Remote code execution

Array Networks Array AG Series and vxAG 9.4.0.481 and earlier allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09...

CVE-2023-28461

Array Networks Array AG Series and vxAG 9.4.0.481 and earlier allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09...

Directory traversal

Directory traversal in /northstar/Common/NorthFileManager/fileManagerObjects.jsp Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to browse and list the directories across the entire filesystem of the host of the web application...

CVE-2019-14766

Path Traversal in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to browse the server filesystem...

CVE-2017-7646

SolarWinds Log & Event Manager LEM before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within...

CVE-2017-7646

SolarWinds Log & Event Manager (LEM) prior to 6.3.1 Hotfix 4 allows an authenticated user to browse the server filesystem and read arbitrary files. Risk details are not expanded beyond this description in the provided documents. Remediation: upgrade to 6.3.1 Hotfix 4 or newer where indicated.

Portix-PHP 0.4 Index.PHP Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4038/info Portix-PHP is freely available web portal software. It is written in PHP and will run on most Unix and Linux variants. Portix-PHP is prone to directory traversal attacks. The script index.php does not sufficient...

CVE-2007-5450

Unspecified vulnerability in Safari on the Apple iPod touch aka iTouch and iPhone 1.1.1 allows user-assisted remote attackers to cause a denial of service application crash, and enable filesystem browsing by the local user, via a certain TIFF file...

Code injection

Unspecified vulnerability in Safari on the Apple iPod touch aka iTouch and iPhone 1.1.1 allows user-assisted remote attackers to cause a denial of service application crash, and enable filesystem browsing by the local user, via a certain TIFF file...

CVE-2007-5450

CVE-2007-5450 affects Safari on Apple iPod touch and iPhone (v1.1.1). The vulnerability allows user-assisted remote attackers to crash the application and enable local filesystem browsing by processing a crafted TIFF file, exposing a denial-of-service risk and local data exposure. The PT-2007-648...

CVE-2007-5450

Unspecified vulnerability in Safari on the Apple iPod touch aka iTouch and iPhone 1.1.1 allows user-assisted remote attackers to cause a denial of service application crash, and enable filesystem browsing by the local user, via a certain TIFF file...