CVE-2004-0303

OWLS 1.0 allows remote attackers to retrieve arbitrary files via absolute pathnames in 1 the file parameter in /glossaries/index.php, 2 the filename parameter in /readings/index.php, or 3 the filename parameter in /multiplechoice/resultsignore.php, as demonstrated using /etc/passwd...

CVE-2004-0302

Directory traversal vulnerability in OWLS 1.0 allows remote attackers to read arbitrary files via a .. dot dot in the 1 file parameter in index.php, 2 editfile in glossary.php, or 3 editfile in newmultiplechoice.php...

CVE-2004-0303

OWLS 1.0 allows remote attackers to retrieve arbitrary files via absolute pathnames in 1 the file parameter in /glossaries/index.php, 2 the filename parameter in /readings/index.php, or 3 the filename parameter in /multiplechoice/resultsignore.php, as demonstrated using /etc/passwd...

ZH2004-08SA.txt

ZH2004-08SA security advisory: OWLS 1.0 Remote arbitrary files retrieving Discovered: 05 january 2004 Vendor contacted: 07 january 2004 Published: 18 february 2004 Name: OWLS Affected Systems: 1.0 Issue: Remote file retrieving Author: G00db0y from Zone-h Security Labs - [email protected] -...