Lucene search
+L

2385 matches found

Exploit DB
Exploit DB
added 2002/04/16 12:0 a.m.81 views

FileSeek - CGI Script File Disclosure

source: https://www.securityfocus.com/bid/6784/info FileSeek is an example cgi-script from "The CGI/Perl Cookbook from John Wiley & Sons". The script is written and maintained by Craig Patchett. It is mainly used to find and download files on a web server. FileSeek.cgi and FileSeek2.cgi are prone...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2002/03/15 5:0 a.m.25 views

CVE-2001-1092

msgchk in Digital UNIX 4.0G and earlier allows a local user to read the first line of arbitrary files via a symlink attack on the .mhprofile file...

6.2AI score0.01107EPSS
Exploits1References4
CVE
CVE
added 2002/03/15 5:0 a.m.146 views

CVE-2002-0129

The CVE-2002-0129 issue affects efax 0.9 and earlier when installed setuid root. The vulnerability allows local users to read arbitrary files by using the -d option, which prints the file contents in a warning message. The underlying flaw is a local privilege issue that exposes sensitive data (co...

2.1CVSS6.3AI score0.00345EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2002/03/15 5:0 a.m.23 views

CVE-2001-1209

Directory traversal vulnerability in zml.cgi allows remote attackers to read arbitrary files via a .. dot dot in the file parameter...

6.6AI score0.08037EPSS
Exploits1References5
Cvelist
Cvelist
added 2002/03/09 5:0 a.m.32 views

CVE-2000-0006

strace allows local users to read arbitrary files via memory mapped file names...

6.3AI score0.00279EPSS
Exploits0References2
CVE
CVE
added 2002/03/09 5:0 a.m.45 views

CVE-1999-1103

The CVE-1999-1103 issue affects DEC OSF/1 3.2C and earlier where dxconsole allows a local user to read arbitrary files by supplying a -file parameter. The vulnerability is local with low attack complexity and no authentication required, yielding partial confidentiality, integrity, and availabilit...

4.6CVSS7AI score0.00368EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2002/03/09 5:0 a.m.25 views

CVE-2001-0621

The FTP server on Cisco Content Service 11000 series switches CSS before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an FTP user to read and write arbitrary files via GET or PUT commands...

6.6AI score0.01396EPSS
Exploits0References5
Cvelist
Cvelist
added 2002/03/09 5:0 a.m.17 views

CVE-1999-1145

Vulnerability in Glance programs in GlancePlus for HP-UX 10.20 and earlier allows local users to access arbitrary files and gain privileges...

6.7AI score0.00522EPSS
Exploits0References3
CVE
CVE
added 2002/03/09 5:0 a.m.47 views

CVE-1999-1456

Summary : CVE-1999-1456 affects the thttpd HTTP server (version 2.03 and earlier). A remote attacker can read arbitrary files by issuing a GET request where the filename has more than one leading slash (e.g., //path). Affected component : thttpd HTTP server (client request handling/path parsing)....

5CVSS6.7AI score0.01711EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2002/02/07 12:0 a.m.53 views

Oracle 9iAS mod_plsql Encoded Traversal Arbitrary File Access

In a default installation of Oracle 9iAS, it is possible to use the modplsql module to perform a directory traversal attack. This allows attackers to read arbitrary files on the server. %NASLMINLEVEL 70300 This script was written by Matt Moore See the Nessus Scripts License for details Changes by...

5CVSS5.7AI score0.54383EPSS
Exploits0References4
securityvulns
securityvulns
added 2002/02/05 12:0 a.m.48 views

Viewing arbitrary file from the file system using Eshare Expressions 4 server

There is a bug in Expressions server where you can view any file on the drive that the server is installed on by using simple ../../ Example: If eshare server Is installed at: C:eshareexpressions And lets say this is an NT4.0 machine with os installed in c:winnt It is possible to pull win.ini fil...

