6 matches found
EUVD-2006-6848
Malware in sbrugna...
CVE-2006-6865
The CVE-2006-6865 entry describes a directory traversal in SoftArtisans FileUp (SAFileUp) 5.0.14. An attacker can read arbitrary files by supplying a path parameter containing a Unicode-encoded dot-dot ( %c0%ae ), bypassing the normal ".." sequence checks in SAFileUpSamples/util/viewsrc.asp. The ...
CVE-2006-6865
Directory traversal vulnerability in SAFileUpSamples/util/viewsrc.asp in SoftArtisans FileUp SAFileUp 5.0.14 allows remote attackers to read arbitrary files via a %c0%ae. Unicode dot dot in the path parameter, which bypasses the checks for ".." sequences...
SoftArtisans FileUp Viewsrc.ASP目录遍历漏洞
SoftArtisans FileUp是一款基于ASP的WEB应用程序。 SoftArtisans FileUp不正确过滤用户提交的输入,远程攻击者可以利用漏洞上传任意脚本以WEB权限查看系统文件内容。 问题是'Viewsrc.asp'脚本对用户提交的WEB参数缺少过滤,提交类似'%c0%ae./'编码的数据作为参数,可绕过WEB ROOT限制,以WEB权限查看系统文件内容。 SoftArtisans FileUp 5.0.14 目前没有解决方案提供: http://www.componentsource.com/publishersite.asp?p=511435%2F15054...
SoftArtisans FileUp(TM) viewsrc.asp remote script source disclosure exploit
Inge Henriksen Security Advisory - Full Disclosure Proof of Concept at http://ingehenriksen.blogspot.com/ Advisory Name: SoftArtisans FileUpTM viewsrc.asp remote script source disclosure exploit Tested and Confirmed Vulerable: SoftArtisans SAFileUpTM 5.0.14 Standard Severity: High Type: Script...
SoftArtisans SAFileUp 5.0.14 - 'viewsrc.asp' Script Source Disclosure
SoftArtisans FileUp viewsrc.asp remote script source disclosure exploit Advisory Name: SoftArtisans FileUpTM viewsrc.asp remote script source disclosure exploit Tested and Confirmed Vulerable: SoftArtisans SAFileUpTM 5.0.14 Standard Severity: High Type: Script source disclosure From where: Remote...