3 matches found
A file handle created in fuse_lib_opendir and later used in fuse_lib_readdir enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite.
...
CVE-2006-4754
Cross-site scripting XSS vulnerability in index.php in PHProg before 1.1 allows remote attackers to inject arbitrary web script or HTML via the album parameter, which is used in an opendir call. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that revea...
CVE-2006-4754
PHProg before 1.1 has a Cross-site Scripting (XSS) flaw in index.php, exploitable via the album parameter used in an opendir call. The same issue can enable full path disclosure with an invalid album value that reveals the installation path in error messages. Affected software: PHProg versions pr...