Lucene search
K

952 matches found

NVD
NVD
added 2006/12/31 5:0 a.m.19 views

CVE-2006-6912

SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the userfile or filename parameter...

7.5CVSS8.5AI score0.00991EPSS
Exploits0References5
NVD
NVD
added 2006/12/26 9:28 p.m.14 views

CVE-2006-6725

Multiple directory traversal vulnerabilities in PHPBuilder 0.0.2 and earlier allow remote attackers to read arbitrary files via a .. dot dot in the filename parameter to 1 lib/htm2php.php and 2 sitetools/htm2php.php. NOTE: The provenance of this information is unknown; the details are obtained...

5CVSS6.6AI score0.01549EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2006/12/04 11:28 a.m.2 views

CVE-2006-6255

Direct static code injection vulnerability in util.php in the NukeAI 0.0.3 Beta module for PHP-Nuke, aka Program E is an AIML chatterbot, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension in the filename parameter and code in the moreinfo...

7.5CVSS6.1AI score0.02348EPSS
Exploits1References4
NVD
NVD
added 2006/07/13 12:5 a.m.16 views

CVE-2006-3547

EMC VMware Player allows user-assisted attackers to cause a denial of service unrecoverable application failure via a long value of the ide1:0.fileName parameter in the .vmx file of a virtual machine. NOTE: third parties have disputed this issue, saying that write access to the .vmx file enables...

5.5CVSS6.6AI score0.00872EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2005/12/01 12:0 a.m.4 views

PT-2005-4687 · Php · Php Upload Center

Name of the Vulnerable Software and Affected Versions: PHP Upload Center affected versions not specified Description: A directory traversal issue exists in index.php, allowing remote attackers to read arbitrary files by including "../" sequences in the filename parameter of the vulnerable API...

5CVSS9.3AI score0.03051EPSS
Exploits1References7
CVE
CVE
added 2005/11/28 11:0 p.m.40 views

CVE-2004-2586

CVE-2004-2586 applies to SmarterTools SmarterMail 1.6.1511 and 1.6.1529, where a directory traversal flaw in frmGetAttachment.aspx allows remote attackers to read arbitrary files via the filename parameter. Root cause: insufficient input validation leading to path traversal. The available sources...

5CVSS7.1AI score0.01932EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2005/06/28 4:0 a.m.23 views

CVE-2002-1812

Buffer overflow in gdam123 0.933 and 0.942 allows local users to execute arbitrary code via a long filename parameter...

7.5AI score0.01123EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2004/12/31 12:0 a.m.5 views

PT-2004-2917 · Oscommerce · Oscommerce

Name of the Vulnerable Software and Affected Versions: osCommerce version 2.2 Description: A directory traversal issue exists, allowing remote attackers to view arbitrary files by including a .. dot dot in the filename argument of the file manager.php script. Recommendations: For osCommerce versi...

5CVSS6.6AI score0.03797EPSS
Exploits1References11
Tenable Nessus
Tenable Nessus
added 2004/09/21 12:0 a.m.38 views

BBS E-Market Professional index.php filename Parameter Traversal Arbitrary File Access

The remote host is running BBS E-Market Professional, a Korean e-commerce application written in PHP.\n There is a directory traversal vulnerability in the 'filename' parameter of '/bemarket/shop/index.php'. A remote attacker could exploit this to read sensitive information on the system...

5.6AI score
Exploits0References1
Cvelist
Cvelist
added 2004/07/13 4:0 a.m.18 views

CVE-2004-0676

Directory traversal vulnerability in Fastream NETFile FTP/Web Server 6.7.2.1085 and earlier allows remote attackers to create or delete arbitrary files via .. dot dot and // double slash sequences in the filename parameter...

6.8AI score0.0429EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2004/07/13 12:0 a.m.4 views

PT-2004-1763 · Fastream · Netfile Ftp/Web Server

Name of the Vulnerable Software and Affected Versions: Fastream NETFile FTP/Web Server versions 6.7.2.1085 and earlier Description: A directory traversal issue allows remote attackers to create or delete arbitrary files by using .. dot dot and // double slash sequences in the filename parameter...

10CVSS6.9AI score0.0429EPSS
Exploits1References6
NVD
NVD
added 2003/03/07 5:0 a.m.28 views

CVE-2003-0053

Cross-site scripting XSS vulnerability in parsexml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to insert arbitrary script via the filename parameter, which is inserted into an error message...

4.3CVSS5.5AI score0.01817EPSS
Exploits0References4
Rows per page
Query Builder