126 matches found
CVE-2016-0867
CAREL PlantVisorEnhanced allows remote attackers to bypass intended access restrictions via a direct file request...
Server side request forgery (ssrf)
CAREL PlantVisorEnhanced allows remote attackers to bypass intended access restrictions via a direct file request...
CVE-2016-0867
CAREL PlantVisorEnhanced allows remote attackers to bypass intended access restrictions via a direct file request...
CVE-2016-1490
The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows remote attackers to obtain sensitive file names via a crafted file request to /list...
XLight FTP Server 1.52 Remote Send File Request Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9668/info A remote denial of service vulnerability has been reported to exist in the Send File Request functionality of the XLight FTP server. Due to this issue a remote attacker may be able cause the affected server to...
SHOUTcast <= 1.9.4 File Request Format String Exploit (Leaked)
No description provided by source. / Shoutcast = 1.9.4 exploit by crash-x Trys to upload the shellcode to a fixed address and execute it. This exploit was not written bei Simon 'Zodiac' Moser segfault.ch. / include stdio.h include stdlib.h include stdarg.h include string.h include sys/types.h...
CA Erwin Web Portal directory traversal
File request is not checked...
CVE-2013-3426
The Serviceability servlet on Cisco 9900 IP phones does not properly restrict paths, which allows remote attackers to read arbitrary files by specifying a pathname in a file request, aka Bug ID CSCuh52810...
Cross site request forgery (csrf)
The Serviceability servlet on Cisco 9900 IP phones does not properly restrict paths, which allows remote attackers to read arbitrary files by specifying a pathname in a file request, aka Bug ID CSCuh52810...
Cyberoam Central Console 2.00.2 - Remote File Inclusion
Cyberoam Central Console 2.00.2 - Remote File Inclusion Title: ====== Cyberoam Central Console v2.00.2 - File Include Vulnerability Date: ===== 2012-02-08 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=405 VL-ID: ===== 405 Introduction: ============= Cyberoam Central...
CVE-2011-3808
The Bug Genie 2.1.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/svnintegration/config.inc.php and certain other files...
CVE-2011-3706
ATutor 2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by users/toolsettings.inc.php and certain other files...
Novell NetStorage buffer overflow
Heap buffer overflow on file request processing...
Code injection
curl/interface.c in the cURL library aka libcurl in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safemode and openbasedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563...
CVE-2007-4850
curl/interface.c in the cURL library aka libcurl in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safemode and openbasedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563...
Adobe Flash Player ActionScript SecurityErrorEvent绕过安全限制漏洞
BUGTRAQ ID: 25260 CVECAN ID: CVE-2007-4324 Flash Player是一款非常流行的FLASH播放器。 Flash Player中的ActionScript 3(AS3)允许远程攻击者通过指定了连接的SWF电影绕过安全沙盒模型获得敏感信息并端口扫描任意主机,然后使用SecurityErrorEvent错误的定时差异判断端口是否开放。 AS3 Adobe引入了新的套接字相关事件SecurityErrorEvent。当Flash Player试图连接到关闭的TCP端口时会立即出现SecurityErrorEvent,如果服务在监听该端口Flash...
CVE-2003-1394
CoffeeCup Software Password Wizard 4.0 stores sensitive information such as usernames and passwords in a .apw file under the web document root with insufficient access control, which allows remote attackers to obtain that information via a direct request for the file...
Design flaw in AS3 socket handling allows port probing
Design flaw in AS3 socket handling allows port probing Summary Due to a design flaw in ActionScript 3 socket handling, compiled Flash movies are able to scan for open TCP ports on any host reachable from the host running the SWF, bypassing the Flash Player Security Sandbox Model and without the...
Adobe JRun / ColdFusion DoS
Denial of service under IIS Server on file request to JRun root folder...
Design/Logic Flaw
Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root...