2 matches found
CVE-2006-0707
PyBlosxom before 1.3.2, when running on certain webservers, allows remote attackers to read arbitrary files via an HTTP request with multiple leading / slash characters, which is accessed using the PATHINFO variable...
CVE-2006-0707
CVE-2006-0707 affects PyBlosxom before 1.3.2. On certain web servers, a crafted HTTP request with multiple leading slashes (PATH_INFO) allows remote attackers to read arbitrary files. The vulnerability stems from how PATH_INFO is interpreted by the application, enabling a path traversal-like acce...