e-Vision CMS <= 2.0.2 - Multiple Local File Inclusion Exploit

No description provided by source. ?php errorreporting0; inisetdefaultsockettimeout,5; / e-Vision = 2.0.2 Multiple Local File Inclusion Exploit ------------------------------------------------------- by athos - download http://sourceforge.net ------------------------------------------------------...

University of Washington Pico 3.x/4.x File Overwrite Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2097/info A vulnerability exists in several versions of University of Washington's Pico, a widely-distributed text editor shipped with most versions of Linux / Unix. Under very specific circumstances, it is possible to...

RobTex Viking Server 1.0.7 Relative Path Webroot Escaping Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2643/info The Viking Server is a freely available software package maintained and distributed by Robtex. The Viking Server provides multiple protocol service on Windows 95, 98, and NT systems. A problem in the software...

GTK+ 1.2.8 Arbitrary Loadable Module Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2165/info GTK+ is the Gimp Toolkit, freely available to the public and maintained by the GTK Development Team. A problem exists in the Gimp Toolkit that could allow a user elevated privileges. The problem occurs in the...

Sitebuilder 1.4 'sitebuilder.cgi' Directory Traversal File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8521/info Sitebuilder is said to be prone to a directory traversal vulnerability, potentially allowing users to disclose the contents of system files. The problem occurs due to the application failing to parse user-suppli...

IBM Director < 5.10 (Redirect.bat) Directory Transversal Vulnerability

No description provided by source. There is a vulnerability within the Redirect.bat file on a ibm director cgi which allows a directory transversal to take place which in turn exposes most files on the system to be read without authorization...

Adobe ColdFusion <=8.0 - Directory Traversal Vulnerability (CVE-2010-2861)

Adobe ColdFusion =8.0 http://server/CFIDE/administrator/enter.cfm?locale=../../../../../../../../../../ColdFusion8/lib/password.properties%00en server替换成目标网站即可 Update:2017-04-28 This blog was written by Scott White, Senior Principal Security Consultant, Web Application Team Lead – TrustedSec TL;D...

Fool's Workshop Owl's Workshop 1.0 glossaries/index.php file Parameter Arbitrary File Access

No description provided by source. source: http://www.securityfocus.com/bid/9689/info Owl's Workshop is reported prone to multiple remote file-disclosure vulnerabilities because the application fails to validate user-supplied input passed via a URI parameter. Upon successful exploitation of these...

MTools 3.9.x MFormat Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9746/info It has been reported that mformat is prone to a privilege escalation vulnerability when installed as a setUID application. This issue is due to a design error allowing a user to create any arbitrary files as the...

Drummond Miles A1Stats 1.0 a1disp2.cgi Traversal Arbitrary File Read

No description provided by source. source: http://www.securityfocus.com/bid/2705/info A1Stats is a CGI product by Drummon Miles used to report on a website's visitor traffic. Versions of this product fail to properly validate user-supplied input submitted as querystrings to the A1Stats script. An...

TFTPD32 2.50 Arbitrary File Download/Upload Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6198/info A vulnerability has been discovered in Tftpd32 which allows a remote attacker to download and upload arbitrary system files. The ability to upload system files may allow an attacker to replaced key system files...

SuSE 6.x/7.0 MkDir Error Handling rctab Race Condition Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/2207/info rctab is the Run Control Tab script included with the SuSE distribution of the Linux Operating System. SuSE is a freely available, Open Source Operating system maintained by SuSE Incorporated. A race condition i...

ShopCartCGI 2.3 gotopage.cgi Traversal Arbitrary File Access

No description provided by source. source: http://www.securityfocus.com/bid/9670/info It has been reported that ShopcartCGI is prone to a remote file disclosure vulnerability. This issue is due to insufficient validation of user-supplied input. Upon successful exploitation of this issue an attack...

Fool's Workshop Owl's Workshop 1.0 multiplechoice/index.php Arbitrary File Access

No description provided by source. source: http://www.securityfocus.com/bid/9689/info Owl's Workshop is reported prone to multiple remote file-disclosure vulnerabilities because the application fails to validate user-supplied input passed via a URI parameter. Upon successful exploitation of these...

Fool's Workshop Owl's Workshop 1.0 readings/index.php Arbitrary File Access

No description provided by source. source: http://www.securityfocus.com/bid/9689/info Owl's Workshop is reported prone to multiple remote file-disclosure vulnerabilities because the application fails to validate user-supplied input passed via a URI parameter. Upon successful exploitation of these...

Fool's Workshop Owl's Workshop 1.0 glossary.php Arbitrary File Access

No description provided by source. source: http://www.securityfocus.com/bid/9689/info Owl's Workshop is reported prone to multiple remote file-disclosure vulnerabilities because the application fails to validate user-supplied input passed via a URI parameter. Upon successful exploitation of these...

Fool's Workshop Owl's Workshop 1.0 newmultiplechoice.php Arbitrary File Access

No description provided by source. source: http://www.securityfocus.com/bid/9689/info Owl's Workshop is reported prone to multiple remote file-disclosure vulnerabilities because the application fails to validate user-supplied input passed via a URI parameter. Upon successful exploitation of these...

Lotus Domino Server 5.0.x Directory Traversal Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/2173/info It is possible for a remote user to gain access to any known file residing on the Lotus Domino Server 5.0.6 and previous. A specially crafted HTTP request comprised of '.nsf' and '../' along with the known...

Sun StarOffice 5.1 Arbitrary File Read Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1040/info StarOffice is a desktop office suite offered by Sun Microsystems. StarScheduler is a groupware server that ships with StarOffice and includes a webserver that runs as root by default. When a request it sent to a...

Alt-N WebAdmin 2.0.x Remote File Viewing Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7438/info Alt-N WebAdmin allows a remote user to access files that they should not be able to access. The remote user can submit an HTTP request that will return the contents of any webserver-readable file on the system...