192 matches found
CVE-2001-0211
Directory traversal vulnerability in WebSPIRS 3.1 allows remote attackers to read arbitrary files via a .. dot dot attack on the sp.nextform parameter...
CVE-2001-0202
Picserver web server allows remote attackers to read arbitrary files via a .. dot dot attack in an HTTP GET request...
CVE-2001-0042
PHP 3.x PHP3 on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. dot dot attack containing "%5c" encoded backslash sequences...
CVE-2001-0074
Directory traversal vulnerability in print.cgi in Technote allows remote attackers to read arbitrary files via a .. dot dot attack in the board parameter...
CVE-2001-0074
Directory traversal vulnerability in print.cgi in Technote allows remote attackers to read arbitrary files via a .. dot dot attack in the board parameter...
CVE-2001-0074
CVE-2001-0074 is a directory traversal vulnerability in print.cgi of Technote that allows remote attackers to read arbitrary files via a .. path in the board parameter. The issue arises from unvalidated path handling in the CGI script, enabling partial confidentiality impact. Public references de...
CVE-2000-0853
YaBB Bulletin Board 9.1.2000 allows remote attackers to read arbitrary files via a .. dot dot attack...
CVE-2000-0900
Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a "%2e%2e" string, a variation of the .. dot dot attack...
CVE-2000-0565
The CVE-2000-0565 entry affects SmartFTP Daemon 0.2 and describes a local-privilege issue where an attacker can access arbitrary files by uploading and specifying an alternate user configuration file through a .. path traversal. The underlying cause is a dot-dot (../) traversal during file handli...
CVE-2000-0810
Auction Weaver 1.0 through 1.04 does not properly validate the names of form fields, which allows remote attackers to delete arbitrary files and directories via a .. dot dot attack...
CVE-2000-1005
The CVE-2000-1005 entry concerns directory traversal in eXtropia WebStore CGI scripts (html_web_store.cgi and web_store.cgi). An attacker can read arbitrary files by supplying a .. (dot dot) path in the page parameter, enabling remote file disclosure. The vulnerability is evidenced by multiple so...
CVE-2000-0853
YaBB Bulletin Board vulnerability (CVE-2000-0853) affects YaBB.pl: an input validation flaw in the file parameter (num) allows remote attackers to read arbitrary server files via path traversal (e.g., ../../../../../../../../etc/passwd%00) and the .txt suffix handling. This enables reading files ...
CVE-2000-0992
CVE-2000-0992 is linked to a directory traversal vulnerability in scp for OpenSSH, with the SUSE page noting OpenSSH before 3.4p1 and that this may be a rediscovery of CVE-2000-0992. The connected documents do not provide full technical details (exact affected versions, root cause specifics, or a...
CVE-2000-0810
Auction Weaver (LITE) versions 1.0–1.04 suffer a form-field name validation flaw that allows remote attackers to delete arbitrary files and directories via a dot-dot path traversal. The underlying issue is improper validation of input names, enabling remote exploitation without authentication. Im...
CVE-2000-0900
Summary: CVE-2000-0900 affects thttpd’s built-in ssi CGI when used with versions 2.19 and earlier. A remote attacker can exploit a directory traversal flaw by using encoded path sequences (e.g., %2e%2e) to read arbitrary files via the ssi handler. The issue is identical to an encoded traversal vu...
CVE-2000-0811
CVE-2000-0811 affects Auction Weaver 1.0–1.04 (Auction Weaver LITE) and stems from improper validation of directory traversal strings (..), enabling remote attackers to read arbitrary files through the username or bidfile fields. Affected products include CGI Script Center’s Auction Weaver LITE r...
CVE-2000-1176
Directory traversal vulnerability in YaBB search.pl CGI script allows remote attackers to read arbitrary files via a .. dot dot attack in the "catsearch" form field...
CVE-2000-1101
Directory traversal vulnerability in Winsock FTPd WFTPD 3.00 and 2.41 with the "Restrict to home directory" option enabled allows local users to escape the home directory via a "/../" string, a variation of the .. dot dot attack...
DEBIAN-CVE-2000-0992
Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. dot dot attack...
CVE-2000-0992
Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. dot dot attack...