110 matches found
PT-2004-1119 · Unarj · Unarj
Name of the Vulnerable Software and Affected Versions: unarj affected versions not specified Description: The issue is related to a directory traversal vulnerability in the -x extract command line option. This vulnerability allows remote attackers to overwrite arbitrary files by using an arj...
CVE-2002-1385
openwebmailinit in Open WebMail 1.81 and earlier allows local users to execute arbitrary code via .. dot dot sequences in a login name, such as the name provided in the sessionid parameter for openwebmail-abook.pl, which is used to find a configuration file that specifies additional code to be...
DEBIAN-CVE-2004-0405
CVS before 1.11 allows CVS clients to read arbitrary files via .. dot dot sequences in filenames via CVS client requests, a different vulnerability than CVE-2004-0180...
CVE-2004-0405
CVS before 1.11 allows CVS clients to read arbitrary files via .. dot dot sequences in filenames via CVS client requests, a different vulnerability than CVE-2004-0180...
CVE-2004-0405
CVE-2004-0405 and related CVEs affect CVS up to version 1.11.x. The Debian/Mandrake/Gentoo/Nessus advisories describe two issues: (1) CVS pserver can be abused to view files outside the repository root by using relative pathnames containing ‘..’ (CVE-2004-0405); (2) CVS servers/clients can simila...
security flaw
CVS before 1.11 allows CVS clients to read arbitrary files via .. dot dot sequences in filenames via CVS client requests, a different vulnerability than CVE-2004-0180...
CVE-2003-0417
CVE-2003-0417 describes a directory traversal vulnerability in Son hServer 0.2 that allows a remote attacker to read arbitrary files using modified dot-dot sequences (".|."). The issue affects the server component of Son hServer and is triggered via crafted requests that bypass normal path checks...
DEBIAN-CVE-2002-1344
Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing 1 /absolute/path or 2 .. dot dot sequences...
PT-2002-2004 · Care 2002 · Care 2002
Name of the Vulnerable Software and Affected Versions: CARE 2002 versions prior to beta 1.0.02 Description: The issue allows remote attackers to read arbitrary files via .. dot dot sequences and null characters in the lang parameter, which is processed by a call to the include function...
CVE-2001-1217
CVE-2001-1217 describes a directory traversal vulnerability in the PL/SQL Apache module (mod_plsql/mod_plsql) of Oracle 9i Application Server. The issue allows remote attackers to read sensitive files outside the web server’s root by crafting a request with double URL encoded sequences (..). Affe...