952 matches found
CVE-2006-6912
SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the userfile or filename parameter...
CVE-2006-6725
Multiple directory traversal vulnerabilities in PHPBuilder 0.0.2 and earlier allow remote attackers to read arbitrary files via a .. dot dot in the filename parameter to 1 lib/htm2php.php and 2 sitetools/htm2php.php. NOTE: The provenance of this information is unknown; the details are obtained...
CVE-2006-6255
Direct static code injection vulnerability in util.php in the NukeAI 0.0.3 Beta module for PHP-Nuke, aka Program E is an AIML chatterbot, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension in the filename parameter and code in the moreinfo...
CVE-2006-3547
EMC VMware Player allows user-assisted attackers to cause a denial of service unrecoverable application failure via a long value of the ide1:0.fileName parameter in the .vmx file of a virtual machine. NOTE: third parties have disputed this issue, saying that write access to the .vmx file enables...
PT-2005-4687 · Php · Php Upload Center
Name of the Vulnerable Software and Affected Versions: PHP Upload Center affected versions not specified Description: A directory traversal issue exists in index.php, allowing remote attackers to read arbitrary files by including "../" sequences in the filename parameter of the vulnerable API...
CVE-2004-2586
CVE-2004-2586 applies to SmarterTools SmarterMail 1.6.1511 and 1.6.1529, where a directory traversal flaw in frmGetAttachment.aspx allows remote attackers to read arbitrary files via the filename parameter. Root cause: insufficient input validation leading to path traversal. The available sources...
CVE-2002-1812
Buffer overflow in gdam123 0.933 and 0.942 allows local users to execute arbitrary code via a long filename parameter...
PT-2004-2917 · Oscommerce · Oscommerce
Name of the Vulnerable Software and Affected Versions: osCommerce version 2.2 Description: A directory traversal issue exists, allowing remote attackers to view arbitrary files by including a .. dot dot in the filename argument of the file manager.php script. Recommendations: For osCommerce versi...
BBS E-Market Professional index.php filename Parameter Traversal Arbitrary File Access
The remote host is running BBS E-Market Professional, a Korean e-commerce application written in PHP.\n There is a directory traversal vulnerability in the 'filename' parameter of '/bemarket/shop/index.php'. A remote attacker could exploit this to read sensitive information on the system...
CVE-2004-0676
Directory traversal vulnerability in Fastream NETFile FTP/Web Server 6.7.2.1085 and earlier allows remote attackers to create or delete arbitrary files via .. dot dot and // double slash sequences in the filename parameter...
PT-2004-1763 · Fastream · Netfile Ftp/Web Server
Name of the Vulnerable Software and Affected Versions: Fastream NETFile FTP/Web Server versions 6.7.2.1085 and earlier Description: A directory traversal issue allows remote attackers to create or delete arbitrary files by using .. dot dot and // double slash sequences in the filename parameter...
CVE-2003-0053
Cross-site scripting XSS vulnerability in parsexml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to insert arbitrary script via the filename parameter, which is inserted into an error message...