Searching relative software vulnerabilities

abuse.console in Red Hat 2.1 uses relative path

abuseconsole | pathnames | arbitrary | commands | relative | program | execute | points | allows | Trojan | users | horse | local | undrv | which | path | uses | find | Red | Hat | via |

abuse.console in Red Hat 2.1 uses relative pathnames to find and execute the undrv program, which allows local users to execute arbitrary commands via a path that points to a Trojan horse program.


AIX sysback before 4.2.1.13 uses a relative pat

sysback | before | AIX |

AIX sysback before 4.2.1.13 uses a relative path to find and execute the hostname program, which allows local users to gain privileges by modifying the path to point to a malicious hostname program.


Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10)

Server | Gene6 | FTP |

Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows attackers to read file attributes outside of the web root via the (1) SIZE and (2) MDTM commands when the "show relative paths" option is not enabled.


Unknown vulnerability in DCE (1) SMIT panels an

vulnerability | Unknown | DCE |

Unknown vulnerability in DCE (1) SMIT panels and (2) configuration commands, possibly related to relative pathnames.


Macromedia Flash Plugin before 6,0,47,0 allows

Macromedia | Plugin | before | Flash |

Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via (1) an HTTP redirect, (2) a "file://" base in a web document, or (3) a relative URL from a web archive (mht file).


Joe Testa hellbent 01 allows remote attackers t

attackers | determine | directory | generates | includes | hellbent | relative | request | root's | remote | allows | parent | which | Testa | root | path | full | Joe | GET | via | web |

Joe Testa hellbent 01 allows remote attackers to determine the full path of the web root directory via a GET request with a relative path that includes the root's parent, which generates a 403 error message if the parent is incorrect, but a normal response if the parent is correct.


PHP remote file inclusion vulnerability in (1)

vulnerability | inclusion | remote | file | PHP |

PHP remote file inclusion vulnerability in (1) config.php and (2) config_page.php for EasyDynamicPages 2.0 allows remote attackers to execute arbitrary PHP code by modifying the edp_relative_path parameter to reference a URL on a remote web server that contains a malicious serverdata.php script.


Directory traversal vulnerability in Oracle Rep

vulnerability | attackers | arbitrary | traversal | Directory | absolute | relative | Reports | allows | Oracle | remote | files | path | read | via |

Directory traversal vulnerability in Oracle Reports allows remote attackers to read arbitrary files via an absolute or relative path to the (1) CUSTOMIZE or (2) desformat parameters to rwservlet. NOTE: vector 2 is probably the same as CVE-2006-0289, and fixed in Jan 2006 CPU.


Multiple directory traversal vulnerabilities in

vulnerabilities | traversal | directory | Multiple | Icewarp | Server | MERAK | 824r | Mail | Web |

Multiple directory traversal vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allows remote attackers to (1) delete arbitrary files or directories via a relative path to the id parameter to logout.html or (2) include arbitrary PHP files or other files via the helpid parameter to help.html.


Directory traversal vulnerability in Google Min

vulnerability | existence | attackers | determine | resulting | comparing | arbitrary | Appliance | traversal | Directory | messages | relative | possibly | remote | allows | Search | Google | sheet | error | files | style | Mini | path | then | via |

Directory traversal vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to determine the existence of arbitrary files via a relative path from a style sheet directory, then comparing the resulting error messages.


SQL injection vulnerability in index.php in Rel

vulnerability | injection | Relative | indexphp | Systems | Estate | Real | SQL |

SQL injection vulnerability in index.php in Relative Real Estate Systems 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the mls parameter.


Mozilla Firefox before 1.5.0.1, Thunderbird 1.5

Firefox | Mozilla | before |

Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to operate on freed memory.


BEA WebLogic Server and WebLogic Express 8.1 th

forwarding | attackers | WebLogic | relative | properly | servlets | service | through | Express | denial | remote | allows | handle | Server | which | cause | does | use | BEA | not | SP6 | SP4 |

BEA WebLogic Server and WebLogic Express 8.1 through SP4 and 7.0 through SP6 does not properly handle when servlets use relative forwarding, which allows remote attackers to cause a denial of service (slowdown) via unknown attack vectors that cause "looping stack overflow errors."


PHP remote file inclusion vulnerability in incl

relative_script_path | includes/configphp | vulnerability | attackers | parameter | arbitrary | inclusion | execute | allows | Jetbox | remote | code | file | CMS | PHP | via | URL |

PHP remote file inclusion vulnerability in includes/config.php in Jetbox CMS 2.1 allows remote attackers to execute arbitrary code via a URL in the relative_script_path parameter.


PHP remote file inclusion vulnerability in phpt

vulnerability | includes_path | phpthumbphp | attackers | parameter | arbitrary | inclusion | execute | allows | Jetbox | remote | code | file | CMS | PHP | via | URL |

PHP remote file inclusion vulnerability in phpthumb.php in Jetbox CMS allows remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter. NOTE: The relative_script_path vector is already covered by CVE-2006-2270.


PHP remote file inclusion vulnerability in incl

includes/user_standardphp | vulnerability | relative_root | CMSmelborp | attackers | parameter | arbitrary | inclusion | execute | remote | allows | code | Beta | file | PHP | via | URL |

PHP remote file inclusion vulnerability in includes/user_standard.php in CMSmelborp Beta allows remote attackers to execute arbitrary PHP code via a URL in the relative_root parameter.


download.php in Joonas Viljanen JV2 Folder Gall

config/gallerysetupphp | demonstrated | downloadphp | parameter | sensitive | attackers | Viljanen | pathname | relative | Gallery | Folder | Joonas | allows | remote | files | file | read | JV2 | via |

download.php in Joonas Viljanen JV2 Folder Gallery allows remote attackers to read sensitive files via a relative pathname in the file parameter, as demonstrated by config/gallerysetup.php. NOTE: this issue might be resultant from a directory traversal vulnerability.


download.php in FD Script 1.3.2 and earlier all

downloadphp | Script |

download.php in FD Script 1.3.2 and earlier allows remote attackers to read source of files under the web document root with certain extensions, including .php, via a relative pathname in the fname parameter, as demonstrated by downloading config.php.


The CERN Image Map Dispatcher (htimage.exe) in

Dispatcher | Image | CERN | Map |

The CERN Image Map Dispatcher (htimage.exe) in Microsoft FrontPage allows remote attackers to determine the existence, and possibly partial contents, of arbitrary files under the web root via a relative pathname in the PATH_INFO.


Unspecified vulnerability in uFMOD before 1.2.5

vulnerability | Unspecified | before | uFMOD |

Unspecified vulnerability in uFMOD before 1.2.5 has unknown impact and attack vectors, possibly related to malformed files, and possibly an integer signedness error for relative note instruments.


Software vulnerabilities results 1 to 20 of 26     
Page: 12