Lucene search
K

669 matches found

CVE
CVE
added 2003/12/10 5:0 a.m.74 views

CVE-2003-0977

CVE-2003-0977 affects the CVS server prior to 1.11.10, where malformed module requests could cause the server to create directories and files in the filesystem root. The issue is documented across multiple advisories (e.g., RHSA-2004:004, MDKSA-2003:112-1, DSA 422-1) with a common remediation: up...

7.5CVSS7.4AI score0.02294EPSS
Exploits0References15Affected Software1
securityvulns
securityvulns
added 2003/10/28 12:0 a.m.28 views

[Full-Disclosure] Bytehoard File Disclosure VUlnerability Sequel

So I'm sure this passed over your inboxes in some form or another.... http://www.securiteam.com/unixfocus/6L00L008KE.html Just a standard directory traversal attack in an open source, fixed rapidly like any good open source project. Except that nobody really looked too hard at the software, try...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2003/05/29 12:0 a.m.50 views

Postnuke: path disclosure (0.7.2.3 and prior)

Intro. What is PostNuke ? PostNuke is a weblog/Content Management System CMS. It is far more secure and stable than competing products. Home Page: http://www.postnuke.com && A vulnerability have been found in Postnuke v0.7.2.3-Phoenix & prior which allow users to determine the physical path of th...

1AI score
Exploits0
securityvulns
securityvulns
added 2003/03/28 12:0 a.m.42 views

PostNuke Sensitive Information Disclosure

Title: PostNuke path disclosure, and... db name. Version: 0.7.2.3-Phoenix other Problem: A vulnerability have been found in Postnuke v0.7.2.3-Phoenix which allow users to determine the physical path of this cms. This vulnerability would allow a remote user to determine the full path to the web ro...

1.1AI score
Exploits0
NVD
NVD
added 2002/12/31 5:0 a.m.19 views

CVE-2002-2094

Joe Testa hellbent 01 allows remote attackers to determine the full path of the web root directory via a GET request with a relative path that includes the root's parent, which generates a 403 error message if the parent is incorrect, but a normal response if the parent is correct...

5CVSS6.7AI score0.02715EPSS
Exploits1References3
securityvulns
securityvulns
added 2002/07/03 12:0 a.m.34 views

Root directory access in Cisco Secure ACS

By adding additional slah to URL after hostname it's possible to address root folder...

1.6AI score
Exploits0References1Affected Software1
Exploit DB
Exploit DB
added 2002/05/17 12:0 a.m.24 views

Hosting Controller 1.4 - Import Root Directory Command Execution

source: https://www.securityfocus.com/bid/4761/info Hosting Controller is an application which consolidates all hosting tasks into one interface. Hosting Controller runs on Microsoft Windows operating systems. The Import Root Directory improotdir.asp script does not force an authentication...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2002/02/07 12:0 a.m.25 views

AtheOS 0.3.7 - Change Root Directory Escaping

AtheOS 0.3.7 - Change Root Directory Escaping / source: https://www.securityfocus.com/bid/4051/info AtheOS is a freely available, open source operating system. It is distributed under the GPL, and maintained by the AtheOS project. It is possible to escape change rooted directories on AtheOS. Due ...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2002/02/07 12:0 a.m.33 views

AtheOS 0.3.7 - Change Root Directory Escaping

/ source: https://www.securityfocus.com/bid/4051/info AtheOS is a freely available, open source operating system. It is distributed under the GPL, and maintained by the AtheOS project. It is possible to escape change rooted directories on AtheOS. Due to insufficient handling of relative pathes, a...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2002/01/14 12:0 a.m.47 views

Ошибка в RaidenFTP

При попытке обращения к файлу в корневом каталоге файл удаляется...

0.2AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2002/01/14 12:0 a.m.59 views

RaidenFTPD v2.2 Arbitrary File Deletion Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 RaidenFTPD v2.2 Arbitrary File Deletion Vulnerability Type: Delete Arbitrary Files Release Date: January 13, 2002 Product / Vendor: RaidenFTPD ftp server solution for Win95/98/NT/2000 http://www.raidenftpd.com/en/ Summary: A vulnerability exists in...

6.5AI score
Exploits0
NVD
NVD
added 2001/10/18 4:0 a.m.10 views

CVE-2001-0758

Directory traversal vulnerability in Shambala 4.5 allows remote attackers to escape the FTP root directory via "CWD ..." command...

7.5CVSS6.7AI score0.04181EPSS
Exploits0References1
CVE
CVE
added 2001/10/12 4:0 a.m.59 views

CVE-2001-0758

Summary: CVE-2001-0758 describes a directory traversal vulnerability in Shambala 4.5 that allows remote attackers to escape the FTP root directory using the CWD command. The connected documents corroborate this description, identifying the affected product as Shambala 4.5 and the attack vector as...

7.5CVSS7.1AI score0.04181EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2001/08/22 4:0 a.m.19 views

CVE-2001-0626

O'Reilly Website Professional 2.5.4 and earlier allows remote attackers to determine the physical path to the root directory via a URL request containing a ":" character...

7.5CVSS6.5AI score0.07023EPSS
Exploits1References3
exploitpack
exploitpack
added 2001/06/21 12:0 a.m.12 views

1C: Arcadia Internet Store 1.0 - Arbitrary File Disclosure

1C: Arcadia Internet Store 1.0 - Arbitrary File Disclosure source: https://www.securityfocus.com/bid/2902/info 1C: Arcadia Internet Store is a online shopping utility for Microsoft Windows NT/2000 that is fully integratable with 1C: Enterprise, another popular Russian web-commerce utility. One of...

Exploits0
securityvulns
securityvulns
added 2001/05/26 12:0 a.m.51 views

Дырка в clean-tmps в FreeBSD

Можно удалить любые файлы в корневом каталоге...

0.3AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2001/05/26 12:0 a.m.28 views

4.3 Security: local DoS via clean-tmps

Tested in 4.3-RELEASE only: If /etc/periodic/daily/clean-tmps is enabled, then it's possible for any local user to trick it into calling unlink or rmdir on anything in the root directory. The problem is that "find -delete" can be made to do chdir".." multiple times followed by unlink and/or rmdir...

Exploits0
NVD
NVD
added 2001/05/24 4:0 a.m.22 views

CVE-2001-0749

Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to read arbitrary files via a webserver root directory set to system root...

7.5CVSS6.7AI score0.01727EPSS
Exploits1References3
securityvulns
securityvulns
added 2001/03/05 12:0 a.m.224 views

Faststream FTP++ Client 2 Beta 11 (build in server) Vulnerability

Faststram FTP built in server responds with the real path of directory instead of a virtual one.It is possible to get files outside of root.dir. e:crap was used as root directory 1. directory path 230 User anonymous logged in. ftp pwd 257 "/E:/crap/" is current directory. 2. getting files from...

0.3AI score
Exploits0
exploitpack
exploitpack
added 2001/02/12 12:0 a.m.9 views

Brightstation Muscat 1.0 - Full Path Disclosure

Brightstation Muscat 1.0 - Full Path Disclosure source: https://www.securityfocus.com/bid/2374/info Making an invalid request to a machine running Brightstation Muscat, will disclose the physical path to the root directory. http://target/cgi-bin/empower?DB=UkRteamHole...

0.2AI score
Exploits0
Rows per page
Query Builder