2.8AI score
Exploits0
exploitpack
exploitpack
added 2002/02/04 12:0 a.m.10 views

Portix-PHP 0.4 - index.php Directory Traversal

Portix-PHP 0.4 - index.php Directory Traversal source: https://www.securityfocus.com/bid/4038/info Portix-PHP is freely available web portal software. It is written in PHP and will run on most Unix and Linux variants. Portix-PHP is prone to directory traversal attacks. The script index.php does n...

Exploits0
Cvelist
Cvelist
added 2002/02/02 5:0 a.m.20 views

CVE-2001-0931

Directory traversal vulnerability in Cooolsoft PowerFTP Server 2.03 allows attackers to list or read arbitrary files and directories via a .. dot dot in 1 LS or 2 GET...

6.6AI score0.04346EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2002/01/25 12:0 a.m.66 views

Apache Win32 ScriptAlias php.exe Arbitrary File Access

A configuration vulnerability exists for PHP.EXE cgi running on Apache for Win32 platforms. It is reported that the installation text recommends configuration options in httpd.conf that create a security vulnerability, allowing arbitrary files to be read from the host running PHP. Remote users ca...

7.5CVSS5.9AI score0.24599EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2002/01/25 12:0 a.m.117 views

FAQManager 'faqmanager.cgi' 'toc' Parameter Arbitrary File Access

FAQManager is a Perl-based CGI for maintaining a list of Frequently Asked Questions. Using a specially crafted URL, a remote attacker can use this CGI to view arbitrary files on the web server. For example: http://www.example.com/cgi-bin/faqmanager.cgi?toc=/etc/passwd%00 %NASLMINLEVEL 70300 This...

5CVSS5.8AI score0.01373EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2002/01/17 12:0 a.m.88 views

PHP Rocket for FrontPage phprocketaddin page Parameter Traversal Arbitrary File Access

There is a vulnerability in the PHP Rocket Add-in for FrontPage that allows a remote attacker to view the contents of any arbitrary file to which the web user has access. This vulnerability exists because the PHP Rocket Add-in does not filter out ../ and is, therefore, susceptible to this directo...

5CVSS5.8AI score0.02012EPSS
Exploits1References1
Exploit DB
Exploit DB
added 2002/01/04 12:0 a.m.75 views

Apache 1.3.20 (Win32) - 'PHP.exe' Remote File Disclosure

source: https://www.securityfocus.com/bid/3786/info A vulnerability exists in the suggested default configuration for the Apache PHP.EXE binary on Microsoft Windows platforms. This issue has the potential to disclose the contents of arbitrary files to remote attackers. As a result, it is possible...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2001/12/31 12:0 a.m.11 views

Abe Timmerman - zml.cgi File Disclosure

Abe Timmerman - zml.cgi File Disclosure source: https://www.securityfocus.com/bid/3759/info zml.cgi is a perl script which can be used to support server side include directives under Apache. It recognizes a simple set of commands, and allows access to cgi parameters and environment variables. It...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2001/12/06 12:0 a.m.206 views

Cisco PIX Firewall Manager (PFM) on Windows Arbitrary File Access

It is possible to read arbitrary files on this machine by using relative paths in the URL. This flaw can be used to bypass the management software's password protection and possibly retrieve the enable password for the Cisco PIX. This vulnerability has been assigned Cisco Bug ID: CSCdk39378...

5CVSS5.8AI score0.01489EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2001/12/03 12:0 a.m.42 views

Interactive Story story.pl next Parameter Traversal Arbitrary File Access

By requesting : GET /cgi-bin/story.pl?next=../../../filetoread%00 An attacker may use this flaw to read arbitrary files on this server. %NASLMINLEVEL 70300 This script was written by Georges Dagousset See the Nessus Scripts License for details Changes by Tenable: - Revised plugin title 1/13/2009 ...

5CVSS5.6AI score0.03669EPSS
Exploits1References1
Rows per page
Query Builder