12 matches found
The vulnerability of the get_file_from_qtn() function in the router_command.sh script of the Quantenna Wi-Fi chip’s software allows a hacker to execute arbitrary commands.
The vulnerability of the getfilefromqtn function in the routercommand.sh script of the Quantenna Wi-Fi chip’s microprogramming system is related to the implementation or modification of arguments. Exploiting this vulnerability could allow a perpetrator to execute arbitrary commands...
CVE-2002-1855
Macromedia JRun 3.0 through 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot "WEB-INF."...
CVE-2025-25224
The LuxCal Web Calendar prior to 5.3.3M MySQL version and prior to 5.3.3L SQLite version contains a missing authentication vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained...
Arbitrary file deletion
RSA enVision 3.x and 4.x before 4 SP4 P3 allows remote attackers to read arbitrary files via unspecified vectors, related to an "arbitrary file retrieval vulnerability."...
ArsDigita Community System 3.4.x - Directory Traversal
ArsDigita Community System 3.4.x - Directory Traversal source: https://www.securityfocus.com/bid/22121/info ArsDigita Community System is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve...
Apple QuickTimeDarwin Streaming Server 4.1.x - parse_xml.cgi File Disclosure
Apple QuickTimeDarwin Streaming Server 4.1.x - parsexml.cgi File Disclosure source: https://www.securityfocus.com/bid/6990/info A file retrieval vulnerability has been reported for QuickTime/Darwin Streaming Server. The vulnerability exists due to insufficient sanitization of some parameters give...
Apple QuickTime/Darwin Streaming Server 4.1.x - 'parse_xml.cgi' File Disclosure
source: https://www.securityfocus.com/bid/6990/info A file retrieval vulnerability has been reported for QuickTime/Darwin Streaming Server. The vulnerability exists due to insufficient sanitization of some parameters given to the parsexml.cgi script. Information obtained in this manner may be use...
MS02-009: IE VBScript Handling patch (318089)
The remote host is running a version of Internet Explorer that may allow an attacker to read local files on the remote host. To exploit this flaw, an attacker would need to lure a victim on the remote system into visiting a rogue website. C Tenable Network Security, Inc. include"compat.inc"; if...
SIX-webboard 2.01 - File Retrieval
source: https://www.securityfocus.com/bid/3175/info SIX-webboard 2.01 does not filter ".." and "/" from user input, allowing users to enter arbitrary values in order to view or retrieve files not normally accessible to them from the remote host...
Roxen security alert: URL decoding vulnerable
Roxen Webserver 2.0 up to version 2.0.92 and 2.1 up to version 2.1.264 has a vulnerability that allows any user to retrieve any file from the host with the privileges of the web server. Having the CGI-module enabled escalates the problem by making it possible to run any executable. Description In...
Luca Deri ntop 1.2 a7-9 - Unauthorized File Retrieval
Luca Deri ntop 1.2 a7-9 - Unauthorized File Retrieval source: https://www.securityfocus.com/bid/1550/info ntop is a tool that shows the network usage, similar to what the popular top Unix command does. Starting ntop in web mode with the -w parameter starts ntop with it's own built in HTTP server,...
AVM KEN! 1.3.10/1.4.30 - Remote Denial of Service
source: https://www.securityfocus.com/bid/1103/info A remote user on the local network is capable of retrieving any known file from a machine running AVM KEN!. This is accomplished by appending ../ to a URL utilizing port 3128 to escape the regular web file structure, and appending the remaining...