3 matches found
Xaraya index.php module Parameter Traversal Arbitrary File/Directory Manipulation
The version of Xaraya installed on the remote host does not sanitize input to the 'module' parameter of the 'index.php' script before using it to write to files on the affected host. Using a specially crafted request, an unauthenticated attacker can create directories and possibly overwrite...
CVE-2005-3929
Directory traversal vulnerability in the create function in xarMLSXML2PHPBackend.php in Xaraya 1.0 allows remote attackers to create directories and overwrite arbitrary files via ".." sequences in the module parameter to index.php...
CVE-2005-3929
The CVE-2005-3929 entry covers a directory traversal in Xaraya 1.0. The vulnerable component is the create function path in xarMLSXML2PHPBackend.php and the index.php module parameter handling. Due to insufficient input sanitization, an unauthenticated, remote attacker can craft a request that us...