Searching paths software vulnerabilities

Buffer overflows in Quake 1.9 client allows rem

malicious | arbitrary | overflows | commands | servers | execute | client | Buffer | remote | allows | Quake | long | via |

Buffer overflows in Quake 1.9 client allows remote malicious servers to execute arbitrary commands via long (1) precache paths, (2) server name, (3) server address, or (4) argument to the map console command.


Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10)

Server | Gene6 | FTP |

Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows attackers to read file attributes outside of the web root via the (1) SIZE and (2) MDTM commands when the "show relative paths" option is not enabled.


Broker FTP server 5.9.5 for Windows NT and 9x a

server | Broker | FTP |

Broker FTP server 5.9.5 for Windows NT and 9x allows a remote attacker to retrieve privileged web server system information by (1) issuing a CD command (CD C:) followed by the LS command, (2) specifying arbitrary paths in the UNC format (\\computername\sharename).


Vignette StoryServer 5 and Vignette V/6 allows

StoryServer | attackers | arbitrary | Vignette | execute | allows | remote | code | via | V/6 | TCL |

Vignette StoryServer 5 and Vignette V/6 allows remote attackers to execute arbitrary TCL code via (1) an HTTP query or cookie which is processed in the NEEDS command, or (2) an HTTP Referrer that is processed in the VALID_PATHS command.


The Administration Console for BEA Tuxedo 8.1 a

Administration | attackers | determine | existence | modified | argument | Console | outside | INIFILE | earlier | allows | remote | Tuxedo | files | paths | root | BEA | web | via |

The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE argument.


mod_cgid in Apache before 2.0.48, when using a

mod_cgid | before | Apache |

mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.


BEA WebLogic Server and Express version 7.0 SP3

authenticated | privileges | execution | incorrect | frequent | WebLogic | contexts | initial | current | version | certain | Express | Server | remote | result | follow | which | paths | could | users | allow | gain | such | user | code | JNDI | BEA | may | SP3 | use |

BEA WebLogic Server and Express version 7.0 SP3 may follow certain code execution paths that result in an incorrect current user, such as in the frequent use of JNDI initial contexts, which could allow remote authenticated users to gain privileges.


rsync before 2.6.1 does not properly sanitize p

before | rsync |

rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path.


The mod_authz_svn module in Subversion 1.0.7 an

mod_authz_svn | Subversion | module |

The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames.


The unix_clean_name function in Samba 2.2.x thr

unix_clean_name | function | through | Samba | 22x |

The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0.2a, trims certain directory names down to absolute paths, which could allow remote attackers to bypass the specified share restrictions and read, write, or list arbitrary files via "/.////" style sequences in pathnames.


Certain third-party packages for CVSup 16.1h, s

/usr/src/packages | world-writable | directories | executables | third-party | malicious | untrusted | libraries | arbitrary | packages | causing | execute | created | Certain | contain | against | fields | users | local | CVSup | RPATH | Linux | paths | could | allow | which | 161h | such | SuSE | code | link | ELF |

Certain third-party packages for CVSup 16.1h, such as SuSE Linux, contain untrusted paths in the ELF RPATH fields of certain executables, which could allow local users to execute arbitrary code by causing cvsup to link against malicious libraries that are created in world-writable directories such as /usr/src/packages.


Directory traversal vulnerability in lstat.cgi

vulnerability | LinuxStat | Directory | traversal | lstatcgi | before |

Directory traversal vulnerability in lstat.cgi in LinuxStat before 2.3.1 allows remote attackers to read arbitrary files via (1) .. (dot dot) sequences or (2) absolute paths to the template parameter.


Firefox before 1.0.1 and Mozilla before 1.7.6 t

Firefox | before |

Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks.


Cheetah 0.9.15 and 0.9.16 searches the /tmp dir

Cheetah |

Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules before using the paths in the PYTHONPATH variable, which allows local users to execute arbitrary code via a malicious module in /tmp/.


slocate before 2.7 does not properly process ve

properly | process | service | slocate | allows | denial | before | which | local | cause | users | paths | does | very | long | not |

slocate before 2.7 does not properly process very long paths, which allows local users to cause a denial of service (updatedb exit and incomplete slocate database) via a certain crafted directory structure.


Multiple unspecified vulnerabilities in lib-com

vulnerabilities | lib-commonphp | unspecified | Multiple | Geeklog |

Multiple unspecified vulnerabilities in lib-common.php in Geeklog 1.4.0 before 1.4.0sr1 and 1.3.11 before 1.3.11sr4 allow remote attackers to include arbitrary local files and execute arbitrary code via (1) absolute paths in unspecified parameters and (2) the language cookie, as demonstrated for code execution using error.log.


The RtlDosPathNameToNtPathName_U API function i

RtlDosPathNameToNtPathName_U | Microsoft | NTDLLDLL | function | Windows | API |

The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software.


The dynamic linker (dyld) in Apple Mac OS X 10.

dynamic | linker |

The dynamic linker (dyld) in Apple Mac OS X 10.4.7 allows local users to execute arbitrary code via an "improperly handled condition" that leads to use of "dangerous paths," probably related to an untrusted search path vulnerability.


PHP remote file inclusion vulnerability in clas

classes/menuphp | Site-Assistant | vulnerability | inclusion | remote | file | PHP |

PHP remote file inclusion vulnerability in classes/menu.php in Site-Assistant 0990 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the paths[version] parameter.


Buffer overflow in tcl/win/tclWinReg.c in Tcl (

tcl/win/tclWinRegc | overflow | Buffer | Tcl |

Buffer overflow in tcl/win/tclWinReg.c in Tcl (Tcl/Tk) before 8.5a6 allows local users to gain privileges via long registry key paths.


Software vulnerabilities results 1 to 20 of 27     
Page: 12