3373 matches found
CVS directory traversal
Server can send absolute path to client...
Moderate: Red Hat Security Advisory: : : : Updated CVS packages fix security issue
Updated cvs packages that fix a client vulnerability that could be exploited by a malicious server are now available. Updated Apr 19 2004 The description text has been updated to include CAN-2004-0405 which was also fixed but not mentioned when this advisory was first released. There has been no...
Moderate: Red Hat Security Advisory: cvs security update
Updated cvs packages that fix a client vulnerability that could be exploited by a malicious server are now available. Updated Apr 19 2004 The description text has been updated to include CAN-2004-0405 which was also fixed but not mentioned when this advisory was first released. There has been no...
security flaw
The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405...
CVE-2004-0303
Summary: OWLS 1.0 in OWL's Workshop is vulnerable to a remote file disclosure. An attacker can cause the application to disclose arbitrary files by supplying absolute pathnames through specific parameters: the file parameter in /glossaries/index.php, the filename parameter in /readings/index.php,...
CVE-2003-1463
Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 through 2.0.2 allows remote attackers with administrator privileges to 1 determine the installation path by reading the contents of the Name parameter in a link, and 2 read arbitrary files via an absolute path in the Name...
Microsoft Internet Explorer 6 - Absolute Position Block Denial of Service
Microsoft Internet Explorer 6 - Absolute Position Block Denial of Service source: https://www.securityfocus.com/bid/8758/info A problem has been reported in Microsoft Internet Explorer when absolute positioning is used. Because of this, it may be possible to deny service to users of the browser...
Microsoft Internet Explorer 6 - Absolute Position Block Denial of Service
source: https://www.securityfocus.com/bid/8758/info A problem has been reported in Microsoft Internet Explorer when absolute positioning is used. Because of this, it may be possible to deny service to users of the browser. This issue may be due to memory corruption, however, it is known not at th...
TCLhttpd 3.4.2 - Directory Listing Disclosure
source: https://www.securityfocus.com/bid/8687/info It has been reported that a vulnerability present in TCLHttpd allows for attackers to view the contents of arbitrary directories on affected web servers. According to the report, the input validation implemented to protect against this is...
Microsoft Internet Explorer - Object Tag (MS03-020)
!/usr/bin/perl Proof of concept exploit on IE 5.x - 6.x by Alumni IE-Object longtype dynamic call oferflow url:// the flaw actually exists in URLMON.DLL when converting backslashes to wide char, this can be seen on stack dump near '&CLSID=AAA...2F2F...'. To exploit: i start server perl script; ii...
Multiple bonsai bugs
Remote execution of arbitrary commands as www-data, absolute path disclosure, cross site scriptiong attacks, unauthenticated access to parameters page...
CVE-2002-1545
CooolSoft Personal FTP Server 2.24 allows remote attackers to obtain the absolute pathname of the FTP root via a PWD command, which includes the full path in the response...
CVE-2002-1423
tmpview.php in FUDforum before 2.2.0 allows remote attackers to read arbitrary files via an absolute pathname in the file parameter...
CVE-2002-1423
The CVE-2002-1423 issue concerns FUDforum, where tmp_view.php before version 2.2.0 allows remote attackers to read arbitrary files through an absolute pathname supplied in the file parameter. The underlying vulnerability is a path traversal/unsafe file inclusion in the tmp_view.php handler, enabl...
CVE-2002-1525
CVE-2002-1525 concerns a directory traversal vulnerability in the ASTAware SearchDisk engine of Sun ONE Starter Kit 2.0. The flaw allows remote attackers to read arbitrary files via a .. (dot dot) path traversal on ports 6015 or 6016, or through an absolute pathname to port 6017. The available re...
DEBIAN-CVE-2002-1344
Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing 1 /absolute/path or 2 .. dot dot sequences...
QNX RTOS 6.2 - Application Packager Non-Explicit Path Execution
QNX RTOS 6.2 - Application Packager Non-Explicit Path Execution source: https://www.securityfocus.com/bid/6146/info A vulnerability has been discovered in an application packager shipped with QNX RTOS. It should be noted that the vulnerable packager is installed setuid root by default. It has bee...
CVE-2002-1034
CVE-2002-1034 affects SunPS iRunbook 2.5.2. The vulnerability is triggered through none.php by supplying an absolute pathname as an argument, enabling remote attackers to read arbitrary files and potentially compromise confidentiality (and integrity per CVSS). The available connected documents pr...
CVE-2002-0446
categorie.php3 in Black Tie Project BTP 0.4b through 0.5b allows remote attackers to determine the absolute path of the web server via an invalid category ID cid parameter, which leaks the pathname in an error message...
CVE-2002-0524
ASP-Nuke RC2 and earlier allows remote attackers to determine the absolute path of the server by 1 calling database-inc.asp with incorrect cookies, or 2 calling Post.asp with certain arguments, which leak the pathname in an error message...