Lucene search
+L

2081 matches found

exploitdb
exploitdb
added 2005/04/28 12:0 a.m.23 views

Oracle Application Server 9i Webcache - Arbitrary File Corruption

source: https://www.securityfocus.com/bid/13420/info Oracle Application Server 9i Webcache is prone to an arbitrary file corruption vulnerability. The issue exists becaue dangerous characters are not removed from a certain parameter value, allowing an attacker to construct a URI that contains an...

7.4AI score
Exploits0
cvelist
cvelist
added 2004/12/15 5:0 a.m.18 views

CVE-2004-1223

The Management Agent in F-Secure Policy Manager 5.11.2810 allows remote attackers to gain sensitive information, such as the absolute path for the web server, via an HTTP request to fsmsh.dll without any parameters...

6.9AI score0.0294EPSS
Exploits1References4
nvd
nvd
added 2004/11/23 5:0 a.m.12 views

CVE-2004-0342

WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service crash via a 1 MKD or 2 XMKD command that causes an absolute path of 260 characters to be used, which overwrites a cookie with a null character, possibly due to an off-by-one err...

5.5CVSS5.6AI score0.00445EPSS
Exploits1References5
osv
osv
added 2004/06/01 4:0 a.m.3 views

DEBIAN-CVE-2004-0180

The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405...

2.6CVSS6.9AI score0.01832EPSS
Exploits0References1
securityvulns
securityvulns
added 2004/04/15 12:0 a.m.35 views

CVS directory traversal

Server can send absolute path to client...

3.3AI score
Exploits0References1Affected Software1
nvd
nvd
added 2003/12/31 5:0 a.m.16 views

CVE-2003-1463

Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 through 2.0.2 allows remote attackers with administrator privileges to 1 determine the installation path by reading the contents of the Name parameter in a link, and 2 read arbitrary files via an absolute path in the Name...

3.5CVSS6.7AI score0.02048EPSS
Exploits0References6
exploitdb
exploitdb
added 2003/09/24 12:0 a.m.25 views

TCLhttpd 3.4.2 - Directory Listing Disclosure

source: https://www.securityfocus.com/bid/8687/info It has been reported that a vulnerability present in TCLHttpd allows for attackers to view the contents of arbitrary directories on affected web servers. According to the report, the input validation implemented to protect against this is...

7AI score
Exploits0
exploitdb
exploitdb
added 2003/06/07 12:0 a.m.59 views

Microsoft Internet Explorer - Object Tag (MS03-020)

!/usr/bin/perl Proof of concept exploit on IE 5.x - 6.x by Alumni IE-Object longtype dynamic call oferflow url:// the flaw actually exists in URLMON.DLL when converting backslashes to wide char, this can be seen on stack dump near '&CLSID=AAA...2F2F...'. To exploit: i start server perl script; ii...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2003/03/21 12:0 a.m.28 views

Multiple bonsai bugs

Remote execution of arbitrary commands as www-data, absolute path disclosure, cross site scriptiong attacks, unauthenticated access to parameters page...

5.4AI score
Exploits0References1Affected Software1
nvd
nvd
added 2002/07/26 4:0 a.m.13 views

CVE-2002-0446

categorie.php3 in Black Tie Project BTP 0.4b through 0.5b allows remote attackers to determine the absolute path of the web server via an invalid category ID cid parameter, which leaks the pathname in an error message...

5CVSS6.7AI score0.02596EPSS
Exploits1References3
cve
cve
added 2002/06/11 4:0 a.m.42 views

CVE-2002-0524

The CVE-2002-0524 entry affects ASP-Nuke RC2 and earlier . The vulnerability arises from error messages that disclose the server’s absolute path when attackers trigger two conditions: (1) calling database-inc.asp with incorrect cookies, or (2) calling Post.asp with certain arguments. This results...

5CVSS7.1AI score0.01884EPSS
Exploits0References5Affected Software1
cvelist
cvelist
added 2002/06/11 4:0 a.m.16 views

CVE-2002-0524

ASP-Nuke RC2 and earlier allows remote attackers to determine the absolute path of the server by 1 calling database-inc.asp with incorrect cookies, or 2 calling Post.asp with certain arguments, which leak the pathname in an error message...

6.7AI score0.01884EPSS
Exploits0References5
cvelist
cvelist
added 2002/02/02 5:0 a.m.19 views

CVE-2001-1023

Xcache 2.1 allows remote attackers to determine the absolute path of web server documents by requesting a URL that is not cached by Xcache, which returns the full pathname in the Content-PageName header...

6.6AI score0.01522EPSS
Exploits0References3
securityvulns
securityvulns
added 2001/08/17 12:0 a.m.46 views

Обратный путь в директориях и абсолютные пути в nudester (directory traversal, absolute path)

No description provided...

2.1AI score
Exploits0References1Affected Software1
exploitdb
exploitdb
added 2001/08/16 12:0 a.m.31 views

Jakarta Tomcat 3.x/4.0 - Error Message Information Disclosure

source: https://www.securityfocus.com/bid/3199/info When a malformed request is made for a Java Server Page the server displays an error page. The error page contains potentially sensitive information, along with the absolute path of the JSP file on the webserver, which may aid in further attacks...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2001/08/16 12:0 a.m.11 views

Jakarta Tomcat 3.x4.0 - Error Message Information Disclosure

Jakarta Tomcat 3.x4.0 - Error Message Information Disclosure source: https://www.securityfocus.com/bid/3199/info When a malformed request is made for a Java Server Page the server displays an error page. The error page contains potentially sensitive information, along with the absolute path of th...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2001/06/15 12:0 a.m.55 views

Дырки в BestCrypt (non-absolute path, buffer overflow)

При вызове внешнего приложения с повышенными привилегиями используется не абсолютный путь, Кроме того имеются переполнения буфера...

2.2AI score
Exploits0References2Affected Software1
nvd
nvd
added 2000/12/31 5:0 a.m.9 views

CVE-2000-1240

Unspecified vulnerability in siteman.php3 in AnyPortalphp before 22 APR 00 allows remote attackers to obtain sensitive information via unknown attack vectors, which reveal the absolute path. NOTE: the provenance of this information is unknown; the details are obtained from third party information...

5CVSS6.2AI score0.01184EPSS
Exploits0References2
securityvulns
securityvulns
added 2000/08/18 12:0 a.m.20 views

Дырка в htgrep

Используя абсолютный путь можно получить доступ к любому файлу...

7.2AI score
Exploits0References1
cve
cve
added 2000/02/04 5:0 a.m.52 views

CVE-1999-0882

The Falcon web server is affected by CVE-1999-0882: remote attackers can determine the absolute path of the web root by exploiting long file names, revealing an information disclosure issue in path handling. Affected product: Falcon web server (exact versions not specified in the provided documen...

5CVSS7.1AI score0.01897EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder