Lucene search
K

3373 matches found

securityvulns
securityvulns
added 2004/04/15 12:0 a.m.33 views

CVS directory traversal

Server can send absolute path to client...

3.3AI score
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2004/04/14 2:0 p.m.7 views

Moderate: Red Hat Security Advisory: : : : Updated CVS packages fix security issue

Updated cvs packages that fix a client vulnerability that could be exploited by a malicious server are now available. Updated Apr 19 2004 The description text has been updated to include CAN-2004-0405 which was also fixed but not mentioned when this advisory was first released. There has been no...

5CVSS5.8AI score0.02354EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2004/04/14 1:59 p.m.27 views

Moderate: Red Hat Security Advisory: cvs security update

Updated cvs packages that fix a client vulnerability that could be exploited by a malicious server are now available. Updated Apr 19 2004 The description text has been updated to include CAN-2004-0405 which was also fixed but not mentioned when this advisory was first released. There has been no...

5CVSS5.8AI score0.02354EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2004/04/14 1:59 p.m.7 views

security flaw

The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405...

2.6CVSS5.9AI score0.01832EPSS
Exploits0References4
CVE
CVE
added 2004/03/18 5:0 a.m.38 views

CVE-2004-0303

Summary: OWLS 1.0 in OWL's Workshop is vulnerable to a remote file disclosure. An attacker can cause the application to disclose arbitrary files by supplying absolute pathnames through specific parameters: the file parameter in /glossaries/index.php, the filename parameter in /readings/index.php,...

5CVSS6.9AI score0.03221EPSS
Exploits1References4
NVD
NVD
added 2003/12/31 5:0 a.m.14 views

CVE-2003-1463

Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 through 2.0.2 allows remote attackers with administrator privileges to 1 determine the installation path by reading the contents of the Name parameter in a link, and 2 read arbitrary files via an absolute path in the Name...

3.5CVSS6.7AI score0.02048EPSS
Exploits0References6
exploitpack
exploitpack
added 2003/10/03 12:0 a.m.18 views

Microsoft Internet Explorer 6 - Absolute Position Block Denial of Service

Microsoft Internet Explorer 6 - Absolute Position Block Denial of Service source: https://www.securityfocus.com/bid/8758/info A problem has been reported in Microsoft Internet Explorer when absolute positioning is used. Because of this, it may be possible to deny service to users of the browser...

7.3AI score
Exploits0
Exploit DB
Exploit DB
added 2003/10/03 12:0 a.m.35 views

Microsoft Internet Explorer 6 - Absolute Position Block Denial of Service

source: https://www.securityfocus.com/bid/8758/info A problem has been reported in Microsoft Internet Explorer when absolute positioning is used. Because of this, it may be possible to deny service to users of the browser. This issue may be due to memory corruption, however, it is known not at th...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2003/09/24 12:0 a.m.23 views

TCLhttpd 3.4.2 - Directory Listing Disclosure

source: https://www.securityfocus.com/bid/8687/info It has been reported that a vulnerability present in TCLHttpd allows for attackers to view the contents of arbitrary directories on affected web servers. According to the report, the input validation implemented to protect against this is...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2003/06/07 12:0 a.m.59 views

Microsoft Internet Explorer - Object Tag (MS03-020)

!/usr/bin/perl Proof of concept exploit on IE 5.x - 6.x by Alumni IE-Object longtype dynamic call oferflow url:// the flaw actually exists in URLMON.DLL when converting backslashes to wide char, this can be seen on stack dump near '&CLSID=AAA...2F2F...'. To exploit: i start server perl script; ii...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2003/03/21 12:0 a.m.26 views

Multiple bonsai bugs

Remote execution of arbitrary commands as www-data, absolute path disclosure, cross site scriptiong attacks, unauthenticated access to parameters page...

5.4AI score
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2003/03/18 5:0 a.m.15 views

CVE-2002-1545

CooolSoft Personal FTP Server 2.24 allows remote attackers to obtain the absolute pathname of the FTP root via a PWD command, which includes the full path in the response...

6.5AI score0.01324EPSS
Exploits0References1
Cvelist
Cvelist
added 2003/03/18 5:0 a.m.17 views

CVE-2002-1423

tmpview.php in FUDforum before 2.2.0 allows remote attackers to read arbitrary files via an absolute pathname in the file parameter...

6.7AI score0.03452EPSS
Exploits1References4
CVE
CVE
added 2003/03/18 5:0 a.m.42 views

CVE-2002-1423

The CVE-2002-1423 issue concerns FUDforum, where tmp_view.php before version 2.2.0 allows remote attackers to read arbitrary files through an absolute pathname supplied in the file parameter. The underlying vulnerability is a path traversal/unsafe file inclusion in the tmp_view.php handler, enabl...

5CVSS7.1AI score0.03452EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2003/03/18 5:0 a.m.40 views

CVE-2002-1525

CVE-2002-1525 concerns a directory traversal vulnerability in the ASTAware SearchDisk engine of Sun ONE Starter Kit 2.0. The flaw allows remote attackers to read arbitrary files via a .. (dot dot) path traversal on ports 6015 or 6016, or through an absolute pathname to port 6017. The available re...

5CVSS7.1AI score0.08052EPSS
Exploits1References3Affected Software2
OSV
OSV
added 2002/12/18 5:0 a.m.3 views

DEBIAN-CVE-2002-1344

Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing 1 /absolute/path or 2 .. dot dot sequences...

5CVSS7AI score0.04249EPSS
Exploits0References1
exploitpack
exploitpack
added 2002/11/08 12:0 a.m.17 views

QNX RTOS 6.2 - Application Packager Non-Explicit Path Execution

QNX RTOS 6.2 - Application Packager Non-Explicit Path Execution source: https://www.securityfocus.com/bid/6146/info A vulnerability has been discovered in an application packager shipped with QNX RTOS. It should be noted that the vulnerable packager is installed setuid root by default. It has bee...

0.1AI score
Exploits0
CVE
CVE
added 2002/08/31 4:0 a.m.53 views

CVE-2002-1034

CVE-2002-1034 affects SunPS iRunbook 2.5.2. The vulnerability is triggered through none.php by supplying an absolute pathname as an argument, enabling remote attackers to read arbitrary files and potentially compromise confidentiality (and integrity per CVSS). The available connected documents pr...

10CVSS7.1AI score0.04349EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2002/07/26 4:0 a.m.13 views

CVE-2002-0446

categorie.php3 in Black Tie Project BTP 0.4b through 0.5b allows remote attackers to determine the absolute path of the web server via an invalid category ID cid parameter, which leaks the pathname in an error message...

5CVSS6.7AI score0.02596EPSS
Exploits1References3
Cvelist
Cvelist
added 2002/06/11 4:0 a.m.16 views

CVE-2002-0524

ASP-Nuke RC2 and earlier allows remote attackers to determine the absolute path of the server by 1 calling database-inc.asp with incorrect cookies, or 2 calling Post.asp with certain arguments, which leak the pathname in an error message...

6.7AI score0.01884EPSS
Exploits0References5
Rows per page
Query Builder