19 matches found
EUVD-2010-0776
Malware in sbrugna...
EUVD-2007-5928
Malware in sbrugna...
EUVD-2017-0245
Malware in sbrugna...
EUVD-2016-6050
Malware in sbrugna...
EUVD-2018-2968
Malware in sbrugna...
EUVD-1999-1206
Malware in sbrugna...
EUVD-2022-2067
Malicious code in bioql PyPI...
CVE-2025-46704 Advantech iView Path Traversal
A vulnerability exists in Advantech iView in NetworkServlet.processImportRequest that could allow for a directory traversal attack. This issue requires an authenticated attacker with at least user-level privileges. A specific parameter is not properly sanitized or normalized, potentially allowing...
Windows NTFS - Privileged File Access Enumeration
Windows NTFS - Privileged File Access Enumeration + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-NTFS-PRIVILEGED-FILE-ACCESS-ENUMERATION.txt + ISR: ApparitionSec Vendor www.microsoft.com Product Windows...
CoreFTP SFTP Server/FTP Server Path Traversal Vulnerability
CoreFTP SFTP Server/FTP Server is a file transfer server. A path traversal vulnerability exists in CoreFTP Server FTP/SFTP Server version 2 build 674, which can be exploited by an attacker to browse outside the root directory and determine the existence of files with the help of the '....' sequen...
Directory traversal
Directory traversal vulnerability in actionpack/lib/actiondispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when servestaticassets is enabled, allows remote attackers to determine the existence o...
Error pages can be used to guess local file paths – Opera Security Advisories
Remote web pages should not be able to detect what files a user has on their local machine. Certain error pages do not apply this restriction correctly, allowing web pages to produce an error page where a script can run. The script can then use various events to detect whether files on the user’s...
openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1613)
New icedtea update to fix : - ICCProfile file existence detection information leak; CVE-2009-3728: CVSS v2 Base Score: 5.0 - BMP parsing DoS with UNC ICC links; CVE-2009-3885: CVSS v2 Base Score: 5.0 - resurrected classloaders can still have children; CVE-2009-3881: CVSS v2 Base Score: 7.5 -...
CVE-2009-0843
The msLoadQuery function in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to determine the existence of arbitrary files via a full pathname in the queryfile parameter, which triggers different error messages depending on whether this pathname exists...
CVE-2006-3360
Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 allows remote attackers to determine the existence of arbitrary files via a .. dot dot sequence and a trailing null %00 byte in the lng parameter, which will display a different error message if the file exists...
PT-2005-1945 · Adobe · Svg Viewer
Name of the Vulnerable Software and Affected Versions: Adobe SVG Viewer versions 3.02 and earlier Description: The issue allows remote attackers to determine the existence of arbitrary files by setting the src property to the target filename and using Javascript to determine if the web page...
Linux Kernel 2.2.x/2.4.x - I/O System Call File Existence
/ source: https://www.securityfocus.com/bid/7279/info A weakness has been discovered on various systems that may result in an attacker gaining information pertaining to the existence of inaccessible files. The problem lies in the return times when attempting to access existent and non-existent...
Linux Kernel 2.2.x2.4.x - IO System Call File Existence
Linux Kernel 2.2.x2.4.x - IO System Call File Existence / source: https://www.securityfocus.com/bid/7279/info A weakness has been discovered on various systems that may result in an attacker gaining information pertaining to the existence of inaccessible files. The problem lies in the return time...
CVE-2000-1117
The Extended Control List ECL feature of the Java Virtual Machine JVM in Lotus Notes Client R5 allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method...