pathnames software vulnerabilities
vulnerabilities.aspcode.net
Searching pathnames software vulnerabilities
abuse.console in Red Hat 2.1 uses relative path
abuseconsole
|
pathnames
|
arbitrary
|
commands
|
relative
|
program
|
execute
|
points
|
allows
|
Trojan
|
users
|
horse
|
local
|
undrv
|
which
|
path
|
uses
|
find
|
Red
|
Hat
|
via
|
abuse.console in Red Hat 2.1 uses relative pathnames to find and execute the undrv program, which allows local users to execute arbitrary commands via a path that points to a Trojan horse program.
The W3C CERN httpd HTTP server allows remote at
nonexistent
|
attackers
|
determine
|
pathnames
|
commands
|
request
|
server
|
allows
|
remote
|
httpd
|
some
|
HTTP
|
real
|
CERN
|
URL
|
W3C
|
via
|
The W3C CERN httpd HTTP server allows remote attackers to determine the real pathnames of some commands via a request for a nonexistent URL.
IncrediMail stores attachments in a directory w
vulnerabilities
|
directories
|
attachments
|
IncrediMail
|
installing
|
attackers
|
pathnames
|
directory
|
software
|
exploit
|
reading
|
easier
|
stores
|
fixed
|
files
|
could
|
which
|
other
|
known
|
name
|
make
|
rely
|
IncrediMail stores attachments in a directory with a fixed name, which could make it easier for attackers to exploit vulnerabilities in other software that rely on installing and reading files from directories with known pathnames.
Eudora 5.1 and earlier versions stores attachme
vulnerabilities
|
directories
|
attachments
|
installing
|
attackers
|
directory
|
pathnames
|
software
|
versions
|
reading
|
exploit
|
earlier
|
stores
|
Eudora
|
easier
|
fixed
|
files
|
known
|
could
|
other
|
which
|
make
|
rely
|
name
|
Eudora 5.1 and earlier versions stores attachments in a directory with a fixed name, which could make it easier for attackers to exploit vulnerabilities in other software that rely on installing and reading files from directories with known pathnames.
The d_path function in Linux kernel 2.2.20 and
function
|
kernel
|
d_path
|
Linux
|
The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and earlier, truncates long pathnames without generating an error, which could allow local users to force programs to perform inappropriate operations on the wrong directories.
Unknown vulnerability in DCE (1) SMIT panels an
vulnerability
|
Unknown
|
DCE
|
Unknown vulnerability in DCE (1) SMIT panels and (2) configuration commands, possibly related to relative pathnames.
The installation procedure for Invision Board s
installation
|
information
|
phpinfophp
|
sensitive
|
procedure
|
pathnames
|
settings
|
Invision
|
suggests
|
absolute
|
install
|
program
|
leaks
|
users
|
Board
|
under
|
which
|
root
|
such
|
PHP
|
web
|
The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and PHP settings.
admbrowse.php in FUDforum before 2.2.0 allows r
admbrowsephp
|
FUDforum
|
before
|
admbrowse.php in FUDforum before 2.2.0 allows remote attackers to create or delete files via URL-encoded pathnames in the cur and dest parameters.
PeopleSoft Gateway Administration servlet (gate
Administration
|
PeopleSoft
|
servlet
|
Gateway
|
PeopleSoft Gateway Administration servlet (gateway.administration) in PeopleTools 8.43 and earlier allows remote attackers to obtain the full pathnames for server-side include (SSI) files via an HTTP request with an invalid value.
The AGate component for SAP Internet Transactio
Transaction
|
component
|
Internet
|
Server
|
AGate
|
SAP
|
The AGate component for SAP Internet Transaction Server (ITS) allows remote attackers to obtain sensitive information via a ~command parameter with an AgateInstallCheck value, which provides a list of installed DLLs and full pathnames.
The client for CVS before 1.11 allows a remote
before
|
client
|
CVS
|
The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405.
SalesLogix 6.1 uses client-specified pathnames
client-specified
|
authenticated
|
SalesLogix
|
arbitrary
|
pathnames
|
certain
|
execute
|
writing
|
remote
|
create
|
users
|
which
|
files
|
allow
|
might
|
code
|
uses
|
via
|
SalesLogix 6.1 uses client-specified pathnames for writing certain files, which might allow remote authenticated users to create arbitrary files and execute code via the (1) vMME.AttachmentPath or (2) vMME.LibraryPath variables.
Multiple directory traversal vulnerabilities in
vulnerabilities
|
containing
|
attackers
|
arbitrary
|
overwrite
|
traversal
|
directory
|
Multiple
|
archive
|
files
|
allow
|
unace
|
ACE
|
12b
|
via
|
Multiple directory traversal vulnerabilities in unace 1.2b allow attackers to overwrite arbitrary files via an ACE archive containing (1) ../ sequences or (2) absolute pathnames.
Absolute path traversal vulnerability in docs/s
docs/showdocsphp
|
vulnerability
|
Coppermine
|
traversal
|
Absolute
|
Gallery
|
Photo
|
path
|
Absolute path traversal vulnerability in docs/showdocs.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via the f parameter, and possibly remote files using UNC share pathnames.
Directory traversal vulnerability in PEAR::Arch
vulnerability
|
traversal
|
Directory
|
Directory traversal vulnerability in PEAR::Archive_Tar 1.2 allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a TAR archive.
Directory traversal vulnerability in zip.lib.ph
vulnerability
|
ziplibphp
|
Directory
|
traversal
|
Directory traversal vulnerability in zip.lib.php 0.1.1 in PEAR::Archive_Zip allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a ZIP archive.
Directory traversal vulnerability in e-merge Wi
vulnerability
|
overwrite
|
attackers
|
arbitrary
|
pathnames
|
traversal
|
Directory
|
e-merge
|
crafted
|
certain
|
earlier
|
remote
|
allows
|
create
|
WinAce
|
files
|
via
|
Directory traversal vulnerability in e-merge WinAce 2.6 and earlier allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a (1) zip or (2) tar archive.
phpBB 2.0.21 does not properly handle pathnames
phpBB
|
phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00.
Directory traversal vulnerability in PentaZip 8
vulnerability
|
traversal
|
Directory
|
PentaZip
|
Directory traversal vulnerability in PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221 allows user-assisted remote attackers to extract files to arbitrary pathnames via a ../ (dot dot slash) in a filename.
Rediff Bol Downloader ActiveX (OCX) control all
Downloader
|
ActiveX
|
Rediff
|
Bol
|
Rediff Bol Downloader ActiveX (OCX) control allows remote attackers to execute arbitrary files, and obtain sensitive information (usernames and pathnames), via a URL in the url vbscript parameter.
Software vulnerabilities results 1 to 20 of 40
Page:
1
2
3
►