fasttrack Root Directory Listing
source: https://www.securityfocus.com/bid/481/info Netscape's Fasttrack server is supposed to display a directory listing if the follwing three conditions are met: 1: Directory listing is enabled 2: No filename is specified in the requested URL 3: There is no index file in that directory defaults...
Microsoft IIS (Windows NT 4.0SP1SP2SP3SP4SP5) - .IDC Path Mapping
Microsoft IIS Windows NT 4.0SP1SP2SP3SP4SP5 - .IDC Path Mapping source: https://www.securityfocus.com/bid/299/info The full physical path name for the IIS web server root directory may be obtained by attempting to view a non-existent .IDC file. The web server will return an error message that lis...
PT-1999-1187 · Undefined · Undefined
Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The NFS exports system-critical data to the world, including sensitive directories like the root directory / or a password file. Recommendations: At the moment, there is no information...