Unspecified Local File Containment Vulnerability in Movable Type

Movable Type is a WEB-based weblog system. Movable Type suffers from an unspecified local file inclusion vulnerability that allows an attacker to view the contents of system files with WEB privileges...

Pigz directory traversal vulnerability

pigz is a compression processing tool. A directory traversal vulnerability exists in pigz that allows remote attackers to construct malicious files and trick users into parsing them, which can overwrite system directory files...

GNU patch directory traversal vulnerability

The GNU Coreutils are the basic file, shell and text manipulation tools used by the GNU operating system. GNU patch suffers from a directory traversal vulnerability due to the program failing to properly handle file input. This allows an attacker to conduct a directory traversal attack to overwri...

miniunzip 'minizip.c' Directory Traversal Vulnerability

miniunzip is a decompression program. A directory traversal vulnerability exists in miniunzip 'minizip.c' when processing compressed files, allowing an attacker to exploit the vulnerability to overwrite system files...

SysAid Server - Arbitrary File Disclosure

Vantage Point Security Advisory 2014-004 ======================================== Title: SysAid Server Arbitrary File Disclosure ID: VP-2014-004 Vendor: SysAid Affected Product: SysAid On-Premise Affected Versions: Summary: --- SysAid Server is vulnerable to an unauthenticated file disclosure...

ECStore开源网店系统任意文件读取漏洞

简要描述： 后台模板编辑功能可越权查看系统文件 详细说明： file参数对../未做过滤，导致可以跨目录读取文件 测试url：http://shop.xxx.com/index.php/shopadmin/index.php?app=site&ctl=adminthemewidget&act=preview&theme=ecstore&file=../../../../../etc/passwd 漏洞证明：...

ManageEngine OpUtils ConfigSaveServlet saveFile Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose files on vulnerable installations of ManageEngine OpUtils. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the ConfigSaveServlet servlet. The issue lies in the failure to properly...

Dell EqualLogic Storage - Directory Traversal

No description provided by source. Exploit Title: Remote Directory Traversal exploit for Dell EqualLogic 6.0 Storage Date: 09/2013 Exploit Author: Mauricio Pampim Corr�a Vendor Homepage: www.dell.com Version: 6.0 Tested on: Equipment Model Dell EqualLogic PS4000 CVE : CVE-2013-3304 The malicious...

F5 BIG-IP 10.1.0 - Directory Traversal

F5 BIG-IP 10.1.0 - Directory Traversal +------------------------------------------------------+ + F5 BIG-IP 10.1.0 - Directory Traversal Vulnerability + +------------------------------------------------------+ Affected Product : F5 BIG-IP Vendor Homepage : http://www.f5.com/ Version : 10.1.0...

Enalean Tuleap 7.2 - XML External Entity File Disclosure

Vulnerability title: Tuleap = 7.2 External XML Entity Injection in Enalean Tuleap CVE: CVE-2014-7177 Vendor: Enalean Product: Tuleap Affected version: 7.2 and earlier Fixed version: 7.4.99.5 Reported by: Jerzy Kramarz Details: A multiple XML External Entity Injection has been found and confirmed...

Windows System Files Information Disclosure

Windows operating systems contain system files with sensitive information. If not properly configured, remote attackers can view the information on such files...

Internet Bug Bounty: external entity expansion in Apache POI

hi, i found and reported XXE in greenhouse.io and it turns out it is XXE in Apache POI : this vulnerability allows me to read system files and do other dangerous stuff. they reported it to Apache POI and they fixed it:...

PlatinumFTPServer 1.0.6 Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6492/info It has been reported that PlatinumFTPserver fails to properly sanitize some FTP commands. By sending a malicious request to the vulnerable server, using directory traversal sequences, it is possible for a remote...

Phorum 3.0.7 auth.php3 Backdoor Vulnerabililty

No description provided by source. source: http://www.securityfocus.com/bid/2274/info Phorum is a freely available, open source, popular WWW Board written by Brian Moon. It is designed to enhance the services offered on a web page, allow users to interact with one another through bulletin board...

KDE KTVision 0.1 File Overwrite Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2913/info KTVision works with frame-grabber cards and KDE Unix K Desktop Environment to support TV video display on the PC screen. KTVision is vulnerable to symbolic link attacks. It is possible for an attacker to...

Sun Solaris 2.5/2.6/7.0/8/9 AT Command Arbitrary File Deletion Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6692//info The at utility shipped with Sun Solaris may be prone to an issue which may allow attackers to delete arbitrary files on the system. The vulnerability occurs when using at with the '-r' option. This option is us...

Fool's Workshop Owl's Workshop 1.0 resultsignore.php Arbitrary File Access

No description provided by source. source: http://www.securityfocus.com/bid/9689/info Owl's Workshop is reported prone to multiple remote file-disclosure vulnerabilities because the application fails to validate user-supplied input passed via a URI parameter. Upon successful exploitation of these...

QNAP Turbo NAS TS-1279U-RP Multiple Path Injection

No description provided by source. Exploit Title: QNAP Turbo NAS Multiple Path Injection Date: 2012-09-04 Exploit Author: Andrea Fabrizi Vendor Homepage: http://www.qnap.com/ Version: = 3.7.3 build 20120801 Tested on: QNAP TS-1279U-RP This vulnerability has been discovered on QNAP TS-1279U-RP, bu...

xinkaa web station 1.0.3 - Directory Traversal vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12606/info A vulnerability has been identified in the handling of certain types of requests by Xinkaa WEB Station. Because of this, it is possible for an attacker to gain access to potentially sensitive system files. Read...

ARCservIT 6.61/6.63 Client asagent.tmp Arbitrary File Overwrite Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2741/info ARCservIT from Computer Associates contains a vulnerability which may allow malicious local users to overwrite arbitrary files. When it runs for the first time, 'asagent', opens and truncates it if it exists a...