JVN#20452446 Shopping Basket Pro directory traversal vulnerability

Shopping Basket Pro from CGI RESCUE is shopping cart software. A directory traversal vulnerability exists in Shopping Basket Pro. Impact A remote attacker could obtain a list of the file and directory names on the server where Shopping Basket Pro is installed. Solution Update the Software Apply t...

LoveCMS 1.4 - load Traversal Arbitrary File Access

LoveCMS 1.4 - load Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/22675/info LoveCMS is prone to multiple input-validation vulnerabilities, including an arbitrary-file-upload issue, a remote file-include issue, a local file-include issue, and a cross-site scripting issu...

JVN#73368472: ServerView directory traversal vulnerability

Impact A remote attacker could view particular files on the server. Solution Products Affected ServerView V2.50 - V3.60L98 ServerView V4.10L11 - V4.11L81...

SAXoPRESS - directory traversal

SAXoPRESS is a content management system, mainly used for news publishing. A vulnerability exists in SAXoPRESS, which allows malicious users to read the contents of files on the server, and possibly execute arbitrary commands. Example exploit:...

ToendaCMS 0.6.1 - admin.php Directory Traversal

ToendaCMS 0.6.1 - admin.php Directory Traversal source: https://www.securityfocus.com/bid/15348/info toendaCMS is reported prone to a directory traversal vulnerability. It is demonstrated that this issue may be leveraged to disclose the contents of arbitrary web-server readable files. A remote...

Default Novonyx Web Server Files

Novell Netware default Novonyx web server files. A default installation of Novell 5.x will install the Novonyx web server. Numerous web server files included with this installation could reveal system information. OpenVAS Vulnerability Test $Id: novellnovonyxdefaultfiles.nasl 8023 2017-12-07...

PHPix directory traversal vulnerability

PHPix program allows an attacker to read arbitrary files on the remote web server, prefixing the pathname of the file with ..%2F..%2F.. Example: GET /Album/?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0 will return all the files that are nested within /etc...

RaidenHTTPD 1.1.27 - Remote File Disclosure

source: https://www.securityfocus.com/bid/12451/info RaidenHTTPD is reported prone to a remote file disclosure vulnerability. It is reported that the service does not correctly handle requests for restricted files that reside outside of the web document root folder. A remote attacker may exploit...

ID Software Quake II Server 3.2 - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/11551/info Multiple remote vulnerabilities have been reported to affect Quake II. These issues are due to boundary condition checking failures, access validation failures and failures to handle exceptional conditions. An attacker may leverage these issues...

LinuxStat 2.x - Directory Traversal

source: https://www.securityfocus.com/bid/11517/info It is reported that LinuxStat is vulnerable to a directory traversal vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input. By including '../' directory traversal sequences in the affected URI...

Niti Telecom Caravan Business Server 2.00-03D - Directory Traversal

source: https://www.securityfocus.com/bid/9555/info The showcode.asp script activated in Sampleshowcode.html may be vulnerable to a directory traversal issue. A remote attacker may view any files readable by the web server using '../' escape sequences in URI requests...

JBrowser 1.0/2.x - 'browser.php' Directory Traversal

source: https://www.securityfocus.com/bid/9535/info JBrowser has been reported to be vulnerable to directory traversal vulnerability that may allow a remote attacker to gain access to files readable by the web-server that reside outside of the server root directory. This issue is caused by...

Webfroot Shoutbox 2.32 - URI File Disclosure

Webfroot Shoutbox 2.32 - URI File Disclosure source: https://www.securityfocus.com/bid/7737/info Shoutbox is prone to directory traversal attacks. The vulnerability exists due to insufficient sanitization of user-supplied values to URI parameters. An attacker can exploit this vulnerability by...

W-Agora 4.1.6 - modules.php?File Traversal Arbitrary File Access

W-Agora 4.1.6 - modules.php?File Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/6595/info A file disclosure vulnerability has been reported for W-Agora. It has been reported that W-Agora does not adequately sanitize some user-supplied input. An attacker can construct a...

W-Agora 4.1.6 - 'index.php?bn' Traversal Arbitrary File Access

source: https://www.securityfocus.com/bid/6595/info A file disclosure vulnerability has been reported for W-Agora. It has been reported that W-Agora does not adequately sanitize some user-supplied input. An attacker can construct a URL consisting of dot-dot-slash ../ character sequences to obtain...

EZ Systems HTTPBench 1.1 - Information Disclosure

EZ Systems HTTPBench 1.1 - Information Disclosure source: https://www.securityfocus.com/bid/6153/info An information disclosure vulnerability has been reported for httpbench. Reportedly, httpbench may disclose the contents of web server readable files to remote attackers. Information obtained in...

EZ Systems HTTPBench 1.1 - Information Disclosure

source: https://www.securityfocus.com/bid/6153/info An information disclosure vulnerability has been reported for httpbench. Reportedly, httpbench may disclose the contents of web server readable files to remote attackers. Information obtained in this manner may be used to launch further,...

Critical Path InJoin Directory Server 4.0 - File Disclosure

source: https://www.securityfocus.com/bid/4718/info Critical Path provides an LDAP Lightweight Directory Access Protocol Directory Server called InJoin. InJoin Directory Server is provided for Microsoft Windows operating systems and Unix variants. iCon is the administrative web interface for the...

BSCW symlink vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 BSCW Security Issues Vulnerability Type The BSCW software follows symlinks. Effect malicious user can read every file on system that BSCW UID can read. Software affected BSCW3.x only on ix systems Severity medium risk / high risk Solution install...

iXsecurity.20010618.policy_director.a

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iXsecurity Security Vulnerability Report No: iXsecurity.20010618.policydirector.a ========================================= Vulnerability Summary - ------------------- Problem: Web Seal Policy director does not handle URLs in hex code correct. It is...