2081 matches found
Oracle Application Server 9i Webcache - Arbitrary File Corruption
source: https://www.securityfocus.com/bid/13420/info Oracle Application Server 9i Webcache is prone to an arbitrary file corruption vulnerability. The issue exists becaue dangerous characters are not removed from a certain parameter value, allowing an attacker to construct a URI that contains an...
CVE-2004-1223
The Management Agent in F-Secure Policy Manager 5.11.2810 allows remote attackers to gain sensitive information, such as the absolute path for the web server, via an HTTP request to fsmsh.dll without any parameters...
CVE-2004-0342
WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service crash via a 1 MKD or 2 XMKD command that causes an absolute path of 260 characters to be used, which overwrites a cookie with a null character, possibly due to an off-by-one err...
DEBIAN-CVE-2004-0180
The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405...
CVS directory traversal
Server can send absolute path to client...
CVE-2003-1463
Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 through 2.0.2 allows remote attackers with administrator privileges to 1 determine the installation path by reading the contents of the Name parameter in a link, and 2 read arbitrary files via an absolute path in the Name...
TCLhttpd 3.4.2 - Directory Listing Disclosure
source: https://www.securityfocus.com/bid/8687/info It has been reported that a vulnerability present in TCLHttpd allows for attackers to view the contents of arbitrary directories on affected web servers. According to the report, the input validation implemented to protect against this is...
Microsoft Internet Explorer - Object Tag (MS03-020)
!/usr/bin/perl Proof of concept exploit on IE 5.x - 6.x by Alumni IE-Object longtype dynamic call oferflow url:// the flaw actually exists in URLMON.DLL when converting backslashes to wide char, this can be seen on stack dump near '&CLSID=AAA...2F2F...'. To exploit: i start server perl script; ii...
Multiple bonsai bugs
Remote execution of arbitrary commands as www-data, absolute path disclosure, cross site scriptiong attacks, unauthenticated access to parameters page...
CVE-2002-0446
categorie.php3 in Black Tie Project BTP 0.4b through 0.5b allows remote attackers to determine the absolute path of the web server via an invalid category ID cid parameter, which leaks the pathname in an error message...
CVE-2002-0524
The CVE-2002-0524 entry affects ASP-Nuke RC2 and earlier . The vulnerability arises from error messages that disclose the server’s absolute path when attackers trigger two conditions: (1) calling database-inc.asp with incorrect cookies, or (2) calling Post.asp with certain arguments. This results...
CVE-2002-0524
ASP-Nuke RC2 and earlier allows remote attackers to determine the absolute path of the server by 1 calling database-inc.asp with incorrect cookies, or 2 calling Post.asp with certain arguments, which leak the pathname in an error message...
CVE-2001-1023
Xcache 2.1 allows remote attackers to determine the absolute path of web server documents by requesting a URL that is not cached by Xcache, which returns the full pathname in the Content-PageName header...
Обратный путь в директориях и абсолютные пути в nudester (directory traversal, absolute path)
No description provided...
Jakarta Tomcat 3.x/4.0 - Error Message Information Disclosure
source: https://www.securityfocus.com/bid/3199/info When a malformed request is made for a Java Server Page the server displays an error page. The error page contains potentially sensitive information, along with the absolute path of the JSP file on the webserver, which may aid in further attacks...
Jakarta Tomcat 3.x4.0 - Error Message Information Disclosure
Jakarta Tomcat 3.x4.0 - Error Message Information Disclosure source: https://www.securityfocus.com/bid/3199/info When a malformed request is made for a Java Server Page the server displays an error page. The error page contains potentially sensitive information, along with the absolute path of th...
Дырки в BestCrypt (non-absolute path, buffer overflow)
При вызове внешнего приложения с повышенными привилегиями используется не абсолютный путь, Кроме того имеются переполнения буфера...
CVE-2000-1240
Unspecified vulnerability in siteman.php3 in AnyPortalphp before 22 APR 00 allows remote attackers to obtain sensitive information via unknown attack vectors, which reveal the absolute path. NOTE: the provenance of this information is unknown; the details are obtained from third party information...
Дырка в htgrep
Используя абсолютный путь можно получить доступ к любому файлу...
CVE-1999-0882
The Falcon web server is affected by CVE-1999-0882: remote attackers can determine the absolute path of the web root by exploiting long file names, revealing an information disclosure issue in path handling. Affected product: Falcon web server (exact versions not specified in the provided documen...