Searching requested software vulnerabilities

Directory traversal vulnerability in AOLserver

vulnerability | arbitrary | attackers | inserting | requested | AOLserver | traversal | Directory | pathname | modified | earlier | allows | remote | files | read | into |

Directory traversal vulnerability in AOLserver 3.2 and earlier allows remote attackers to read arbitrary files by inserting "..." into the requested pathname, a modified .. (dot dot) attack.


Directory traversal vulnerability in Soft Lite

vulnerability | ServerWorx | Directory | traversal | Lite | Soft |

Directory traversal vulnerability in Soft Lite ServerWorx 3.00 allows remote attackers to read arbitrary files by inserting a .. (dot dot) or ... into the requested pathname of an HTTP GET request.


FaSTream FTP++ Server 2.0 allows remote attacke

directories | attackers | arbitrary | including | FaSTream | command | Server | allows | remote | letter | drive | FTP++ | using | name | list | "ls" |

FaSTream FTP++ Server 2.0 allows remote attackers to list arbitrary directories by using the "ls" command and including the drive letter name (e.g. C:) in the requested pathname.


IBM WCS (WebSphere Commerce Suite) 4.0.1 with A

WCS | IBM |

IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL.


Directory traversal vulnerability in the web se

vulnerability | Directory | traversal | server | web |

Directory traversal vulnerability in the web server for (1) Elron Internet Manager (IM) Message Inspector and (2) Anti-Virus before 3.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the requested URL.


Various Intrusion Detection Systems (IDS) inclu

Detection | Intrusion | Systems | Various |

Various Intrusion Detection Systems (IDS) including (1) Cisco Secure Intrusion Detection System, (2) Cisco Catalyst 6000 Intrusion Detection System Module, (3) Dragon Sensor 4.x, (4) Snort before 1.8.1, (5) ISS RealSecure Network Sensor 5.x and 6.x before XPU 3.2, and (6) ISS RealSecure Server Sensor 5.5 and 6.0 for Windows, allow remote attackers to evade detection of HTTP attacks via non-standard "%u" Unicode encoding of ASCII characters in the requested URL.


Baltimore Technologies WEBsweeper 4.02, when us

Technologies | WEBsweeper | Baltimore |

Baltimore Technologies WEBsweeper 4.02, when used to manage URL blacklists, allows remote attackers to bypass blacklist restrictions and connect to unauthorized web servers by modifying the requested URL, including (1) a // (double slash), (2) a /SUBDIR/.. where the desired file is in the parentdir, (3) a /./, or (4) URL-encoded characters.


KTH Kerberos IV and Kerberos V (Heimdal) for Te

Kerberos | KTH |

KTH Kerberos IV and Kerberos V (Heimdal) for Telnet clients do not encrypt connections if the server does not support the requested encryption, which allows remote attackers to read communications via a man-in-the-middle attack.


Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS

Allaire | JRun |

Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.


secure_inc.php in PhotoDB 1.4 allows remote att

authentication | secure_incphp | rmtusername | accesslevel | rmtpassword | requested | non-empty | parameter | attackers | PhotoDB | remote | allows | access | bypass | lower | large | level | page | Time | than | via | URL |

secure_inc.php in PhotoDB 1.4 allows remote attackers to bypass authentication via a URL with a large Time parameter, non-empty rmtusername and rmtpassword parameter, and an accesslevel parameter that is lower than the access level of the requested page.


mailpost.exe in MailPost 5.1.1sv, and possibly

mailpostexe | attackers | versions | possibly | MailPost | service | earlier | denial | allows | remote | 511sv | cause |

mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash), leak sensitive pathname information in the resulting error message, and execute a cross-site scripting (XSS) attack via an HTTP request that contains a / (backslash) and arbitrary webscript before the requested file, which leaks the pathname and does not quote the script in the resulting Visual Basic error message.


MailPost 5.1.1sv, and possibly earlier versions

information | attackers | different | sensitive | depending | requested | possibly | MailPost | displays | versions | whether | earlier | message | allows | remote | exists | error | 511sv | which | file | gain | not |

MailPost 5.1.1sv, and possibly earlier versions, displays a different error message depending on whether the requested file exists or not, which allows remote attackers to gain sensitive information.


Directory traversal vulnerability in pdesk.cgi

vulnerability | terminated | attackers | arbitrary | sequences | Directory | traversal | portions | possibly | PerlDesk | pdeskcgi | execute | modules | remote | allows | files | read | Perl | %00 | via |

Directory traversal vulnerability in pdesk.cgi in PerlDesk allows remote attackers to read portions of arbitrary files and possibly execute arbitrary Perl modules via ".." sequences terminated by a %00 (null) character in the lang parameter, which can leak portions of the requested files if a compilation error message occurs.


Incomplete blacklist vulnerability in Mailsite

vulnerability | attachments | extensions | executable | Incomplete | requested | directory | blacklist | converted | dangerous | attackers | Mailsite | directly | possibly | Express | execute | remote | allows | upload | files | other | which | cache | such | ASPX | like | via | TXT | can | not |

Incomplete blacklist vulnerability in Mailsite Express allows remote attackers to upload and possibly execute files via attachments with executable extensions such as ASPX, which are not converted to .TXT like other dangerous extensions, and which can be directly requested from the cache directory.


VirtueMart before 1.0.1 does not properly handl

VirtueMart | before |

VirtueMart before 1.0.1 does not properly handle errors when a user is forbidden to read a requested page, which has unknown impact and remote attack vectors.


The fill_write_buffer function in sysfs/file.c

fill_write_buffer | sysfs/filec | function | kernel | Linux |

The fill_write_buffer function in sysfs/file.c in Linux kernel 2.6.12 up to versions before 2.6.17-rc1 does not zero terminate a buffer when a length of PAGE_SIZE or more is requested, which might allow local users to cause a denial of service (crash) by causing an out-of-bounds read.


The bundle API in CoreFoundation in Apple Mac O

CoreFoundation | bundle | Apple | Mac | API |

The bundle API in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6 loads dynamic libraries even if the client application has not directly requested it, which allows attackers to execute arbitrary code from an untrusted bundle.


Directory traversal vulnerability in the AVM IG

vulnerability | Directory | traversal | FritzDSL | Service | CTRL | AVM | IGD |

Directory traversal vulnerability in the AVM IGD CTRL Service in Fritz!DSL 02.02.29 allows remote attackers to read arbitrary files via ..%5C (URL-encoded dot dot backslash) sequences in a URI requested from the AR7 webserver.


Safari in Apple iPhone 1.1.1, when requested to

iPhone | Safari | Apple |

Safari in Apple iPhone 1.1.1, when requested to disable Javascript, does not disable it until Safari is restarted, which might leave Safari open to attacks that the user does not expect.


Mozilla Firefox 2.0.x can automatically install

automatically | certificates | interaction | activities | requesting | requested | Mozilla | minimal | install | Firefox | domains | easier | remote | across | client | sites | track | other | these | sends | which | makes | user | can | 20x | web | TLS |

Mozilla Firefox 2.0.x can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains.


Software vulnerabilities results 1 to 20 of 24     
Page: 12