Searching path software vulnerabilities

Untrusted search path vulnerability in day5data

day5datacopier | vulnerability | environment | arbitrary | malicious | Untrusted | variable | modified | commands | execute | program | search | points | allows | local | users | path | IRIX | via | SGI |

Untrusted search path vulnerability in day5datacopier in SGI IRIX 6.2 allows local users to execute arbitrary commands via a modified PATH environment variable that points to a malicious cp program.


Ceilidh allows remote attackers to obtain the r

translated_path | attackers | directory | Ceilidh | hidden | remote | allows | obtain | field | form | real | path | via |

Ceilidh allows remote attackers to obtain the real path of the Ceilidh directory via the translated_path hidden form field.


Jakarta Tomcat 3.1 under Apache reveals physica

information | generates | attacker | includes | requests | physical | message | reveals | Jakarta | Tomcat | remote | Apache | which | exist | under | error | path | does | not | URL |

Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.


AIX sysback before 4.2.1.13 uses a relative pat

sysback | before | AIX |

AIX sysback before 4.2.1.13 uses a relative path to find and execute the hostname program, which allows local users to gain privileges by modifying the path to point to a malicious hostname program.


itetris/xitetris 1.6.2 and earlier trusts the P

itetris/xitetris |

itetris/xitetris 1.6.2 and earlier trusts the PATH environmental variable to find and execute the gunzip program, which allows local users to gain root privileges by changing their PATH so that it points to a malicious gunzip program.


HSWeb 2.0 HTTP server allows remote attackers t

attackers | directory | browsing | physical | enabled | request | obtain | server | allows | remote | HSWeb | which | /cgi/ | list | HTTP | path | via |

HSWeb 2.0 HTTP server allows remote attackers to obtain the physical path of the server via a request to the /cgi/ directory, which will list the path if directory browsing is enabled.


PHP, when not configured with the "display_erro

"display_errors | configured | accessible | directive | attackers | physical | modifies | directly | trailing | produces | contains | request | setting | program | message | include | allows | remote | obtain | causes | phpini | error | which | slash | fail | path | Off" | base | file | PHP | not | via |

PHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, causes the include directive to fail, and produces an error message that contains the path.


PHPNetToolpack 0.1 relies on its environment's

PHPNetToolpack | environment's | traceroute | privileges | inserting | execute | program | search | relies | Trojan | users | horse | local | could | which | allow | PATH | into | gain | find | its |

PHPNetToolpack 0.1 relies on its environment's PATH to find and execute the traceroute program, which could allow local users to gain privileges by inserting a Trojan horse program into the search path.


Buffer overflows in (1) circle_poly, (2) path_e

overflows | Buffer |

Buffer overflows in (1) circle_poly, (2) path_encode and (3) path_add (also incorrectly identified as path_addr) for PostgreSQL 7.2.3 and earlier allow attackers to cause a denial of service and possibly execute arbitrary code, possibly as a result of an integer overflow.


14all.cgi 1.1p15 in mrtgconfig allows remote at

mrtgconfig | generates | determine | attackers | parameter | directory | physical | 14allcgi | invalid | request | reveals | message | allows | remote | 11p15 | which | error | root | path | cfg | web | via |

14all.cgi 1.1p15 in mrtgconfig allows remote attackers to determine the physical path to the web root directory via a request with an invalid cfg parameter, which generates an error message that reveals the path.


zenTrack 2.0.3 and earlier allows remote attack

zenTrack |

zenTrack 2.0.3 and earlier allows remote attackers to obtain the full path to the web root via an invalid ticket ID, which leaks the path in an error message.


phpCOIN 1.2.2 allows remote attackers to obtain

phpCOIN |

phpCOIN 1.2.2 allows remote attackers to obtain the installation path via a direct request to config.php, which leaks the path in an error message because the _CCFG['_PKG_PATH_DBSE'] variable is not defined.


MyTopix 1.2.3 allows remote attackers to obtain

MyTopix |

MyTopix 1.2.3 allows remote attackers to obtain the installation path via a direct request to logon.mod.php, which leaks the path in an error message.


CuteNews 1.4.1 and possibly other versions allo

CuteNews |

CuteNews 1.4.1 and possibly other versions allows remote attackers to obtain the installation path via unspecified vectors involving an invalid file path.


Absolute path traversal vulnerability in index.

vulnerability | directories | PhP-Gallery | arbitrary | parameter | traversal | attackers | Absolute | indexphp | 321soft | browse | allows | remote | path | via |

Absolute path traversal vulnerability in index.php in 321soft PhP-Gallery 0.9 allows remote attackers to browse arbitrary directories via the path parameter.


index.php in singapore 0.10.0 and earlier allow

singapore | indexphp |

index.php in singapore 0.10.0 and earlier allows remote attackers to obtain the installation path via an invalid template parameter, which reveals the path in an error message.


Untrusted search path vulnerability in acctctl

vulnerability | Untrusted | acctctl | search | path | AIX | IBM |

Untrusted search path vulnerability in acctctl in IBM AIX 5.3.0 allows local users to execute arbitrary commands by modifying the path to point to a malicious mkdir program.


Multiple PHP remote file inclusion vulnerabilit

vulnerabilities | PHPmybibli | inclusion | Multiple | remote | file | PHP |

Multiple PHP remote file inclusion vulnerabilities in PHPmybibli 3.0.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) class_path, (2) javascript_path, and (3) include_path parameters in (a) cart.php; the (4) class_path parameter in (b) index.php; the (5) javascript_path parameter in (c) edit.php; the (6) include_path parameter in (d) circ.php; unspecified parameters in (e) select.php; and unspecified parameters in other files.


Untrusted search path vulnerability in Rumpus 5

vulnerability | privileges | Untrusted | malicious | modified | earlier | program | search | points | allows | Rumpus | users | local | ipfw | path | gain | via |

Untrusted search path vulnerability in Rumpus 5.1 and earlier allows local users to gain privileges via a modified PATH that points to a malicious ipfw program.


** DISPUTED ** Multiple PHP remote file inclus

vulnerabilities | b2evolution | inclusion | attackers | arbitrary | DISPUTED | Multiple | execute | remote | allow | code | file | URL | via | PHP |

** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in b2evolution allow remote attackers to execute arbitrary PHP code via a URL in the (1) inc_path parameter to (a) a_noskin.php, (b) a_stub.php, (c) admin.php, (d) contact.php, (e) default.php, (f) index.php, and (g) multiblogs.php in blogs/; the (2) view_path and (3) control_path parameters to blogs/admin.php; and the (4) skins_path parameter to (h) blogs/contact.php and (i) blogs/multiblogs.php. NOTE: this issue is disputed by CVE, since the inc_path, view_path, control_path, and skins_path variables are all initialized in conf/_advanced.php before they are used.


Software vulnerabilities results 1 to 20 of 1416     
Page: 12345...71